docs(plugins): document plugin library scope authorization logic

Signed-off-by: Deluan <deluan@navidrome.org>
This commit is contained in:
Deluan 2026-07-01 13:20:31 -04:00
parent 318bb4944f
commit 2d53360f89

View file

@ -64,6 +64,10 @@ func (s *matcherServiceImpl) MatchSongs(ctx context.Context, songs []types.SongR
if err != nil {
return nil, err
}
// The plugin's library scope is a second, independent authorization on top of the context
// user's own access, so it's applied here rather than in-query: the unscoped path runs as
// admin (which applyLibraryFilter skips), and folding s.libs into the context user would
// conflate the two scopes instead of intersecting them.
for i, mf := range matched {
// Drop tracks outside the plugin's library scope, leaving that index unmatched.
if !s.libs.contains(mf.LibraryID) {