From 347274afb36e926b328e799ca8004fc874ffe4cb Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Wed, 4 Oct 2023 20:41:59 +0200
Subject: more permission stuff

---
 server/src/routes/ui/node.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'server/src/routes/ui/node.rs')

diff --git a/server/src/routes/ui/node.rs b/server/src/routes/ui/node.rs
index 1a906f1..b72ec11 100644
--- a/server/src/routes/ui/node.rs
+++ b/server/src/routes/ui/node.rs
@@ -22,6 +22,7 @@ use crate::{
     uri,
 };
 use anyhow::{anyhow, Context};
+use jellybase::permission::NodePermissionExt;
 use jellycommon::{MediaInfo, NodeKind, NodePublic, Rating, SourceTrackKind};
 use rocket::{get, serde::json::Json, Either, State};
 
@@ -39,11 +40,11 @@ pub async fn r_library_node_filter<'a>(
     aj: AcceptJson,
     filter: NodeFilterSort,
 ) -> Result<Either<DynLayoutPage<'a>, Json<NodePublic>>, MyError> {
-    drop(session);
     let node = db
         .node
         .get(&id.to_string())
         .context("retrieving library node")?
+        .only_if_permitted(&session.user.permissions)
         .ok_or(anyhow!("node does not exist"))?
         .public;
 
@@ -124,7 +125,7 @@ markup::define! {
             }
             @if matches!(node.kind, NodeKind::Collection | NodeKind::Channel) {
                 @if matches!(node.kind, NodeKind::Collection) {
-                    @if let Some(parent) = &node.parent {
+                    @if let Some(parent) = &node.path.last().cloned() {
                         a.dirup[href=uri!(r_library_node(parent))] { "Go up" }
                     }
                 }
-- 
cgit v1.2.3-70-g09d2