From 77bad31064a122577707cc1be4464c77e530ceb8 Mon Sep 17 00:00:00 2001 From: Gauthier Roebroeck Date: Wed, 17 Apr 2024 16:38:58 +0800 Subject: [PATCH] fix(api): library access is not properly applied in some cases for admins Closes: #1470 --- .../org/gotson/komga/domain/model/KomgaUser.kt | 13 +++++++------ .../interfaces/api/ContentRestrictionChecker.kt | 2 +- .../komga/interfaces/api/opds/v1/OpdsController.kt | 2 +- .../komga/interfaces/api/opds/v2/Opds2Controller.kt | 2 +- .../komga/interfaces/api/rest/LibraryController.kt | 2 +- .../komga/interfaces/api/rest/SeriesController.kt | 2 +- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/komga/src/main/kotlin/org/gotson/komga/domain/model/KomgaUser.kt b/komga/src/main/kotlin/org/gotson/komga/domain/model/KomgaUser.kt index 4386b58641..5d609f1901 100644 --- a/komga/src/main/kotlin/org/gotson/komga/domain/model/KomgaUser.kt +++ b/komga/src/main/kotlin/org/gotson/komga/domain/model/KomgaUser.kt @@ -45,10 +45,10 @@ data class KomgaUser( fun getAuthorizedLibraryIds(libraryIds: Collection?): Collection? = when { // limited user & libraryIds are specified: filter on provided libraries intersecting user's authorized libraries - !sharedAllLibraries && libraryIds != null -> libraryIds.intersect(sharedLibrariesIds) + !canAccessAllLibraries() && libraryIds != null -> libraryIds.intersect(sharedLibrariesIds) // limited user: filter on user's authorized libraries - !sharedAllLibraries && libraryIds == null -> sharedLibrariesIds + !canAccessAllLibraries() && libraryIds == null -> sharedLibrariesIds // non-limited user & libraryIds are specified: filter on provided libraries libraryIds != null -> libraryIds @@ -57,12 +57,13 @@ data class KomgaUser( else -> null } + fun canAccessAllLibraries(): Boolean = sharedAllLibraries || roleAdmin + fun canAccessLibrary(libraryId: String): Boolean = - sharedAllLibraries || sharedLibrariesIds.any { it == libraryId } + canAccessAllLibraries() || sharedLibrariesIds.any { it == libraryId } - fun canAccessLibrary(library: Library): Boolean { - return sharedAllLibraries || sharedLibrariesIds.any { it == library.id } - } + fun canAccessLibrary(library: Library): Boolean = + canAccessAllLibraries() || sharedLibrariesIds.any { it == library.id } fun isContentAllowed( ageRating: Int? = null, diff --git a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/ContentRestrictionChecker.kt b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/ContentRestrictionChecker.kt index da0b7d34c3..4b54c5e714 100644 --- a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/ContentRestrictionChecker.kt +++ b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/ContentRestrictionChecker.kt @@ -59,7 +59,7 @@ class ContentRestrictionChecker( komgaUser: KomgaUser, bookId: String, ) { - if (!komgaUser.sharedAllLibraries) { + if (!komgaUser.canAccessAllLibraries()) { bookRepository.getLibraryIdOrNull(bookId)?.let { if (!komgaUser.canAccessLibrary(it)) throw ResponseStatusException(HttpStatus.FORBIDDEN) } ?: throw ResponseStatusException(HttpStatus.NOT_FOUND) diff --git a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v1/OpdsController.kt b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v1/OpdsController.kt index 598759ee9f..bab1bb1b91 100644 --- a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v1/OpdsController.kt +++ b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v1/OpdsController.kt @@ -429,7 +429,7 @@ class OpdsController( @AuthenticationPrincipal principal: KomgaPrincipal, ): OpdsFeed { val libraries = - if (principal.user.sharedAllLibraries) { + if (principal.user.canAccessAllLibraries()) { libraryRepository.findAll() } else { libraryRepository.findAllByIds(principal.user.sharedLibrariesIds) diff --git a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v2/Opds2Controller.kt b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v2/Opds2Controller.kt index d8fa712c25..3f1d58e13c 100644 --- a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v2/Opds2Controller.kt +++ b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/opds/v2/Opds2Controller.kt @@ -134,7 +134,7 @@ class Opds2Controller( principal: KomgaPrincipal, ): FeedGroupDto { val libraries = - if (principal.user.sharedAllLibraries) { + if (principal.user.canAccessAllLibraries()) { libraryRepository.findAll() } else { libraryRepository.findAllByIds(principal.user.sharedLibrariesIds) diff --git a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/LibraryController.kt b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/LibraryController.kt index 6fe1790f15..359100673f 100644 --- a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/LibraryController.kt +++ b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/LibraryController.kt @@ -53,7 +53,7 @@ class LibraryController( fun getAll( @AuthenticationPrincipal principal: KomgaPrincipal, ): List = - if (principal.user.sharedAllLibraries) { + if (principal.user.canAccessAllLibraries()) { libraryRepository.findAll() } else { libraryRepository.findAllByIds(principal.user.sharedLibrariesIds) diff --git a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/SeriesController.kt b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/SeriesController.kt index 90bdab4442..009e6b800c 100644 --- a/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/SeriesController.kt +++ b/komga/src/main/kotlin/org/gotson/komga/interfaces/api/rest/SeriesController.kt @@ -745,7 +745,7 @@ class SeriesController( * @throws[ResponseStatusException] if the user cannot access the content */ private fun KomgaUser.checkContentRestriction(seriesId: String) { - if (!sharedAllLibraries) { + if (!canAccessAllLibraries()) { seriesRepository.getLibraryId(seriesId)?.let { if (!canAccessLibrary(it)) throw ResponseStatusException(HttpStatus.FORBIDDEN) } ?: throw ResponseStatusException(HttpStatus.NOT_FOUND)