feat(handlers/playlist): allow playlist sharing

Author: nadiamoe

server/ctrlsubsonic/handlers_playlist.go

@@ -35,7 +35,7 @@ func (c *Controller) ServeGetPlaylists(r *http.Request) *spec.Response {
 		if err != nil {
 			return spec.NewError(0, "error reading playlist %q: %v", path, err)
 		}
-		if playlist.UserID != user.ID && !playlist.IsPublic {
+		if !playlist.CanRead(user.ID) {
 			continue
 		}
 		playlistID := playlistIDEncode(path)
@@ -82,7 +82,7 @@ func (c *Controller) ServeCreateOrUpdatePlaylist(r *http.Request) *spec.Response
 		}
 	}
 
-	if playlist.UserID != 0 && playlist.UserID != user.ID {
+	if playlist.UserID != 0 && !playlist.CanWrite(user.ID) {
 		return spec.NewError(50, "you aren't allowed update that user's playlist")
 	}
 
@@ -133,7 +133,7 @@ func (c *Controller) ServeUpdatePlaylist(r *http.Request) *spec.Response {
 	}
 
 	// update meta info
-	if playlist.UserID != 0 && playlist.UserID != user.ID {
+	if !playlist.CanWrite(user.ID) {
 		return spec.NewResponse()
 	}
 
@@ -173,9 +173,21 @@ func (c *Controller) ServeUpdatePlaylist(r *http.Request) *spec.Response {
 }
 
 func (c *Controller) ServeDeletePlaylist(r *http.Request) *spec.Response {
+	user := r.Context().Value(CtxUser).(*db.User)
 	params := r.Context().Value(CtxParams).(params.Params)
+
 	playlistID := params.GetFirstOr( /* default */ "", "id", "playlistId")
-	if err := c.playlistStore.Delete(playlistIDDecode(playlistID)); err != nil {
+	playlistPath := playlistIDDecode(playlistID)
+	playlist, err := c.playlistStore.Read(playlistPath)
+	if err != nil {
+		return spec.NewError(0, "find playlist: %v", err)
+	}
+
+	if !playlist.CanDelete(user.ID) {
+		return spec.NewError(0, "you cannot delete playlists you do not own")
+	}
+
+	if err := c.playlistStore.Delete(playlistPath); err != nil {
 		return spec.NewError(0, "delete playlist: %v", err)
 	}
 	return spec.NewResponse()