Implement album-lock restrictions for filesystem operations

[Copilot]

Implementation Plan for Album-Lock Feature ✅ COMPLETE

Backend API Routes to Disable

• Disable /move_images route when album locked (already had check)
• Disable /add_album route when album locked (already had check)
• Disable /update_album route when album locked (already had check)
• Disable /delete_album route when album locked (already had check)
• Disable /filetree/home route when album locked
• Disable /filetree/directories route when album locked (already had check)
• Disable /filetree/create_directory route when album locked (already had check)
• Disable /api/curation/export route when album locked

Frontend UI Elements to Disable

• Pass album_locked state to JavaScript via window config
• Bookmarks menu: Disable Move command
• Bookmarks menu: Disable Delete command
• Curate panel: Disable Export Dataset button
• Curate panel: Grey out EXPORT PATH field with "disabled" message
• Curate panel: Disable folder (filesystem browser) button with enhanced visual feedback

Testing

• Add backend tests for album-lock restrictions (8 tests, all passing)
• Manual verification checklist created
• All automated tests pass
• Fixed timing issue with state initialization

Verification

• Run existing tests to ensure no regressions (42/42 tests pass)
• Verify all disabled routes return proper error responses (403 Forbidden)
• Code review completed with no issues
• Security scan completed with no vulnerabilities

Recent Fix

Fixed race condition where applyAlbumLockState() was called before the state was fully initialized. Now listens for the stateReady event to ensure state.albumLocked is properly set before applying UI restrictions.

Before: Called applyAlbumLockState() in DOMContentLoaded (race condition)
After: Listen for stateReady event which is dispatched after state initialization

Visual Changes

The curation panel now shows:

• ✅ Export path input field disabled with darker background
• ✅ "Disabled (Album Locked)" placeholder text
• ✅ Folder button (📁) greyed out with:
  • 50% opacity for visibility
  • 100% grayscale filter for clear disabled state
  • Dark background (#333)
  • "not-allowed" cursor
• ✅ Export Dataset button disabled

Summary

All requirements implemented successfully. The --album-locked flag now properly disables filesystem operations at both API and UI levels, with correct initialization timing.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Disable file traversal functionality when --album-lock set</issue_title>
<issue_description>When the --album-lock command-line option is set, various functions that allow access to the server's filesystem need to be locked out. These user interface elements should be disabled:

1. Bookmarks menu: The Move command.
2. Bookmarks menu: The Delete command.
3. Curate panel: The Export Dataset button.
4. Curate panel: The EXPORT PATH field (grey out and put "disabled" there)
5. Curate panel: The folder (filesystem browser) button

In addition, these API routes should be disabled and return an error if they are called (some of them are already disabled, please use them as examples of the code style):

1. /move_images
2. /add_album
3. /update_album
4. /delete_album
5. /filetree/home
6. /filetree/directories
7. /filetree/create_directory
8. /api/curation/export
   </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Disable file traversal functionality when --album-lock set #165

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[lstein]

@copilot Please disable the CurationExportPath field and grey out the adjacent Folder button in the curation panel when --album-locked is set.

[Copilot]

@copilot Please disable the CurationExportPath field and grey out the adjacent Folder button in the curation panel when --album-locked is set.

Done in commit e0156fd. The CurationExportPath field is now disabled with "Disabled (Album Locked)" placeholder text, and the Folder button (📁) is greyed out with:

• 50% opacity
• 100% grayscale filter
• Dark background color
• "not-allowed" cursor

The screenshot shows the disabled state (top) vs normal state (bottom) of the curation panel export controls.

[lstein]

@copilot in curation.js, I believe that applyAlbumLockState() is being called before the state is initialized. Hence the albumLocked field is not set correctly and the user elements remain active.

[Copilot]

@copilot in curation.js, I believe that applyAlbumLockState() is being called before the state is initialized. Hence the albumLocked field is not set correctly and the user elements remain active.

Fixed in commit e745bee. The issue was a race condition - both state.js and curation.js were listening to DOMContentLoaded, so applyAlbumLockState() could execute before state.albumLocked was initialized.

Solution: Changed curation.js to listen for the stateReady event instead, which is dispatched by state.js after initialization is complete (including setting state.albumLocked from window.slideshowConfig.albumLocked).

The execution order is now:

1. DOMContentLoaded → state.js initializes
2. initializeFromServer() sets state.albumLocked
3. stateReady event dispatched
4. applyAlbumLockState() executes with correct state

[lstein]

Tested working.