Hidden libraries still expose section headers such as in "Recently Added in ____" #69
Description
Description:
When creating a "Recently Added in ____" section using a library’s ParentId, if a user does not have access to that library, the section header still appears without any media beneath it.
Impact:
This may unintentionally reveal the existence and names of restricted libraries, creating a potential privacy concern for administrators.
Steps to Reproduce:
- Create a "Recently Added in ____" section with a library’s ParentId.
- Restrict a user’s access to that library.
- Log in as that user.
- Observe that the section header still appears, but no items are shown.
Expected Behavior:
If a user does not have access to a library, the corresponding "Recently Added in ____" section should not appear at all.
Actual Behavior:
The section header is displayed, but with no media content.
Proposed Solution:
Before rendering a "Recently Added in ____" section, validate whether the requesting user has access to the library associated with the ParentId. If the user lacks permission, suppress both the header and its section entirely.
Alternative Approaches:
- Fallback behavior: Hide the section header but display a generic "No content available" message (less ideal, as it still leaks that a library exists).
- Configurable option: Allow admins to choose whether hidden libraries display empty headers or are omitted altogether.