mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-26 02:39:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update:Express middleware sets req.user to new data model, openid permissions functions moved to new data model

Browse source
This commit is contained in:
advplyr 2024-08-11 16:07:29 -05:00
parent 29a15858f4
commit 2472b86284
29 changed files with 474 additions and 430 deletions
Download patch file Download diff file Expand all files Collapse all files

17
server/controllers/SeriesController.js
View file

@ -6,8 +6,7 @@ const libraryItemsBookFilters = require('../utils/queries/libraryItemsBookFilter
/**
* @typedef RequestUserObjects
* @property {import('../models/User')} userNew
* @property {import('../objects/user/User')} user
* @property {import('../models/User')} user
*
* @typedef {Request & RequestUserObjects} RequestWithUser
*/
@ -37,7 +36,7 @@ class SeriesController {
if (include.includes('progress')) {
const libraryItemsInSeries = req.libraryItemsInSeries
const libraryItemsFinished = libraryItemsInSeries.filter((li) => {
return req.userNew.getMediaProgress(li.media.id)?.isFinished
return req.user.getMediaProgress(li.media.id)?.isFinished
})
seriesJson.progress = {
libraryItemIds: libraryItemsInSeries.map((li) => li.id),
@ -81,17 +80,17 @@ class SeriesController {
/**
* Filter out any library items not accessible to user
*/
const libraryItems = await libraryItemsBookFilters.getLibraryItemsForSeries(series, req.userNew)
const libraryItems = await libraryItemsBookFilters.getLibraryItemsForSeries(series, req.user)
if (!libraryItems.length) {
Logger.warn(`[SeriesController] User "${req.userNew.username}" attempted to access series "${series.id}" with no accessible books`)
Logger.warn(`[SeriesController] User "${req.user.username}" attempted to access series "${series.id}" with no accessible books`)
return res.sendStatus(404)
}
if (req.method == 'DELETE' && !req.userNew.canDelete) {
Logger.warn(`[SeriesController] User "${req.userNew.username}" attempted to delete without permission`)
if (req.method == 'DELETE' && !req.user.canDelete) {
Logger.warn(`[SeriesController] User "${req.user.username}" attempted to delete without permission`)
return res.sendStatus(403)
} else if ((req.method == 'PATCH' || req.method == 'POST') && !req.userNew.canUpdate) {
Logger.warn(`[SeriesController] User "${req.userNew.username}" attempted to update without permission`)
} else if ((req.method == 'PATCH' || req.method == 'POST') && !req.user.canUpdate) {
Logger.warn(`[SeriesController] User "${req.user.username}" attempted to update without permission`)
return res.sendStatus(403)
}