some playlist ownership check
This commit is contained in:
nixo
parent
c7a7dbd7fa
commit
61449fd235
|
|
@ -7,6 +7,10 @@ import UUIDs
|
||||||
import HTTP
|
import HTTP
|
||||||
using JSON2
|
using JSON2
|
||||||
|
|
||||||
|
# # Playlist cover art support
|
||||||
|
# The idea is to sum all the album arts in some way. But it's easier to get one random
|
||||||
|
# using FileIO, Images
|
||||||
|
|
||||||
const domain = "nixo.xyz"
|
const domain = "nixo.xyz"
|
||||||
|
|
||||||
include("types.jl")
|
include("types.jl")
|
||||||
|
|
|
||||||
|
|
@ -292,7 +292,10 @@ function createPlaylist(req)
|
||||||
return not_found("playlistId")
|
return not_found("playlistId")
|
||||||
end
|
end
|
||||||
elseif !isempty(name)
|
elseif !isempty(name)
|
||||||
playlist = Playlist(req[:login][:user].name, name = name)
|
playlist = Playlist(req[:login][:user].name,
|
||||||
|
name = name,
|
||||||
|
# cover = ???
|
||||||
|
)
|
||||||
push!(playlist, song)
|
push!(playlist, song)
|
||||||
else
|
else
|
||||||
return missing_parameter("either name or playlistId")
|
return missing_parameter("either name or playlistId")
|
||||||
|
|
@ -319,15 +322,21 @@ function getPlaylists(req)
|
||||||
return subsonic_return(xdoc)
|
return subsonic_return(xdoc)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
import Base.get
|
||||||
|
function get(::Type{Playlist}, u::User, id::AbstractString)
|
||||||
|
global user_playlists
|
||||||
|
findfirst(p -> p.uuid == id,
|
||||||
|
filter(p -> canread(u, p),
|
||||||
|
user_playlists))
|
||||||
|
end
|
||||||
|
|
||||||
"Returns a listing of files in a saved playlist."
|
"Returns a listing of files in a saved playlist."
|
||||||
function getPlaylist(req)
|
function getPlaylist(req)
|
||||||
global user_playlists
|
global user_playlists
|
||||||
query = HTTP.URIs.queryparams(req[:query])
|
query = HTTP.URIs.queryparams(req[:query])
|
||||||
id = get(query, "id", "")
|
id = get(query, "id", "")
|
||||||
isempty(id) && return missing_parameter("id")
|
isempty(id) && return missing_parameter("id")
|
||||||
m = findfirst(p -> p.uuid == id,
|
m = get(Playlist, req[:login][:user], id)
|
||||||
filter(p -> canread(req[:login][:user], p),
|
|
||||||
user_playlists))
|
|
||||||
m == nothing && return not_found("id")
|
m == nothing && return not_found("id")
|
||||||
(xdoc, xroot) = subsonic()
|
(xdoc, xroot) = subsonic()
|
||||||
append!(xroot, user_playlists[m])
|
append!(xroot, user_playlists[m])
|
||||||
|
|
@ -340,11 +349,12 @@ function updatePlaylist(req)
|
||||||
query = HTTP.URIs.queryparams(req[:query])
|
query = HTTP.URIs.queryparams(req[:query])
|
||||||
playlistId = get(query, "playlistId", "")
|
playlistId = get(query, "playlistId", "")
|
||||||
isempty(playlistId) && return missing_parameter("playlistId")
|
isempty(playlistId) && return missing_parameter("playlistId")
|
||||||
# FIXME: check ownership
|
m = get(Playlist, req[:login][:user], playlistId)
|
||||||
pn = findfirst(p -> p.uuid == playlistId,
|
m == nothing && return not_found("playlistId")
|
||||||
user_playlists)
|
playlist = user_playlists[m]
|
||||||
pn == nothing && return not_found("playlistId")
|
|
||||||
playlist = user_playlists[pn]
|
# Check ownership (if not allowed, should not even reach this (canread is false))
|
||||||
|
canedit(req[:login][:user], playlist) || return not_allowed()
|
||||||
playlist.name = get(query, "name", playlist.name)
|
playlist.name = get(query, "name", playlist.name)
|
||||||
playlist.comment = get(query, "comment", playlist.comment)
|
playlist.comment = get(query, "comment", playlist.comment)
|
||||||
# FIXME: use try/catch
|
# FIXME: use try/catch
|
||||||
|
|
@ -376,8 +386,14 @@ function deletePlaylist(req)
|
||||||
query = HTTP.URIs.queryparams(req[:query])
|
query = HTTP.URIs.queryparams(req[:query])
|
||||||
id = get(query, "id", "")
|
id = get(query, "id", "")
|
||||||
isempty(id) && return missing_parameter("id")
|
isempty(id) && return missing_parameter("id")
|
||||||
# FIXME: check ownership
|
m = findfirst(p -> p.uuid == id, user_playlists)
|
||||||
filter!(p -> p.uuid != id, user_playlists)
|
m === nothing && return not_found("id")
|
||||||
|
if !canedit(req[:login][:user], user_playlists[m])
|
||||||
|
return unuthorized()
|
||||||
|
end
|
||||||
|
|
||||||
|
deleteat!(user_playlists, m)
|
||||||
|
|
||||||
saveplaylists()
|
saveplaylists()
|
||||||
@subsonic(nothing)
|
@subsonic(nothing)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,22 @@ GET :url/stream:auth&id=df5937fd-d79b-40b5-bf14-8c29c54e1bdb
|
||||||
GET :url/getPlaylists:auth
|
GET :url/getPlaylists:auth
|
||||||
|
|
||||||
# Get single playlist
|
# Get single playlist
|
||||||
GET :url/getPlaylist:auth&id=512c6d5e-798f-47f7-a50d-116ef647109e
|
GET :url/getPlaylist:auth&id=a2df9320-4775-40a5-9830-8960f3eb9203
|
||||||
|
|
||||||
|
# Get not owned playlist
|
||||||
|
GET :url/getPlaylist:auth&id=799f5074-5db2-4daa-b449-9677d0c7744c
|
||||||
|
|
||||||
|
# Delete not owned playlist
|
||||||
|
GET :url/deletePlaylist:auth&id=799f5074-5db2-4daa-b449-9677d0c7744c
|
||||||
|
|
||||||
|
# Update not owned playlist
|
||||||
|
GET :url/updatePlaylist:auth&playlistId=799f5074-5db2-4daa-b449-9677d0c7744c
|
||||||
|
|
||||||
|
# Update owned playlist
|
||||||
|
GET :url/updatePlaylist:auth&playlistId=a2df9320-4775-40a5-9830-8960f3eb9203&name=nuovo
|
||||||
|
|
||||||
|
# Delete owned playlist
|
||||||
|
GET :url/deletePlaylist:auth&id=a2df9320-4775-40a5-9830-8960f3eb9203
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
4
login.jl
4
login.jl
|
|
@ -54,9 +54,7 @@ function loadusers(; file = expanduser("~/.config/beets/users.jsonl"))
|
||||||
ps = JSON2.readlines(file)
|
ps = JSON2.readlines(file)
|
||||||
p = JSON2.read.(ps, JlSonic.User)
|
p = JSON2.read.(ps, JlSonic.User)
|
||||||
empty!(users)
|
empty!(users)
|
||||||
for pl in p
|
append!(users, p)
|
||||||
push!(users, pl)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
sonic_login = stack(getlogin, checkpassword)
|
sonic_login = stack(getlogin, checkpassword)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue