fix(api): library access is not properly applied in some cases for ad…

…mins

Closes: #1470

komga/src/main/kotlin/org/gotson/komga/domain/model/KomgaUser.kt

@@ -45,10 +45,10 @@ data class KomgaUser(
   fun getAuthorizedLibraryIds(libraryIds: Collection<String>?): Collection<String>? =
     when {
       // limited user & libraryIds are specified: filter on provided libraries intersecting user's authorized libraries
-      !sharedAllLibraries && libraryIds != null -> libraryIds.intersect(sharedLibrariesIds)
+      !canAccessAllLibraries() && libraryIds != null -> libraryIds.intersect(sharedLibrariesIds)
 
       // limited user: filter on user's authorized libraries
-      !sharedAllLibraries && libraryIds == null -> sharedLibrariesIds
+      !canAccessAllLibraries() && libraryIds == null -> sharedLibrariesIds
 
       // non-limited user & libraryIds are specified: filter on provided libraries
       libraryIds != null -> libraryIds
@@ -57,12 +57,13 @@ data class KomgaUser(
       else -> null
     }
 
+  fun canAccessAllLibraries(): Boolean = sharedAllLibraries || roleAdmin
+
   fun canAccessLibrary(libraryId: String): Boolean =
-    sharedAllLibraries || sharedLibrariesIds.any { it == libraryId }
+    canAccessAllLibraries() || sharedLibrariesIds.any { it == libraryId }
 
-  fun canAccessLibrary(library: Library): Boolean {
-    return sharedAllLibraries || sharedLibrariesIds.any { it == library.id }
-  }
+  fun canAccessLibrary(library: Library): Boolean =
+    canAccessAllLibraries() || sharedLibrariesIds.any { it == library.id }
 
   fun isContentAllowed(
     ageRating: Int? = null,

komga/src/main/kotlin/org/gotson/komga/interfaces/api/ContentRestrictionChecker.kt

@@ -59,7 +59,7 @@ class ContentRestrictionChecker(
     komgaUser: KomgaUser,
     bookId: String,
   ) {
-    if (!komgaUser.sharedAllLibraries) {
+    if (!komgaUser.canAccessAllLibraries()) {
       bookRepository.getLibraryIdOrNull(bookId)?.let {
         if (!komgaUser.canAccessLibrary(it)) throw ResponseStatusException(HttpStatus.FORBIDDEN)
       } ?: throw ResponseStatusException(HttpStatus.NOT_FOUND)

komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v1/OpdsController.kt

@@ -429,7 +429,7 @@ class OpdsController(
     @AuthenticationPrincipal principal: KomgaPrincipal,
   ): OpdsFeed {
     val libraries =
-      if (principal.user.sharedAllLibraries) {
+      if (principal.user.canAccessAllLibraries()) {
         libraryRepository.findAll()
       } else {
         libraryRepository.findAllByIds(principal.user.sharedLibrariesIds)

komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v2/Opds2Controller.kt

@@ -134,7 +134,7 @@ class Opds2Controller(
     principal: KomgaPrincipal,
   ): FeedGroupDto {
     val libraries =
-      if (principal.user.sharedAllLibraries) {
+      if (principal.user.canAccessAllLibraries()) {
         libraryRepository.findAll()
       } else {
         libraryRepository.findAllByIds(principal.user.sharedLibrariesIds)

komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/LibraryController.kt

@@ -53,7 +53,7 @@ class LibraryController(
   fun getAll(
     @AuthenticationPrincipal principal: KomgaPrincipal,
   ): List<LibraryDto> =
-    if (principal.user.sharedAllLibraries) {
+    if (principal.user.canAccessAllLibraries()) {
       libraryRepository.findAll()
     } else {
       libraryRepository.findAllByIds(principal.user.sharedLibrariesIds)

komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/SeriesController.kt

@@ -745,7 +745,7 @@ class SeriesController(
    * @throws[ResponseStatusException] if the user cannot access the content
    */
   private fun KomgaUser.checkContentRestriction(seriesId: String) {
-    if (!sharedAllLibraries) {
+    if (!canAccessAllLibraries()) {
       seriesRepository.getLibraryId(seriesId)?.let {
         if (!canAccessLibrary(it)) throw ResponseStatusException(HttpStatus.FORBIDDEN)
       } ?: throw ResponseStatusException(HttpStatus.NOT_FOUND)