Content server: Fix newly added books on homepage not restricted to the books the logged in user is allowed to access

src/calibre/db/cache.py

@@ -1405,8 +1405,8 @@ class Cache:
         return ret
 
     @read_api
-    def newly_added_book_ids(self, count=5) -> list[int]:
+    def newly_added_book_ids(self, count=5, book_ids=None) -> list[int]:
-        ids_to_sort = self._all_book_ids(list)
+        ids_to_sort = self._all_book_ids(list) if book_ids is None else list(book_ids)
         ids_to_sort.sort(reverse=True)
         return ids_to_sort[:count]
 

src/calibre/srv/code.py

@@ -309,11 +309,11 @@ def newly_added(ctx, rd):
     '''
     db, library_id = get_library_data(ctx, rd)[:2]
     count = int(rd.query.get('num', 3))
+    nbids = ctx.newest_book_ids(rd, db, count=count)
     with db.safe_read_lock:
-        nbids = db._newly_added_book_ids(count)
         titles = db._all_field_for('title', nbids)
         authors = db._all_field_for('authors', nbids)
-        return {'library_id': library_id, 'books': nbids, 'titles': titles, 'authors': authors}
+    return {'library_id': library_id, 'books': nbids, 'titles': titles, 'authors': authors}
 
 
 @endpoint('/interface-data/more-books', postprocess=json, methods=POSTABLE)

src/calibre/srv/handler.py

@@ -92,6 +92,13 @@ class Context:
                 return False
         return db.has_id(book_id)
 
+    def newest_book_ids(self, request_data, db, count=5):
+        restriction = self.restriction_for(request_data, db)
+        allowed_book_ids = None
+        if restriction:
+            allowed_book_ids = db.search('', restriction=restriction)
+        return db.newly_added_book_ids(count=count, book_ids=allowed_book_ids)
+
     def get_allowed_book_ids_from_restriction(self, request_data, db):
         restriction = self.restriction_for(request_data, db)
         return frozenset(db.search('', restriction=restriction)) if restriction else None