Add manual-import and download-access features

Introduce manual import workflow and download permission support. Adds a Prisma migration and schema field (users.download_access) to track per-user download access, and updates admin UI to toggle global and per-user download access. Implements new APIs: filesystem browse, manual-import endpoint, download-access settings, audiobook download-status, and on-demand download-token generation. Adds frontend components for manual import and related tests, plus documentation for the manual-import feature and the documentation-agent prompt. Key files: prisma/migrations/20260212000000_add_download_access_permission/migration.sql, prisma/schema.prisma, src/app/api/admin/filesystem/browse/route.ts, src/app/api/admin/manual-import/route.ts, src/app/api/admin/settings/download-access/route.ts, src/app/api/requests/[id]/download-token/route.ts, src/app/api/audiobooks/[asin]/download-status/route.ts, and updated admin users pages/components and permissions util.
2026-06-03 21:00:09 +00:00 · 2026-02-27 12:15:23 -05:00
parent 73c5fe14e7
commit edc56bc457
29 changed files with 2196 additions and 27 deletions
@@ -0,0 +1,70 @@
+/**
+ * Component: Audiobook Download Status API Route
+ * Documentation: documentation/backend/api.md
+ *
+ * Returns whether a downloadable file exists for this audiobook (by ASIN).
+ * Used by AudiobookDetailsModal to show the download link regardless of context.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
+import { prisma } from '@/lib/db';
+import { COMPLETED_STATUSES } from '@/lib/constants/request-statuses';
+import { resolveDownloadAccess } from '@/lib/utils/permissions';
+
+/**
+ * GET /api/audiobooks/[asin]/download-status
+ * Returns { downloadAvailable, requestId } for the current user's completed request.
+ */
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ asin: string }> }
+) {
+  return requireAuth(request, async (req: AuthenticatedRequest) => {
+    if (!req.user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    // Check download permission - if denied, don't reveal file existence
+    const userRecord = await prisma.user.findUnique({
+      where: { id: req.user.id },
+      select: { role: true, downloadAccess: true },
+    });
+    const hasDownloadAccess = await resolveDownloadAccess(
+      userRecord?.role ?? 'user',
+      userRecord?.downloadAccess ?? null
+    );
+    if (!hasDownloadAccess) {
+      return NextResponse.json({ downloadAvailable: false, requestId: null });
+    }
+
+    const { asin } = await params;
+
+    const audiobook = await prisma.audiobook.findFirst({
+      where: { audibleAsin: asin },
+      select: { id: true, filePath: true },
+    });
+
+    if (!audiobook) {
+      return NextResponse.json({ downloadAvailable: false, requestId: null });
+    }
+
+    // Find any completed request for this audiobook that has a file
+    const completedRequest = await prisma.request.findFirst({
+      where: {
+        audiobookId: audiobook.id,
+        status: { in: [...COMPLETED_STATUSES] },
+        deletedAt: null,
+      },
+      select: { id: true },
+      orderBy: { createdAt: 'desc' },
+    });
+
+    const downloadAvailable = !!completedRequest && !!audiobook.filePath;
+
+    return NextResponse.json({
+      downloadAvailable,
+      requestId: downloadAvailable ? completedRequest!.id : null,
+    });
+  });
+}