From 6c21c0ae1d2bab6a5acdc02df7d65ba053e22a3f Mon Sep 17 00:00:00 2001 From: Ro Santalla Date: Wed, 3 Jul 2024 19:40:43 +0200 Subject: [PATCH] feat(handlers/playlist): allow playlist sharing --- server/ctrlsubsonic/handlers_playlist.go | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/server/ctrlsubsonic/handlers_playlist.go b/server/ctrlsubsonic/handlers_playlist.go index 1e4afa74..89fd9fe7 100644 --- a/server/ctrlsubsonic/handlers_playlist.go +++ b/server/ctrlsubsonic/handlers_playlist.go @@ -35,7 +35,7 @@ func (c *Controller) ServeGetPlaylists(r *http.Request) *spec.Response { if err != nil { return spec.NewError(0, "error reading playlist %q: %v", path, err) } - if playlist.UserID != user.ID && !playlist.IsPublic { + if !playlist.CanRead(user.ID) { continue } playlistID := playlistIDEncode(path) @@ -82,7 +82,7 @@ func (c *Controller) ServeCreateOrUpdatePlaylist(r *http.Request) *spec.Response } } - if playlist.UserID != 0 && playlist.UserID != user.ID { + if playlist.UserID != 0 && !playlist.CanWrite(user.ID) { return spec.NewError(50, "you aren't allowed update that user's playlist") } @@ -133,7 +133,7 @@ func (c *Controller) ServeUpdatePlaylist(r *http.Request) *spec.Response { } // update meta info - if playlist.UserID != 0 && playlist.UserID != user.ID { + if !playlist.CanWrite(user.ID) { return spec.NewResponse() } @@ -173,9 +173,21 @@ func (c *Controller) ServeUpdatePlaylist(r *http.Request) *spec.Response { } func (c *Controller) ServeDeletePlaylist(r *http.Request) *spec.Response { + user := r.Context().Value(CtxUser).(*db.User) params := r.Context().Value(CtxParams).(params.Params) + playlistID := params.GetFirstOr( /* default */ "", "id", "playlistId") - if err := c.playlistStore.Delete(playlistIDDecode(playlistID)); err != nil { + playlistPath := playlistIDDecode(playlistID) + playlist, err := c.playlistStore.Read(playlistPath) + if err != nil { + return spec.NewError(0, "find playlist: %v", err) + } + + if !playlist.CanDelete(user.ID) { + return spec.NewError(0, "you cannot delete playlists you do not own") + } + + if err := c.playlistStore.Delete(playlistPath); err != nil { return spec.NewError(0, "delete playlist: %v", err) } return spec.NewResponse()