feat: Multi-library support (#4181)

* feat(database): add user_library table and library access methods

Signed-off-by: Deluan <deluan@navidrome.org>

# Conflicts:
#	tests/mock_library_repo.go

* feat(database): enhance user retrieval with library associations

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(api): implement library management and user-library association endpoints

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(api): restrict access to library and config endpoints to admin users

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor(library): implement library management service and update API routes

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(database): add library filtering to album, folder, and media file queries

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor library service to use REST repository pattern and remove CRUD operations

Signed-off-by: Deluan <deluan@navidrome.org>

* add total_duration column to library and update user_library table

Signed-off-by: Deluan <deluan@navidrome.org>

* fix migration file name

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): add library management features including create, edit, delete, and list functionalities - WIP

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): enhance library validation and management with path checks and normalization - WIP

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): improve library path validation and error handling - WIP

Signed-off-by: Deluan <deluan@navidrome.org>

* use utils/formatBytes

Signed-off-by: Deluan <deluan@navidrome.org>

* simplify DeleteLibraryButton.jsx

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): enhance validation messages and error handling for library paths

Signed-off-by: Deluan <deluan@navidrome.org>

* lint

Signed-off-by: Deluan <deluan@navidrome.org>

* test(scanner): add tests for multi-library scanning and validation

Signed-off-by: Deluan <deluan@navidrome.org>

* test(scanner): improve handling of filesystem errors and ensure warnings are returned

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(controller): add function to retrieve the most recent scan time across all libraries

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): add additional fields and restructure LibraryEdit component for enhanced statistics display

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): enhance LibraryCreate and LibraryEdit components with additional props and styling

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(mediafile): add LibraryName field and update queries to include library name

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(missingfiles): add library filter and display in MissingFilesList component

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): implement scanner interface for triggering library scans on create/update

Signed-off-by: Deluan <deluan@navidrome.org>

# Conflicts:
#	cmd/wire_gen.go
#	cmd/wire_injectors.go

# Conflicts:
#	cmd/wire_gen.go

# Conflicts:
#	cmd/wire_gen.go
#	cmd/wire_injectors.go

* feat(library): trigger scan after successful library deletion to clean up orphaned data

Signed-off-by: Deluan <deluan@navidrome.org>

* rename migration file for user library table to maintain versioning order

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor: move scan triggering logic into a helper method for clarity

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): add library path and name fields to album and mediafile models

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): add/remove watchers on demand, not only when server starts

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor(scanner): streamline library handling by using state-libraries for consistency

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: track processed libraries by updating state with scan timestamps

Signed-off-by: Deluan <deluan@navidrome.org>

* prepend libraryID for track and album PIDs

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(repository): apply library filtering in CountAll methods for albums, folders, and media files

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(user): add library selection for user creation and editing

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): implement library selection functionality with reducer and UI component

Signed-off-by: Deluan <deluan@navidrome.org>

# Conflicts:
#	.github/copilot-instructions.md

# Conflicts:
#	.gitignore

* feat(library): add tests for LibrarySelector and library selection hooks

Signed-off-by: Deluan <deluan@navidrome.org>

* test: add unit tests for file utility functions

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): add library ID filtering for album resources

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): streamline library ID filtering in repositories and update resource filtering logic

Signed-off-by: Deluan <deluan@navidrome.org>

* fix(repository): add table name handling in filter functions for SQL queries

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): add refresh functionality on LibrarySelector close

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(artist): add library ID filtering for artists in repository and update resource filtering logic

Signed-off-by: Deluan <deluan@navidrome.org>

# Conflicts:
#	persistence/artist_repository.go

* Add library_id field support for smart playlists

- Add library_id field to smart playlist criteria system
- Supports Is and IsNot operators for filtering by library ID
- Includes comprehensive test coverage for single values and lists
- Enables creation of library-specific smart playlists

* feat(subsonic): implement user-specific library access in GetMusicFolders

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(library): enhance LibrarySelectionField to extract library IDs from record

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(subsonic): update GetIndexes and GetArtists method to support library ID filtering

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: ensure LibrarySelector dropdown refreshes on button close

Added refresh() call when closing the dropdown via button click to maintain
consistency with the ClickAwayListener behavior. This ensures the UI
updates properly regardless of how the dropdown is closed, fixing an
inconsistent refresh behavior between different closing methods.

The fix tracks the previous open state and calls refresh() only when
the dropdown was open and is being closed by the button click.

* refactor: simplify getUserAccessibleLibraries function and update related tests

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: enhance selectedMusicFolderIds function to handle valid music folder IDs and improve fallback logic

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor: change ArtistRepository.GetIndex to accept multiple library IDs

Updated the GetIndex method signature to accept a slice of library IDs instead of a single ID, enabling support for filtering artists across multiple libraries simultaneously.

Changes include:
- Modified ArtistRepository interface in model/artist.go
- Updated implementation in persistence/artist_repository.go with improved library filtering logic
- Refactored Subsonic API browsing.go to use new selectedMusicFolderIds helper
- Added comprehensive test coverage for multiple library scenarios
- Updated mock repository implementation for testing

This change improves flexibility for multi-library operations while maintaining backward compatibility through the selectedMusicFolderIds helper function.

* feat: add library access validation to selectedMusicFolderIds

Enhanced the selectedMusicFolderIds function to validate musicFolderId parameters
against the user's accessible libraries. Invalid library IDs (those the user
doesn't have access to) are now silently filtered out, improving security by
preventing users from accessing libraries they don't have permission for.

Changes include:
- Added validation logic to check musicFolderId parameters against user's accessible libraries
- Added slices package import for efficient validation
- Enhanced function documentation to clarify validation behavior
- Added comprehensive test cases covering validation scenarios
- Maintains backward compatibility with existing behavior

* feat: implement multi-library support for GetAlbumList and GetAlbumList2 endpoints

- Enhanced selectedMusicFolderIds helper to validate and filter library IDs
- Added ApplyLibraryFilter function in filter/filters.go for library filtering
- Updated getAlbumList to support musicFolderId parameter filtering
- Added comprehensive tests for multi-library functionality
- Supports single and multiple musicFolderId values
- Falls back to all accessible libraries when no musicFolderId provided
- Validates library access permissions for user security

* feat: implement multi-library support for GetRandomSongs, GetSongsByGenre, GetStarred, and GetStarred2

- Added multi-library filtering to GetRandomSongs endpoint using musicFolderId parameter
- Added multi-library filtering to GetSongsByGenre endpoint using musicFolderId parameter
- Enhanced GetStarred and GetStarred2 to filter artists, albums, and songs by library
- Added Options field to MockMediaFileRepo and MockArtistRepo for test compatibility
- Added comprehensive Ginkgo/Gomega tests for all new multi-library functionality
- All tests verify proper SQL filter generation and library access validation
- Supports single/multiple musicFolderId values with fallback to all accessible libraries

* refactor: optimize starred items queries with parallel execution and fix test isolation

Refactored starred items functionality by extracting common logic into getStarredItems()
method that executes artist, album, and media file queries in parallel for better performance.
This eliminates code duplication between GetStarred and GetStarred2 methods while improving
response times through concurrent database queries using run.Parallel().

Also fixed test isolation issues by adding missing auth.Init(ds) call in album lists test setup.
This resolves nil pointer dereference errors in GetStarred and GetStarred2 tests when run independently.

* fix: add ApplyArtistLibraryFilter to filter artists by associated music folders

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add library access methods to User model

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: implement library access filtering for artist queries based on user permissions

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: enhance artist library filtering based on user permissions and optimize library ID retrieval

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: return error when any musicFolderId is invalid or inaccessible

Changed behavior from silently filtering invalid library IDs to returning
ErrorDataNotFound (code 70) when any provided musicFolderId parameter
is invalid or the user doesn't have access to it.

The error message includes the specific library number for better debugging.
This affects album/song list endpoints (getAlbumList, getRandomSongs,
getSongsByGenre, getStarred) to provide consistent error handling
across all Subsonic API endpoints.

Updated corresponding tests to expect errors instead of silent filtering.

* feat: add musicFolderId parameter support to Search2 and Search3 endpoints

Implemented musicFolderId parameter support for Subsonic API Search2 and Search3 endpoints, completing multi-library functionality across all Subsonic endpoints.

Key changes:
- Added musicFolderId parameter handling to Search2 and Search3 endpoints
- Updated search logic to filter results by specified library or all accessible libraries when parameter not provided
- Added proper error handling for invalid/inaccessible musicFolderId values
- Refactored SearchableRepository interface to support library filtering with variadic QueryOptions
- Updated repository implementations (Album, Artist, MediaFile) to handle library filtering in search operations
- Added comprehensive test coverage with robust assertions verifying library filtering works correctly
- Enhanced mock repositories to capture QueryOptions for test validation

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: refresh LibraryList on scan end

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: allow editing name of main library

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor: implement SendBroadcastMessage method for event broadcasting

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add event broadcasting for library creation, update, and deletion

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add useRefreshOnEvents hook for custom refresh logic on event changes

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: enhance library management with refresh event broadcasting

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: replace AddUserLibrary and RemoveUserLibrary with SetUserLibraries for better library management

Signed-off-by: Deluan <deluan@navidrome.org>

* chore: remove commented-out genre repository code from persistence tests

* feat: enhance library selection with master checkbox functionality

Added a master checkbox to the SelectLibraryInput component, allowing users to select or deselect all libraries at once. This improves user experience by simplifying the selection process when multiple libraries are available. Additionally, updated translations in the en.json file to include a new message for selecting all libraries, ensuring consistency in user interface messaging.

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add default library assignment for new users

Introduced a new column `default_new_users` in the library table to
facilitate automatic assignment of default libraries to new regular users.
When a new user is created, they will now be assigned to libraries marked
as default, enhancing user experience by ensuring they have immediate access
to essential resources. Additionally, updated the user repository logic
to handle this new functionality and modified the user creation validation
to reflect that library selection is optional for non-admin users.

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: correct updated_at assignment in library repository

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: improve cache buffering logic

Refactored the cache buffering logic to ensure thread safety when checking
the buffer length

Signed-off-by: Deluan <deluan@navidrome.org>

* fix formating

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: implement per-library artist statistics with automatic aggregation

Implemented comprehensive multi-library support for artist statistics that
automatically aggregates stats from user-accessible libraries. This fundamental
change moves artist statistics from global scope to per-library granularity
while maintaining backward compatibility and transparent operation.

Key changes include:
- Migrated artist statistics from global artist.stats to per-library library_artist.stats
- Added automatic library filtering and aggregation in existing Get/GetAll methods
- Updated role-based filtering to work with per-library statistics storage
- Enhanced statistics calculation to process and store stats per library
- Implemented user permission-aware aggregation that respects library access control
- Added comprehensive test coverage for library filtering and restricted user access
- Created helper functions to ensure proper library associations in tests

This enables users to see statistics that accurately reflect only the content
from libraries they have access to, providing proper multi-tenant behavior
while maintaining the existing API surface and UI functionality.

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add multi-library support with per-library tag statistics - WIP

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor: genre and tag repositories. add comprehensive tests

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add multi-library support to tag repository system

Implemented comprehensive library filtering for tag repositories to support the multi-library feature. This change ensures that users only see tags from libraries they have access to, while admin users can see all tags.

Key changes:
- Enhanced TagRepository.Add() method to accept libraryID parameter for proper library association
- Updated baseTagRepository to implement library-aware queries with proper joins
- Added library_tag table integration for per-library tag statistics
- Implemented user permission-based filtering through user_library associations
- Added comprehensive test coverage for library filtering scenarios
- Updated UI data provider to include tag filtering by selected libraries
- Modified scanner to pass library ID when adding tags during folder processing

The implementation maintains backward compatibility while providing proper isolation between libraries for tag-based operations like genres and other metadata tags.

* refactor: simplify artist repository library filtering

Removed conditional admin logic from applyLibraryFilterToArtistQuery method
and unified the library filtering approach to match the tag repository pattern.
The method now always uses the same SQL join structure regardless of user role,
with admin access handled automatically through user_library associations.

Added artistLibraryIdFilter function to properly qualify library_id column
references and prevent SQL ambiguity errors when multiple tables contain
library_id columns. This ensures the filter targets library_artist.library_id
specifically rather than causing ambiguous column name conflicts.

* fix: resolve LibrarySelectionField validation error for non-admin users

Fixed validation error 'At least one library must be selected for non-admin users' that appeared even when libraries were selected. The issue was caused by a data format mismatch between backend and frontend.

The backend sends user data with libraries as an array of objects, but the LibrarySelectionField component expects libraryIds as an array of IDs. Added data transformation in the data provider's getOne method to automatically convert libraries array to libraryIds format when fetching user records.

Also extracted validation logic into a separate userValidation module for better code organization and added comprehensive test coverage to prevent similar issues.

* refactor: remove unused library access functions and related tests

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor: rename search_test.go to searching_test.go for consistency

Signed-off-by: Deluan <deluan@navidrome.org>

* fix: add user context to scrobble buffer getParticipants call

Added user context handling to scrobbleBufferRepository.Next method to resolve
SQL error 'no such column: library_artist.library_id' when processing scrobble
entries in multi-library environments. The artist repository now requires user
context for proper library filtering, so we fetch the user and temporarily
inject it into the context before calling getParticipants. This ensures
background scrobbling operations work correctly with multi-library support.

* feat: add cross-library move detection for scanner

Implemented cross-library move detection for the scanner phase 2 to properly handle files moved between libraries. This prevents users from losing play counts, ratings, and other metadata when moving files across library boundaries.

Changes include:
- Added MediaFileRepository methods for two-tier matching: FindRecentFilesByMBZTrackID (primary) and FindRecentFilesByProperties (fallback)
- Extended scanner phase 2 pipeline with processCrossLibraryMoves stage that processes files unmatched within their library
- Implemented findCrossLibraryMatch with MusicBrainz Release Track ID priority and intrinsic properties fallback
- Updated producer logic to handle missing tracks without matches, ensuring cross-library processing
- Updated tests to reflect new producer behavior and cross-library functionality

The implementation uses existing moveMatched function for unified move operations, automatically preserving all user data through database foreign key relationships. Cross-library moves are detected using the same Equals() and IsEquivalent() matching logic as within-library moves for consistency.

Signed-off-by: Deluan <deluan@navidrome.org>

* feat: add album annotation reassignment for cross-library moves

Implemented album annotation reassignment functionality for the scanner's missing tracks phase. When tracks move between libraries and change album IDs, the system now properly reassigns album annotations (starred status, ratings) from the old album to the new album. This prevents loss of user annotations when tracks are moved across library boundaries.

The implementation includes:
- Thread-safe annotation reassignment using mutex protection
- Duplicate reassignment prevention through processed album tracking
- Graceful error handling that doesn't fail the entire move operation
- Comprehensive test coverage for various scenarios including error conditions

This enhancement ensures data integrity and user experience continuity during cross-library media file movements.

* fix: address PR review comments for multi-library support

Fixed several issues identified in PR review:

- Removed unnecessary artist stats initialization check since the map is already initialized in PostScan()
- Improved code clarity in user repository by extracting isNewUser variable to avoid checking count == 0 twice
- Fixed library selection logic to properly handle initial library state and prevent overriding user selections

These changes address code quality and logic issues identified during the multi-library support PR review.

* feat: add automatic playlist statistics refreshing

Implemented automatic playlist statistics (duration, size, song count) refreshing
when tracks are modified. Added new refreshStats() method to recalculate
statistics from playlist tracks, and SetTracks() method to update tracks
and refresh statistics atomically. Modified all track manipulation methods
(RemoveTracks, AddTracks, AddMediaFiles) to automatically refresh statistics.
Updated playlist repository to use the new SetTracks method for consistent
statistics handling.

* refactor: rename AddTracks to AddMediaFilesByID for clarity

Renamed the AddTracks method to AddMediaFilesByID throughout the codebase
to better reflect its purpose of adding media files to a playlist by their IDs.
This change improves code readability and makes the method name more descriptive
of its actual functionality. Updated all references in playlist model, tests,
core playlist logic, and Subsonic API handlers to use the new method name.

* refactor: consolidate user context access in persistence layer

Removed duplicate helper functions userId() and isAdmin() from sql_base_repository.go and consolidated all user context access to use loggedUser(r.ctx).ID and loggedUser(r.ctx).IsAdmin consistently across the persistence layer.

This change eliminates code duplication and provides a single, consistent pattern for accessing user context information in repository methods. All functionality remains unchanged - this is purely a code cleanup refactoring.

* refactor: eliminate MockLibraryService duplication using embedded struct

- Replace 235-line MockLibraryService with 40-line embedded struct pattern
- Enhance MockLibraryRepo with service-layer methods (192→310 lines)
- Maintain full compatibility with existing tests
- All 72 nativeapi specs pass with proper error handling

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor: cleanup

Signed-off-by: Deluan <deluan@navidrome.org>

---------

Signed-off-by: Deluan <deluan@navidrome.org>

persistence/album_repository.go

@@ -123,6 +123,7 @@ var albumFilters = sync.OnceValue(func() map[string]filterFunc {
 		"missing":         booleanFilter,
 		"genre_id":        tagIDFilter,
 		"role_total_id":   allRolesFilter,
+		"library_id":      libraryIdFilter,
 	}
 	// Add all album tags as filters
 	for tag := range model.AlbumLevelTags() {
@@ -184,9 +185,10 @@ func allRolesFilter(_ string, value interface{}) Sqlizer {
 }
 
 func (r *albumRepository) CountAll(options ...model.QueryOptions) (int64, error) {
-	sql := r.newSelect()
-	sql = r.withAnnotation(sql, "album.id")
-	return r.count(sql, options...)
+	query := r.newSelect()
+	query = r.withAnnotation(query, "album.id")
+	query = r.applyLibraryFilter(query)
+	return r.count(query, options...)
 }
 
 func (r *albumRepository) Exists(id string) (bool, error) {
@@ -216,8 +218,10 @@ func (r *albumRepository) UpdateExternalInfo(al *model.Album) error {
 }
 
 func (r *albumRepository) selectAlbum(options ...model.QueryOptions) SelectBuilder {
-	sql := r.newSelect(options...).Columns("album.*")
-	return r.withAnnotation(sql, "album.id")
+	sql := r.newSelect(options...).Columns("album.*", "library.path as library_path", "library.name as library_name").
+		LeftJoin("library on album.library_id = library.id")
+	sql = r.withAnnotation(sql, "album.id")
+	return r.applyLibraryFilter(sql)
 }
 
 func (r *albumRepository) Get(id string) (*model.Album, error) {
@@ -291,7 +295,6 @@ func (r *albumRepository) TouchByMissingFolder() (int64, error) {
 // It does not need to load participants, as they are not used by the scanner.
 func (r *albumRepository) GetTouchedAlbums(libID int) (model.AlbumCursor, error) {
 	query := r.selectAlbum().
-		Join("library on library.id = album.library_id").
 		Where(And{
 			Eq{"library.id": libID},
 			ConcatExpr("album.imported_at > library.last_scan_at"),
@@ -346,15 +349,15 @@ func (r *albumRepository) purgeEmpty() error {
 	return nil
 }
 
-func (r *albumRepository) Search(q string, offset int, size int, includeMissing bool) (model.Albums, error) {
+func (r *albumRepository) Search(q string, offset int, size int, includeMissing bool, options ...model.QueryOptions) (model.Albums, error) {
 	var res dbAlbums
 	if uuid.Validate(q) == nil {
-		err := r.searchByMBID(r.selectAlbum(), q, []string{"mbz_album_id", "mbz_release_group_id"}, includeMissing, &res)
+		err := r.searchByMBID(r.selectAlbum(options...), q, []string{"mbz_album_id", "mbz_release_group_id"}, includeMissing, &res)
 		if err != nil {
 			return nil, fmt.Errorf("searching album by MBID %q: %w", q, err)
 		}
 	} else {
-		err := r.doSearch(r.selectAlbum(), q, offset, size, includeMissing, &res, "name")
+		err := r.doSearch(r.selectAlbum(options...), q, offset, size, includeMissing, &res, "name")
 		if err != nil {
 			return nil, fmt.Errorf("searching album by query %q: %w", q, err)
 		}

persistence/artist_repository.go

@@ -27,9 +27,9 @@ type artistRepository struct {
 }
 
 type dbArtist struct {
-	*model.Artist  `structs:",flatten"`
-	SimilarArtists string `structs:"-" json:"-"`
-	Stats          string `structs:"-" json:"-"`
+	*model.Artist    `structs:",flatten"`
+	SimilarArtists   string `structs:"-" json:"-"`
+	LibraryStatsJSON string `structs:"-" json:"-"`
 }
 
 type dbSimilarArtist struct {
@@ -38,27 +38,45 @@ type dbSimilarArtist struct {
 }
 
 func (a *dbArtist) PostScan() error {
-	var stats map[string]map[string]int64
-	if err := json.Unmarshal([]byte(a.Stats), &stats); err != nil {
-		return fmt.Errorf("parsing artist stats from db: %w", err)
-	}
 	a.Artist.Stats = make(map[model.Role]model.ArtistStats)
-	for key, c := range stats {
-		if key == "total" {
-			a.Artist.Size = c["s"]
-			a.Artist.SongCount = int(c["m"])
-			a.Artist.AlbumCount = int(c["a"])
+
+	if a.LibraryStatsJSON != "" {
+		var rawLibStats map[string]map[string]map[string]int64
+		if err := json.Unmarshal([]byte(a.LibraryStatsJSON), &rawLibStats); err != nil {
+			return fmt.Errorf("parsing artist stats from db: %w", err)
 		}
-		role := model.RoleFromString(key)
-		if role == model.RoleInvalid {
-			continue
-		}
-		a.Artist.Stats[role] = model.ArtistStats{
-			SongCount:  int(c["m"]),
-			AlbumCount: int(c["a"]),
-			Size:       c["s"],
+
+		for _, stats := range rawLibStats {
+			// Sum all libraries roles stats
+			for key, stat := range stats {
+				// Aggregate stats into the main Artist.Stats map
+				artistStats := model.ArtistStats{
+					SongCount:  int(stat["m"]),
+					AlbumCount: int(stat["a"]),
+					Size:       stat["s"],
+				}
+
+				// Store total stats into the main attributes
+				if key == "total" {
+					a.Artist.Size += artistStats.Size
+					a.Artist.SongCount += artistStats.SongCount
+					a.Artist.AlbumCount += artistStats.AlbumCount
+				}
+
+				role := model.RoleFromString(key)
+				if role == model.RoleInvalid {
+					continue
+				}
+
+				current := a.Artist.Stats[role]
+				current.Size += artistStats.Size
+				current.SongCount += artistStats.SongCount
+				current.AlbumCount += artistStats.AlbumCount
+				a.Artist.Stats[role] = current
+			}
 		}
 	}
+
 	a.Artist.SimilarArtists = nil
 	if a.SimilarArtists == "" {
 		return nil
@@ -113,11 +131,12 @@ func NewArtistRepository(ctx context.Context, db dbx.Builder) model.ArtistReposi
 	r.indexGroups = utils.ParseIndexGroups(conf.Server.IndexGroups)
 	r.tableName = "artist" // To be used by the idFilter below
 	r.registerModel(&model.Artist{}, map[string]filterFunc{
-		"id":      idFilter(r.tableName),
-		"name":    fullTextFilter(r.tableName, "mbz_artist_id"),
-		"starred": booleanFilter,
-		"role":    roleFilter,
-		"missing": booleanFilter,
+		"id":         idFilter(r.tableName),
+		"name":       fullTextFilter(r.tableName, "mbz_artist_id"),
+		"starred":    booleanFilter,
+		"role":       roleFilter,
+		"missing":    booleanFilter,
+		"library_id": artistLibraryIdFilter,
 	})
 	r.setSortMappings(map[string]string{
 		"name":        "order_artist_name",
@@ -127,9 +146,9 @@ func NewArtistRepository(ctx context.Context, db dbx.Builder) model.ArtistReposi
 		"size":        "stats->>'total'->>'s'",
 
 		// Stats by credits that are currently available
-		"maincredit_song_count":  "stats->>'maincredit'->>'m'",
-		"maincredit_album_count": "stats->>'maincredit'->>'a'",
-		"maincredit_size":        "stats->>'maincredit'->>'a'",
+		"maincredit_song_count":  "sum(stats->>'maincredit'->>'m')",
+		"maincredit_album_count": "sum(stats->>'maincredit'->>'a')",
+		"maincredit_size":        "sum(stats->>'maincredit'->>'s')",
 	})
 	return r
 }
@@ -137,26 +156,58 @@ func NewArtistRepository(ctx context.Context, db dbx.Builder) model.ArtistReposi
 func roleFilter(_ string, role any) Sqlizer {
 	if role, ok := role.(string); ok {
 		if _, ok := model.AllRoles[role]; ok {
-			return NotEq{fmt.Sprintf("stats ->> '$.%v'", role): nil}
+			return Expr("EXISTS (SELECT 1 FROM library_artist WHERE library_artist.artist_id = artist.id AND JSON_EXTRACT(library_artist.stats, '$." + role + ".m') IS NOT NULL)")
 		}
 	}
 	return Eq{"1": 2}
 }
 
-func (r *artistRepository) selectArtist(options ...model.QueryOptions) SelectBuilder {
-	query := r.newSelect(options...).Columns("artist.*")
-	query = r.withAnnotation(query, "artist.id")
+// artistLibraryIdFilter filters artists based on library access through the library_artist table
+func artistLibraryIdFilter(_ string, value interface{}) Sqlizer {
+	return Eq{"library_artist.library_id": value}
+}
+
+// applyLibraryFilterToArtistQuery applies library filtering to artist queries through the library_artist junction table
+func (r *artistRepository) applyLibraryFilterToArtistQuery(query SelectBuilder) SelectBuilder {
+	user := loggedUser(r.ctx)
+	if user.ID == invalidUserId {
+		// No user context - return empty result set
+		return query.Where(Eq{"1": "0"})
+	}
+
+	// Apply library filtering by joining only with accessible libraries
+	query = query.LeftJoin("library_artist on library_artist.artist_id = artist.id").
+		Join("user_library on user_library.library_id = library_artist.library_id AND user_library.user_id = ?", user.ID)
+
 	return query
 }
 
+func (r *artistRepository) selectArtist(options ...model.QueryOptions) SelectBuilder {
+	// Stats Format: {"1": {"albumartist": {"songCount": 10, "albumCount": 5, "size": 1024}, "artist": {...}}, "2": {...}}
+	query := r.newSelect(options...).Columns("artist.*",
+		"JSON_GROUP_OBJECT(library_artist.library_id, JSONB(library_artist.stats)) as library_stats_json")
+
+	query = r.applyLibraryFilterToArtistQuery(query)
+	query = query.GroupBy("artist.id")
+	return r.withAnnotation(query, "artist.id")
+}
+
 func (r *artistRepository) CountAll(options ...model.QueryOptions) (int64, error) {
 	query := r.newSelect()
+	query = r.applyLibraryFilterToArtistQuery(query)
 	query = r.withAnnotation(query, "artist.id")
 	return r.count(query, options...)
 }
 
+// Exists checks if an artist with the given ID exists in the database and is accessible by the current user.
 func (r *artistRepository) Exists(id string) (bool, error) {
-	return r.exists(Eq{"artist.id": id})
+	// Create a query using the same library filtering logic as selectArtist()
+	query := r.newSelect().Columns("count(distinct artist.id) as exist").Where(Eq{"artist.id": id})
+	query = r.applyLibraryFilterToArtistQuery(query)
+
+	var res struct{ Exist int64 }
+	err := r.queryOne(query, &res)
+	return res.Exist > 0, err
 }
 
 func (r *artistRepository) Put(a *model.Artist, colsToUpdate ...string) error {
@@ -213,8 +264,15 @@ func (r *artistRepository) getIndexKey(a model.Artist) string {
 	return "#"
 }
 
-// TODO Cache the index (recalculate when there are changes to the DB)
-func (r *artistRepository) GetIndex(includeMissing bool, roles ...model.Role) (model.ArtistIndexes, error) {
+// GetIndex returns a list of artists grouped by the first letter of their name, or by the index group if configured.
+// It can filter by roles and libraries, and optionally include artists that are missing (i.e., have no albums).
+// TODO Cache the index (recalculate at scan time)
+func (r *artistRepository) GetIndex(includeMissing bool, libraryIds []int, roles ...model.Role) (model.ArtistIndexes, error) {
+	// Validate library IDs. If no library IDs are provided, return an empty index.
+	if len(libraryIds) == 0 {
+		return nil, nil
+	}
+
 	options := model.QueryOptions{Sort: "name"}
 	if len(roles) > 0 {
 		roleFilters := slice.Map(roles, func(r model.Role) Sqlizer {
@@ -229,10 +287,19 @@ func (r *artistRepository) GetIndex(includeMissing bool, roles ...model.Role) (m
 			options.Filters = And{options.Filters, Eq{"artist.missing": false}}
 		}
 	}
+
+	libFilter := artistLibraryIdFilter("library_id", libraryIds)
+	if options.Filters == nil {
+		options.Filters = libFilter
+	} else {
+		options.Filters = And{options.Filters, libFilter}
+	}
+
 	artists, err := r.GetAll(options)
 	if err != nil {
 		return nil, err
 	}
+
 	var result model.ArtistIndexes
 	for k, v := range slice.Group(artists, r.getIndexKey) {
 		result = append(result, model.ArtistIndex{ID: k, Artists: v})
@@ -299,6 +366,7 @@ on conflict (user_id, item_id, item_type) do update
 
 // RefreshStats updates the stats field for artists whose associated media files were updated after the oldest recorded library scan time.
 // When allArtists is true, it refreshes stats for all artists. It processes artists in batches to handle potentially large updates.
+// This method now calculates per-library statistics and stores them in the library_artist junction table.
 func (r *artistRepository) RefreshStats(allArtists bool) (int64, error) {
 	var allTouchedArtistIDs []string
 	if allArtists {
@@ -327,9 +395,11 @@ func (r *artistRepository) RefreshStats(allArtists bool) (int64, error) {
 	}
 
 	// Template for the batch update with placeholder markers that we'll replace
+	// This now calculates per-library statistics and stores them in library_artist.stats
 	batchUpdateStatsSQL := `
     WITH artist_role_counters AS (
         SELECT jt.atom AS artist_id,
+               mf.library_id,
                substr(
                        replace(jt.path, '$.', ''),
                        1,
@@ -344,10 +414,11 @@ func (r *artistRepository) RefreshStats(allArtists bool) (int64, error) {
         FROM media_file mf
         JOIN json_tree(mf.participants) jt ON jt.key = 'id' AND jt.atom IS NOT NULL
         WHERE jt.atom IN (ROLE_IDS_PLACEHOLDER) -- Will replace with actual placeholders
-        GROUP BY jt.atom, role
+        GROUP BY jt.atom, mf.library_id, role
     ),
     artist_total_counters AS (
         SELECT mfa.artist_id,
+               mf.library_id,
                'total' AS role,
                count(DISTINCT mf.album_id) AS album_count,
                count(DISTINCT mf.id) AS count,
@@ -355,40 +426,43 @@ func (r *artistRepository) RefreshStats(allArtists bool) (int64, error) {
         FROM media_file_artists mfa
         JOIN media_file mf ON mfa.media_file_id = mf.id
         WHERE mfa.artist_id IN (ROLE_IDS_PLACEHOLDER) -- Will replace with actual placeholders
-        GROUP BY mfa.artist_id
+        GROUP BY mfa.artist_id, mf.library_id
     ),
     artist_participant_counter AS (
         SELECT mfa.artist_id,
-            'maincredit' AS role,
-            count(DISTINCT mf.album_id) AS album_count,
-            count(DISTINCT mf.id) AS count,
-            sum(mf.size) AS size
+               mf.library_id,
+               'maincredit' AS role,
+               count(DISTINCT mf.album_id) AS album_count,
+               count(DISTINCT mf.id) AS count,
+               sum(mf.size) AS size
         FROM media_file_artists mfa
         JOIN media_file mf ON mfa.media_file_id = mf.id
         WHERE mfa.artist_id IN (ROLE_IDS_PLACEHOLDER) -- Will replace with actual placeholders
         AND mfa.role IN ('albumartist', 'artist')
-        GROUP BY mfa.artist_id
+        GROUP BY mfa.artist_id, mf.library_id
     ),
     combined_counters AS (
-        SELECT artist_id, role, album_count, count, size FROM artist_role_counters
+        SELECT artist_id, library_id, role, album_count, count, size FROM artist_role_counters
         UNION
-        SELECT artist_id, role, album_count, count, size FROM artist_total_counters
+        SELECT artist_id, library_id, role, album_count, count, size FROM artist_total_counters
         UNION
-        SELECT artist_id, role, album_count, count, size FROM artist_participant_counter
+        SELECT artist_id, library_id, role, album_count, count, size FROM artist_participant_counter
     ),
-    artist_counters AS (
-        SELECT artist_id AS id,
+    library_artist_counters AS (
+        SELECT artist_id,
+               library_id,
                json_group_object(
                        replace(role, '"', ''),
                        json_object('a', album_count, 'm', count, 's', size)
                ) AS counters
         FROM combined_counters
-        GROUP BY artist_id
+        GROUP BY artist_id, library_id
     )
-    UPDATE artist
-    SET stats = coalesce((SELECT counters FROM artist_counters ac WHERE ac.id = artist.id), '{}'),
-       updated_at = datetime(current_timestamp, 'localtime')
-    WHERE artist.id IN (ROLE_IDS_PLACEHOLDER) AND artist.id <> '';` // Will replace with actual placeholders
+    UPDATE library_artist
+    SET stats = coalesce((SELECT counters FROM library_artist_counters lac 
+                         WHERE lac.artist_id = library_artist.artist_id 
+                         AND lac.library_id = library_artist.library_id), '{}')
+    WHERE library_artist.artist_id IN (ROLE_IDS_PLACEHOLDER);` // Will replace with actual placeholders
 
 	var totalRowsAffected int64 = 0
 	const batchSize = 1000
@@ -433,15 +507,16 @@ func (r *artistRepository) RefreshStats(allArtists bool) (int64, error) {
 	return totalRowsAffected, nil
 }
 
-func (r *artistRepository) Search(q string, offset int, size int, includeMissing bool) (model.Artists, error) {
+func (r *artistRepository) Search(q string, offset int, size int, includeMissing bool, options ...model.QueryOptions) (model.Artists, error) {
 	var res dbArtists
 	if uuid.Validate(q) == nil {
-		err := r.searchByMBID(r.selectArtist(), q, []string{"mbz_artist_id"}, includeMissing, &res)
+		err := r.searchByMBID(r.selectArtist(options...), q, []string{"mbz_artist_id"}, includeMissing, &res)
 		if err != nil {
 			return nil, fmt.Errorf("searching artist by MBID %q: %w", q, err)
 		}
 	} else {
-		err := r.doSearch(r.selectArtist(), q, offset, size, includeMissing, &res, "json_extract(stats, '$.total.m') desc", "name")
+		err := r.doSearch(r.selectArtist(options...), q, offset, size, includeMissing, &res,
+			"sum(json_extract(stats, '$.total.m')) desc", "name")
 		if err != nil {
 			return nil, fmt.Errorf("searching artist by query %q: %w", q, err)
 		}
@@ -464,9 +539,9 @@ func (r *artistRepository) ReadAll(options ...rest.QueryOptions) (interface{}, e
 			role = v
 		}
 	}
-	r.sortMappings["song_count"] = "stats->>'" + role + "'->>'m'"
-	r.sortMappings["album_count"] = "stats->>'" + role + "'->>'a'"
-	r.sortMappings["size"] = "stats->>'" + role + "'->>'s'"
+	r.sortMappings["song_count"] = "sum(stats->>'" + role + "'->>'m')"
+	r.sortMappings["album_count"] = "sum(stats->>'" + role + "'->>'a')"
+	r.sortMappings["size"] = "sum(stats->>'" + role + "'->>'s')"
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }
 

persistence/folder_repository.go

@@ -61,8 +61,9 @@ func newFolderRepository(ctx context.Context, db dbx.Builder) model.FolderReposi
 }
 
 func (r folderRepository) selectFolder(options ...model.QueryOptions) SelectBuilder {
-	return r.newSelect(options...).Columns("folder.*", "library.path as library_path").
+	sql := r.newSelect(options...).Columns("folder.*", "library.path as library_path").
 		Join("library on library.id = folder.library_id")
+	return r.applyLibraryFilter(sql)
 }
 
 func (r folderRepository) Get(id string) (*model.Folder, error) {
@@ -85,8 +86,9 @@ func (r folderRepository) GetAll(opt ...model.QueryOptions) ([]model.Folder, err
 }
 
 func (r folderRepository) CountAll(opt ...model.QueryOptions) (int64, error) {
-	sq := r.newSelect(opt...).Columns("count(*)")
-	return r.count(sq)
+	query := r.newSelect(opt...).Columns("count(*)")
+	query = r.applyLibraryFilter(query)
+	return r.count(query)
 }
 
 func (r folderRepository) GetLastUpdates(lib model.Library) (map[string]model.FolderUpdateInfo, error) {

persistence/genre_repository.go

@@ -10,31 +10,18 @@ import (
 )
 
 type genreRepository struct {
-	sqlRepository
+	*baseTagRepository
 }
 
 func NewGenreRepository(ctx context.Context, db dbx.Builder) model.GenreRepository {
-	r := &genreRepository{}
-	r.ctx = ctx
-	r.db = db
-	r.registerModel(&model.Tag{}, map[string]filterFunc{
-		"name": containsFilter("tag_value"),
-	})
-	r.setSortMappings(map[string]string{
-		"name": "tag_name",
-	})
-	return r
+	genreFilter := model.TagGenre
+	return &genreRepository{
+		baseTagRepository: newBaseTagRepository(ctx, db, &genreFilter),
+	}
 }
 
 func (r *genreRepository) selectGenre(opt ...model.QueryOptions) SelectBuilder {
-	return r.newSelect(opt...).
-		Columns(
-			"id",
-			"tag_value as name",
-			"album_count",
-			"media_file_count as song_count",
-		).
-		Where(Eq{"tag.tag_name": model.TagGenre})
+	return r.newSelect(opt...)
 }
 
 func (r *genreRepository) GetAll(opt ...model.QueryOptions) (model.Genres, error) {
@@ -44,12 +31,10 @@ func (r *genreRepository) GetAll(opt ...model.QueryOptions) (model.Genres, error
 	return res, err
 }
 
-func (r *genreRepository) Count(options ...rest.QueryOptions) (int64, error) {
-	return r.count(r.selectGenre(), r.parseRestOptions(r.ctx, options...))
-}
+// Override ResourceRepository methods to return Genre objects instead of Tag objects
 
 func (r *genreRepository) Read(id string) (interface{}, error) {
-	sel := r.selectGenre().Columns("*").Where(Eq{"id": id})
+	sel := r.selectGenre().Where(Eq{"tag.id": id})
 	var res model.Genre
 	err := r.queryOne(sel, &res)
 	return &res, err
@@ -59,10 +44,6 @@ func (r *genreRepository) ReadAll(options ...rest.QueryOptions) (interface{}, er
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }
 
-func (r *genreRepository) EntityName() string {
-	return r.tableName
-}
-
 func (r *genreRepository) NewInstance() interface{} {
 	return &model.Genre{}
 }

persistence/genre_repository_test.go

@@ -0,0 +1,256 @@
+package persistence
+
+import (
+	"context"
+	"slices"
+	"strings"
+
+	"github.com/Masterminds/squirrel"
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/conf/configtest"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/id"
+	"github.com/navidrome/navidrome/model/request"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("GenreRepository", func() {
+	var repo model.GenreRepository
+	var restRepo model.ResourceRepository
+	var tagRepo model.TagRepository
+	var ctx context.Context
+
+	BeforeEach(func() {
+		DeferCleanup(configtest.SetupConfig())
+		ctx = request.WithUser(log.NewContext(context.TODO()), model.User{ID: "userid", UserName: "johndoe", IsAdmin: true})
+		genreRepo := NewGenreRepository(ctx, GetDBXBuilder())
+		repo = genreRepo
+		restRepo = genreRepo.(model.ResourceRepository)
+		tagRepo = NewTagRepository(ctx, GetDBXBuilder())
+
+		// Clear any existing tags to ensure test isolation
+		db := GetDBXBuilder()
+		_, err := db.NewQuery("DELETE FROM tag").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Ensure library 1 exists and user has access to it
+		_, err = db.NewQuery("INSERT OR IGNORE INTO library (id, name, path, default_new_users) VALUES (1, 'Test Library', '/test', true)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("INSERT OR IGNORE INTO user_library (user_id, library_id) VALUES ('userid', 1)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Add comprehensive test data that covers all test scenarios
+		newTag := func(name, value string) model.Tag {
+			return model.Tag{ID: id.NewTagID(name, value), TagName: model.TagName(name), TagValue: value}
+		}
+
+		err = tagRepo.Add(1,
+			newTag("genre", "rock"),
+			newTag("genre", "pop"),
+			newTag("genre", "jazz"),
+			newTag("genre", "electronic"),
+			newTag("genre", "classical"),
+			newTag("genre", "ambient"),
+			newTag("genre", "techno"),
+			newTag("genre", "house"),
+			newTag("genre", "trance"),
+			newTag("genre", "Alternative Rock"),
+			newTag("genre", "Blues"),
+			newTag("genre", "Country"),
+			// These should not be counted as genres
+			newTag("mood", "happy"),
+			newTag("mood", "ambient"),
+		)
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	Describe("GetAll", func() {
+		It("should return all genres", func() {
+			genres, err := repo.GetAll()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(genres).To(HaveLen(12))
+
+			// Verify that all returned items are genres (TagName = "genre")
+			genreNames := make([]string, len(genres))
+			for i, genre := range genres {
+				genreNames[i] = genre.Name
+			}
+			Expect(genreNames).To(ContainElement("rock"))
+			Expect(genreNames).To(ContainElement("pop"))
+			Expect(genreNames).To(ContainElement("jazz"))
+			// Should not contain mood tags
+			Expect(genreNames).ToNot(ContainElement("happy"))
+		})
+
+		It("should support query options", func() {
+			// Test with limiting results
+			genres, err := repo.GetAll(model.QueryOptions{Max: 1})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(genres).To(HaveLen(1))
+		})
+
+		It("should handle empty results gracefully", func() {
+			// Clear all genre tags
+			_, err := GetDBXBuilder().NewQuery("DELETE FROM tag WHERE tag_name = 'genre'").Execute()
+			Expect(err).ToNot(HaveOccurred())
+
+			genres, err := repo.GetAll()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(genres).To(BeEmpty())
+		})
+		Describe("filtering and sorting", func() {
+			It("should filter by name using like match", func() {
+				// Test filtering by partial name match using the "name" filter which maps to containsFilter("tag_value")
+				options := model.QueryOptions{
+					Filters: squirrel.Like{"tag_value": "%rock%"}, // Direct field access
+				}
+				genres, err := repo.GetAll(options)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(genres).To(HaveLen(2)) // Should match "rock" and "Alternative Rock"
+
+				// Verify all returned genres contain "rock" in their name
+				for _, genre := range genres {
+					Expect(strings.ToLower(genre.Name)).To(ContainSubstring("rock"))
+				}
+			})
+
+			It("should sort by name in ascending order", func() {
+				// Test sorting by name with the fixed mapping
+				options := model.QueryOptions{
+					Filters: squirrel.Like{"tag_value": "%e%"}, // Should match genres containing "e"
+					Sort:    "name",
+				}
+				genres, err := repo.GetAll(options)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(genres).To(HaveLen(7))
+
+				Expect(slices.IsSortedFunc(genres, func(a, b model.Genre) int {
+					return strings.Compare(b.Name, a.Name) // Inverted to check descending order
+				}))
+			})
+
+			It("should sort by name in descending order", func() {
+				// Test sorting by name in descending order
+				options := model.QueryOptions{
+					Filters: squirrel.Like{"tag_value": "%e%"}, // Should match genres containing "e"
+					Sort:    "name",
+					Order:   "desc",
+				}
+				genres, err := repo.GetAll(options)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(genres).To(HaveLen(7))
+
+				Expect(slices.IsSortedFunc(genres, func(a, b model.Genre) int {
+					return strings.Compare(a.Name, b.Name)
+				}))
+			})
+		})
+	})
+
+	Describe("Count", func() {
+		It("should return correct count of genres", func() {
+			count, err := restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(int64(12))) // We have 12 genre tags
+		})
+
+		It("should handle zero count", func() {
+			// Clear all genre tags
+			_, err := GetDBXBuilder().NewQuery("DELETE FROM tag WHERE tag_name = 'genre'").Execute()
+			Expect(err).ToNot(HaveOccurred())
+
+			count, err := restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(BeZero())
+		})
+
+		It("should only count genre tags", func() {
+			// Add a non-genre tag
+			nonGenreTag := model.Tag{
+				ID:       id.NewTagID("mood", "energetic"),
+				TagName:  "mood",
+				TagValue: "energetic",
+			}
+			err := tagRepo.Add(1, nonGenreTag)
+			Expect(err).ToNot(HaveOccurred())
+
+			count, err := restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			// Count should not include the mood tag
+			Expect(count).To(Equal(int64(12))) // Should still be 12 genre tags
+		})
+
+		It("should filter by name using like match", func() {
+			// Test filtering by partial name match using the "name" filter which maps to containsFilter("tag_value")
+			options := rest.QueryOptions{
+				Filters: map[string]interface{}{"name": "%rock%"},
+			}
+			count, err := restRepo.Count(options)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(BeNumerically("==", 2))
+		})
+	})
+
+	Describe("Read", func() {
+		It("should return existing genre", func() {
+			// Use one of the existing genres from our consolidated dataset
+			genreID := id.NewTagID("genre", "rock")
+			result, err := restRepo.Read(genreID)
+			Expect(err).ToNot(HaveOccurred())
+			genre := result.(*model.Genre)
+			Expect(genre.ID).To(Equal(genreID))
+			Expect(genre.Name).To(Equal("rock"))
+		})
+
+		It("should return error for non-existent genre", func() {
+			_, err := restRepo.Read("non-existent-id")
+			Expect(err).To(HaveOccurred())
+		})
+
+		It("should not return non-genre tags", func() {
+			moodID := id.NewTagID("mood", "happy") // This exists as a mood tag, not genre
+			_, err := restRepo.Read(moodID)
+			Expect(err).To(HaveOccurred()) // Should not find it as a genre
+		})
+	})
+
+	Describe("ReadAll", func() {
+		It("should return all genres through ReadAll", func() {
+			result, err := restRepo.ReadAll()
+			Expect(err).ToNot(HaveOccurred())
+			genres := result.(model.Genres)
+			Expect(genres).To(HaveLen(12)) // We have 12 genre tags
+
+			genreNames := make([]string, len(genres))
+			for i, genre := range genres {
+				genreNames[i] = genre.Name
+			}
+			// Check for some of our consolidated dataset genres
+			Expect(genreNames).To(ContainElement("rock"))
+			Expect(genreNames).To(ContainElement("pop"))
+			Expect(genreNames).To(ContainElement("jazz"))
+		})
+
+		It("should support rest query options", func() {
+			result, err := restRepo.ReadAll()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(result).ToNot(BeNil())
+		})
+	})
+
+	Describe("EntityName", func() {
+		It("should return correct entity name", func() {
+			name := restRepo.EntityName()
+			Expect(name).To(Equal("tag")) // Genre repository uses tag table
+		})
+	})
+
+	Describe("NewInstance", func() {
+		It("should return new genre instance", func() {
+			instance := restRepo.NewInstance()
+			Expect(instance).To(BeAssignableToTypeOf(&model.Genre{}))
+		})
+	})
+})

persistence/library_repository.go

@@ -2,10 +2,13 @@ package persistence
 
 import (
 	"context"
+	"fmt"
+	"strconv"
 	"sync"
 	"time"
 
 	. "github.com/Masterminds/squirrel"
+	"github.com/deluan/rest"
 	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
@@ -68,41 +71,78 @@ func (r *libraryRepository) GetPath(id int) (string, error) {
 }
 
 func (r *libraryRepository) Put(l *model.Library) error {
-	cols := map[string]any{
-		"name":        l.Name,
-		"path":        l.Path,
-		"remote_path": l.RemotePath,
-		"updated_at":  time.Now(),
-	}
-	if l.ID != 0 {
-		cols["id"] = l.ID
+	if l.ID == model.DefaultLibraryID {
+		currentLib, err := r.Get(1)
+		// if we are creating it, it's ok.
+		if err == nil { // it exists, so we are updating it
+			if currentLib.Path != l.Path {
+				return fmt.Errorf("%w: path for library with ID 1 cannot be changed", model.ErrValidation)
+			}
+		}
 	}
 
-	sq := Insert(r.tableName).SetMap(cols).
-		Suffix(`on conflict(id) do update set name = excluded.name, path = excluded.path, 
-					remote_path = excluded.remote_path, updated_at = excluded.updated_at`)
-	_, err := r.executeSQL(sq)
+	var err error
+	l.UpdatedAt = time.Now()
+	if l.ID == 0 {
+		// Insert with autoassigned ID
+		l.CreatedAt = time.Now()
+		err = r.db.Model(l).Insert()
+	} else {
+		// Try to update first
+		cols := map[string]any{
+			"name":              l.Name,
+			"path":              l.Path,
+			"remote_path":       l.RemotePath,
+			"default_new_users": l.DefaultNewUsers,
+			"updated_at":        l.UpdatedAt,
+		}
+		sq := Update(r.tableName).SetMap(cols).Where(Eq{"id": l.ID})
+		rowsAffected, updateErr := r.executeSQL(sq)
+		if updateErr != nil {
+			return updateErr
+		}
+
+		// If no rows were affected, the record doesn't exist, so insert it
+		if rowsAffected == 0 {
+			l.CreatedAt = time.Now()
+			l.UpdatedAt = time.Now()
+			err = r.db.Model(l).Insert()
+		}
+	}
 	if err != nil {
-		libLock.Lock()
-		defer libLock.Unlock()
-		libCache[l.ID] = l.Path
+		return err
 	}
-	return err
-}
 
-const hardCodedMusicFolderID = 1
+	// Auto-assign all libraries to all admin users
+	sql := Expr(`
+INSERT INTO user_library (user_id, library_id)
+SELECT u.id, l.id
+FROM user u
+CROSS JOIN library l
+WHERE u.is_admin = true
+ON CONFLICT (user_id, library_id) DO NOTHING;`,
+	)
+	if _, err = r.executeSQL(sql); err != nil {
+		return fmt.Errorf("failed to assign library to admin users: %w", err)
+	}
+
+	libLock.Lock()
+	defer libLock.Unlock()
+	libCache[l.ID] = l.Path
+	return nil
+}
 
 // TODO Remove this method when we have a proper UI to add libraries
 // This is a temporary method to store the music folder path from the config in the DB
 func (r *libraryRepository) StoreMusicFolder() error {
 	sq := Update(r.tableName).Set("path", conf.Server.MusicFolder).
 		Set("updated_at", time.Now()).
-		Where(Eq{"id": hardCodedMusicFolderID})
+		Where(Eq{"id": model.DefaultLibraryID})
 	_, err := r.executeSQL(sq)
 	if err != nil {
 		libLock.Lock()
 		defer libLock.Unlock()
-		libCache[hardCodedMusicFolderID] = conf.Server.MusicFolder
+		libCache[model.DefaultLibraryID] = conf.Server.MusicFolder
 	}
 	return err
 }
@@ -150,6 +190,7 @@ func (r *libraryRepository) ScanInProgress() (bool, error) {
 func (r *libraryRepository) RefreshStats(id int) error {
 	var songsRes, albumsRes, artistsRes, foldersRes, filesRes, missingRes struct{ Count int64 }
 	var sizeRes struct{ Sum int64 }
+	var durationRes struct{ Sum float64 }
 
 	err := run.Parallel(
 		func() error {
@@ -180,6 +221,9 @@ func (r *libraryRepository) RefreshStats(id int) error {
 		func() error {
 			return r.queryOne(Select("ifnull(sum(size),0) as sum").From("album").Where(Eq{"library_id": id, "missing": false}), &sizeRes)
 		},
+		func() error {
+			return r.queryOne(Select("ifnull(sum(duration),0) as sum").From("album").Where(Eq{"library_id": id, "missing": false}), &durationRes)
+		},
 	)()
 	if err != nil {
 		return err
@@ -193,12 +237,34 @@ func (r *libraryRepository) RefreshStats(id int) error {
 		Set("total_files", filesRes.Count).
 		Set("total_missing_files", missingRes.Count).
 		Set("total_size", sizeRes.Sum).
+		Set("total_duration", durationRes.Sum).
 		Set("updated_at", time.Now()).
 		Where(Eq{"id": id})
 	_, err = r.executeSQL(sq)
 	return err
 }
 
+func (r *libraryRepository) Delete(id int) error {
+	if !loggedUser(r.ctx).IsAdmin {
+		return model.ErrNotAuthorized
+	}
+	if id == 1 {
+		return fmt.Errorf("%w: library with ID 1 cannot be deleted", model.ErrValidation)
+	}
+
+	err := r.delete(Eq{"id": id})
+	if err != nil {
+		return err
+	}
+
+	// Clear cache entry for this library only if DB operation was successful
+	libLock.Lock()
+	defer libLock.Unlock()
+	delete(libCache, id)
+
+	return nil
+}
+
 func (r *libraryRepository) GetAll(ops ...model.QueryOptions) (model.Libraries, error) {
 	sq := r.newSelect(ops...).Columns("*")
 	res := model.Libraries{}
@@ -206,4 +272,72 @@ func (r *libraryRepository) GetAll(ops ...model.QueryOptions) (model.Libraries,
 	return res, err
 }
 
+func (r *libraryRepository) CountAll(ops ...model.QueryOptions) (int64, error) {
+	sq := r.newSelect(ops...)
+	return r.count(sq)
+}
+
+// User-library association methods
+
+func (r *libraryRepository) GetUsersWithLibraryAccess(libraryID int) (model.Users, error) {
+	sel := Select("u.*").
+		From("user u").
+		Join("user_library ul ON u.id = ul.user_id").
+		Where(Eq{"ul.library_id": libraryID}).
+		OrderBy("u.name")
+
+	var res model.Users
+	err := r.queryAll(sel, &res)
+	return res, err
+}
+
+// REST interface methods
+
+func (r *libraryRepository) Count(options ...rest.QueryOptions) (int64, error) {
+	return r.CountAll(r.parseRestOptions(r.ctx, options...))
+}
+
+func (r *libraryRepository) Read(id string) (interface{}, error) {
+	idInt, err := strconv.Atoi(id)
+	if err != nil {
+		log.Trace(r.ctx, "invalid library id: %s", id, err)
+		return nil, rest.ErrNotFound
+	}
+	return r.Get(idInt)
+}
+
+func (r *libraryRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+	return r.GetAll(r.parseRestOptions(r.ctx, options...))
+}
+
+func (r *libraryRepository) EntityName() string {
+	return "library"
+}
+
+func (r *libraryRepository) NewInstance() interface{} {
+	return &model.Library{}
+}
+
+func (r *libraryRepository) Save(entity interface{}) (string, error) {
+	lib := entity.(*model.Library)
+	lib.ID = 0 // Reset ID to ensure we create a new library
+	err := r.Put(lib)
+	if err != nil {
+		return "", err
+	}
+	return strconv.Itoa(lib.ID), nil
+}
+
+func (r *libraryRepository) Update(id string, entity interface{}, cols ...string) error {
+	lib := entity.(*model.Library)
+	idInt, err := strconv.Atoi(id)
+	if err != nil {
+		return fmt.Errorf("invalid library ID: %s", id)
+	}
+
+	lib.ID = idInt
+	return r.Put(lib)
+}
+
 var _ model.LibraryRepository = (*libraryRepository)(nil)
+var _ rest.Repository = (*libraryRepository)(nil)

persistence/library_repository_test.go

@@ -22,6 +22,96 @@ var _ = Describe("LibraryRepository", func() {
 		repo = NewLibraryRepository(ctx, conn)
 	})
 
+	AfterEach(func() {
+		// Clean up test libraries (keep ID 1 which is the default library)
+		_, _ = conn.NewQuery("DELETE FROM library WHERE id > 1").Execute()
+	})
+
+	Describe("Put", func() {
+		Context("when ID is 0", func() {
+			It("inserts a new library with autoassigned ID", func() {
+				lib := &model.Library{
+					ID:   0,
+					Name: "Test Library",
+					Path: "/music/test",
+				}
+
+				err := repo.Put(lib)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(lib.ID).To(BeNumerically(">", 0))
+				Expect(lib.CreatedAt).ToNot(BeZero())
+				Expect(lib.UpdatedAt).ToNot(BeZero())
+
+				// Verify it was inserted
+				savedLib, err := repo.Get(lib.ID)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(savedLib.Name).To(Equal("Test Library"))
+				Expect(savedLib.Path).To(Equal("/music/test"))
+			})
+		})
+
+		Context("when ID is non-zero and record exists", func() {
+			It("updates the existing record", func() {
+				// First create a library
+				lib := &model.Library{
+					ID:   0,
+					Name: "Original Library",
+					Path: "/music/original",
+				}
+				err := repo.Put(lib)
+				Expect(err).ToNot(HaveOccurred())
+
+				originalID := lib.ID
+				originalCreatedAt := lib.CreatedAt
+
+				// Now update it
+				lib.Name = "Updated Library"
+				lib.Path = "/music/updated"
+				err = repo.Put(lib)
+				Expect(err).ToNot(HaveOccurred())
+
+				// Verify it was updated, not inserted
+				Expect(lib.ID).To(Equal(originalID))
+				Expect(lib.CreatedAt).To(Equal(originalCreatedAt))
+				Expect(lib.UpdatedAt).To(BeTemporally(">", originalCreatedAt))
+
+				// Verify the changes were saved
+				savedLib, err := repo.Get(lib.ID)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(savedLib.Name).To(Equal("Updated Library"))
+				Expect(savedLib.Path).To(Equal("/music/updated"))
+			})
+		})
+
+		Context("when ID is non-zero but record doesn't exist", func() {
+			It("inserts a new record with the specified ID", func() {
+				lib := &model.Library{
+					ID:   999,
+					Name: "New Library with ID",
+					Path: "/music/new",
+				}
+
+				// Ensure the record doesn't exist
+				_, err := repo.Get(999)
+				Expect(err).To(HaveOccurred())
+
+				// Put should insert it
+				err = repo.Put(lib)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(lib.ID).To(Equal(999))
+				Expect(lib.CreatedAt).ToNot(BeZero())
+				Expect(lib.UpdatedAt).ToNot(BeZero())
+
+				// Verify it was inserted with the correct ID
+				savedLib, err := repo.Get(999)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(savedLib.ID).To(Equal(999))
+				Expect(savedLib.Name).To(Equal("New Library with ID"))
+				Expect(savedLib.Path).To(Equal("/music/new"))
+			})
+		})
+	})
+
 	It("refreshes stats", func() {
 		libBefore, err := repo.Get(1)
 		Expect(err).ToNot(HaveOccurred())
@@ -32,6 +122,7 @@ var _ = Describe("LibraryRepository", func() {
 
 		var songsRes, albumsRes, artistsRes, foldersRes, filesRes, missingRes struct{ Count int64 }
 		var sizeRes struct{ Sum int64 }
+		var durationRes struct{ Sum float64 }
 
 		Expect(conn.NewQuery("select count(*) as count from media_file where library_id = {:id} and missing = 0").Bind(dbx.Params{"id": 1}).One(&songsRes)).To(Succeed())
 		Expect(conn.NewQuery("select count(*) as count from album where library_id = {:id} and missing = 0").Bind(dbx.Params{"id": 1}).One(&albumsRes)).To(Succeed())
@@ -40,6 +131,7 @@ var _ = Describe("LibraryRepository", func() {
 		Expect(conn.NewQuery("select ifnull(sum(num_audio_files + num_playlists + json_array_length(image_files)),0) as count from folder where library_id = {:id} and missing = 0").Bind(dbx.Params{"id": 1}).One(&filesRes)).To(Succeed())
 		Expect(conn.NewQuery("select count(*) as count from media_file where library_id = {:id} and missing = 1").Bind(dbx.Params{"id": 1}).One(&missingRes)).To(Succeed())
 		Expect(conn.NewQuery("select ifnull(sum(size),0) as sum from album where library_id = {:id} and missing = 0").Bind(dbx.Params{"id": 1}).One(&sizeRes)).To(Succeed())
+		Expect(conn.NewQuery("select ifnull(sum(duration),0) as sum from album where library_id = {:id} and missing = 0").Bind(dbx.Params{"id": 1}).One(&durationRes)).To(Succeed())
 
 		Expect(libAfter.TotalSongs).To(Equal(int(songsRes.Count)))
 		Expect(libAfter.TotalAlbums).To(Equal(int(albumsRes.Count)))
@@ -48,5 +140,6 @@ var _ = Describe("LibraryRepository", func() {
 		Expect(libAfter.TotalFiles).To(Equal(int(filesRes.Count)))
 		Expect(libAfter.TotalMissingFiles).To(Equal(int(missingRes.Count)))
 		Expect(libAfter.TotalSize).To(Equal(sizeRes.Sum))
+		Expect(libAfter.TotalDuration).To(Equal(durationRes.Sum))
 	})
 })

persistence/mediafile_repository.go

@@ -96,6 +96,7 @@ var mediaFileFilter = sync.OnceValue(func() map[string]filterFunc {
 		"genre_id":   tagIDFilter,
 		"missing":    booleanFilter,
 		"artists_id": artistFilter,
+		"library_id": libraryIdFilter,
 	}
 	// Add all album tags as filters
 	for tag := range model.TagMappings() {
@@ -116,6 +117,7 @@ func mediaFileRecentlyAddedSort() string {
 func (r *mediaFileRepository) CountAll(options ...model.QueryOptions) (int64, error) {
 	query := r.newSelect()
 	query = r.withAnnotation(query, "media_file.id")
+	query = r.applyLibraryFilter(query)
 	return r.count(query, options...)
 }
 
@@ -134,10 +136,11 @@ func (r *mediaFileRepository) Put(m *model.MediaFile) error {
 }
 
 func (r *mediaFileRepository) selectMediaFile(options ...model.QueryOptions) SelectBuilder {
-	sql := r.newSelect(options...).Columns("media_file.*", "library.path as library_path").
+	sql := r.newSelect(options...).Columns("media_file.*", "library.path as library_path", "library.name as library_name").
 		LeftJoin("library on media_file.library_id = library.id")
 	sql = r.withAnnotation(sql, "media_file.id")
-	return r.withBookmark(sql, "media_file.id")
+	sql = r.withBookmark(sql, "media_file.id")
+	return r.applyLibraryFilter(sql)
 }
 
 func (r *mediaFileRepository) Get(id string) (*model.MediaFile, error) {
@@ -273,7 +276,7 @@ func (r *mediaFileRepository) GetMissingAndMatching(libId int) (model.MediaFileC
 	if err != nil {
 		return nil, err
 	}
-	sel := r.newSelect().Columns("media_file.*", "library.path as library_path").
+	sel := r.newSelect().Columns("media_file.*", "library.path as library_path", "library.name as library_name").
 		LeftJoin("library on media_file.library_id = library.id").
 		Where("pid in ("+subQText+")", subQArgs...).
 		Where(Or{
@@ -294,15 +297,57 @@ func (r *mediaFileRepository) GetMissingAndMatching(libId int) (model.MediaFileC
 	}, nil
 }
 
-func (r *mediaFileRepository) Search(q string, offset int, size int, includeMissing bool) (model.MediaFiles, error) {
+// FindRecentFilesByMBZTrackID finds recently added files by MusicBrainz Track ID in other libraries
+func (r *mediaFileRepository) FindRecentFilesByMBZTrackID(missing model.MediaFile, since time.Time) (model.MediaFiles, error) {
+	sel := r.selectMediaFile().Where(And{
+		NotEq{"media_file.library_id": missing.LibraryID},
+		Eq{"media_file.mbz_release_track_id": missing.MbzReleaseTrackID},
+		NotEq{"media_file.mbz_release_track_id": ""}, // Exclude empty MBZ Track IDs
+		Eq{"media_file.suffix": missing.Suffix},
+		Gt{"media_file.created_at": since},
+		Eq{"media_file.missing": false},
+	}).OrderBy("media_file.created_at DESC")
+
+	var res dbMediaFiles
+	err := r.queryAll(sel, &res)
+	if err != nil {
+		return nil, err
+	}
+	return res.toModels(), nil
+}
+
+// FindRecentFilesByProperties finds recently added files by intrinsic properties in other libraries
+func (r *mediaFileRepository) FindRecentFilesByProperties(missing model.MediaFile, since time.Time) (model.MediaFiles, error) {
+	sel := r.selectMediaFile().Where(And{
+		NotEq{"media_file.library_id": missing.LibraryID},
+		Eq{"media_file.title": missing.Title},
+		Eq{"media_file.size": missing.Size},
+		Eq{"media_file.suffix": missing.Suffix},
+		Eq{"media_file.disc_number": missing.DiscNumber},
+		Eq{"media_file.track_number": missing.TrackNumber},
+		Eq{"media_file.album": missing.Album},
+		Eq{"media_file.mbz_release_track_id": ""}, // Exclude files with MBZ Track ID
+		Gt{"media_file.created_at": since},
+		Eq{"media_file.missing": false},
+	}).OrderBy("media_file.created_at DESC")
+
+	var res dbMediaFiles
+	err := r.queryAll(sel, &res)
+	if err != nil {
+		return nil, err
+	}
+	return res.toModels(), nil
+}
+
+func (r *mediaFileRepository) Search(q string, offset int, size int, includeMissing bool, options ...model.QueryOptions) (model.MediaFiles, error) {
 	var res dbMediaFiles
 	if uuid.Validate(q) == nil {
-		err := r.searchByMBID(r.selectMediaFile(), q, []string{"mbz_recording_id", "mbz_release_track_id"}, includeMissing, &res)
+		err := r.searchByMBID(r.selectMediaFile(options...), q, []string{"mbz_recording_id", "mbz_release_track_id"}, includeMissing, &res)
 		if err != nil {
 			return nil, fmt.Errorf("searching media_file by MBID %q: %w", q, err)
 		}
 	} else {
-		err := r.doSearch(r.selectMediaFile(), q, offset, size, includeMissing, &res, "title")
+		err := r.doSearch(r.selectMediaFile(options...), q, offset, size, includeMissing, &res, "title")
 		if err != nil {
 			return nil, fmt.Errorf("searching media_file by query %q: %w", q, err)
 		}

persistence/persistence_suite_test.go

@@ -34,6 +34,7 @@ func mf(mf model.MediaFile) model.MediaFile {
 	mf.Tags = model.Tags{}
 	mf.LibraryID = 1
 	mf.LibraryPath = "music" // Default folder
+	mf.LibraryName = "Music Library"
 	mf.Participants = model.Participants{
 		model.RoleArtist: model.ParticipantList{
 			model.Participant{Artist: model.Artist{ID: mf.ArtistID, Name: mf.Artist}},
@@ -47,6 +48,8 @@ func mf(mf model.MediaFile) model.MediaFile {
 
 func al(al model.Album) model.Album {
 	al.LibraryID = 1
+	al.LibraryPath = "music"
+	al.LibraryName = "Music Library"
 	al.Discs = model.Discs{}
 	al.Tags = model.Tags{}
 	al.Participants = model.Participants{}
@@ -138,14 +141,13 @@ var _ = BeforeSuite(func() {
 		}
 	}
 
-	//gr := NewGenreRepository(ctx, conn)
-	//for i := range testGenres {
-	//	g := testGenres[i]
-	//	err := gr.Put(&g)
-	//	if err != nil {
-	//		panic(err)
-	//	}
-	//}
+	// Associate users with library 1 (default test library)
+	for i := range testUsers {
+		err := ur.SetUserLibraries(testUsers[i].ID, []int{1})
+		if err != nil {
+			panic(err)
+		}
+	}
 
 	alr := NewAlbumRepository(ctx, conn).(*albumRepository)
 	for i := range testAlbums {
@@ -165,6 +167,15 @@ var _ = BeforeSuite(func() {
 		}
 	}
 
+	// Associate artists with library 1 (default test library)
+	lr := NewLibraryRepository(ctx, conn)
+	for i := range testArtists {
+		err := lr.AddArtist(1, testArtists[i].ID)
+		if err != nil {
+			panic(err)
+		}
+	}
+
 	mr := NewMediaFileRepository(ctx, conn)
 	for i := range testSongs {
 		err := mr.Put(&testSongs[i])
@@ -190,9 +201,9 @@ var _ = BeforeSuite(func() {
 		Public:    true,
 		SongCount: 2,
 	}
-	plsBest.AddTracks([]string{"1001", "1003"})
+	plsBest.AddMediaFilesByID([]string{"1001", "1003"})
 	plsCool = model.Playlist{Name: "Cool", OwnerID: "userid", OwnerName: "userid"}
-	plsCool.AddTracks([]string{"1004"})
+	plsCool.AddMediaFilesByID([]string{"1004"})
 	testPlaylists = []*model.Playlist{&plsBest, &plsCool}
 
 	pr := NewPlaylistRepository(ctx, conn)

persistence/playlist_repository.go

@@ -161,7 +161,7 @@ func (r *playlistRepository) GetWithTracks(id string, refreshSmartPlaylist, incl
 		log.Error(r.ctx, "Error loading playlist tracks ", "playlist", pls.Name, "id", pls.ID, err)
 		return nil, err
 	}
-	pls.Tracks = tracks
+	pls.SetTracks(tracks)
 	return pls, nil
 }
 
@@ -263,7 +263,7 @@ func (r *playlistRepository) refreshSmartPlaylist(pls *model.Playlist) bool {
 		From("media_file").LeftJoin("annotation on (" +
 		"annotation.item_id = media_file.id" +
 		" AND annotation.item_type = 'media_file'" +
-		" AND annotation.user_id = '" + userId(r.ctx) + "')")
+		" AND annotation.user_id = '" + usr.ID + "')")
 	sq = r.addCriteria(sq, rules)
 	insSql := Insert("playlist_tracks").Columns("id", "playlist_id", "media_file_id").Select(sq)
 	_, err = r.executeSQL(insSql)
@@ -379,6 +379,8 @@ func (r *playlistRepository) refreshCounters(pls *model.Playlist) error {
 }
 
 func (r *playlistRepository) loadTracks(sel SelectBuilder, id string) (model.PlaylistTracks, error) {
+	sel = r.applyLibraryFilter(sel, "f")
+	userID := loggedUser(r.ctx).ID
 	tracksQuery := sel.
 		Columns(
 			"coalesce(starred, 0) as starred",
@@ -389,11 +391,12 @@ func (r *playlistRepository) loadTracks(sel SelectBuilder, id string) (model.Pla
 			"f.*",
 			"playlist_tracks.*",
 			"library.path as library_path",
+			"library.name as library_name",
 		).
 		LeftJoin("annotation on (" +
 			"annotation.item_id = media_file_id" +
 			" AND annotation.item_type = 'media_file'" +
-			" AND annotation.user_id = '" + userId(r.ctx) + "')").
+			" AND annotation.user_id = '" + userID + "')").
 		Join("media_file f on f.id = media_file_id").
 		Join("library on f.library_id = library.id").
 		Where(Eq{"playlist_id": id})

persistence/playlist_repository_test.go

@@ -79,13 +79,13 @@ var _ = Describe("PlaylistRepository", func() {
 	It("Put/Exists/Delete", func() {
 		By("saves the playlist to the DB")
 		newPls := model.Playlist{Name: "Great!", OwnerID: "userid"}
-		newPls.AddTracks([]string{"1004", "1003"})
+		newPls.AddMediaFilesByID([]string{"1004", "1003"})
 
 		By("saves the playlist to the DB")
 		Expect(repo.Put(&newPls)).To(BeNil())
 
 		By("adds repeated songs to a playlist and keeps the order")
-		newPls.AddTracks([]string{"1004"})
+		newPls.AddMediaFilesByID([]string{"1004"})
 		Expect(repo.Put(&newPls)).To(BeNil())
 		saved, _ := repo.GetWithTracks(newPls.ID, true, false)
 		Expect(saved.Tracks).To(HaveLen(3))

persistence/playlist_track_repository.go

@@ -47,7 +47,8 @@ func (r *playlistRepository) Tracks(playlistId string, refreshSmartPlaylist bool
 	p.db = r.db
 	p.tableName = "playlist_tracks"
 	p.registerModel(&model.PlaylistTrack{}, map[string]filterFunc{
-		"missing": booleanFilter,
+		"missing":    booleanFilter,
+		"library_id": libraryIdFilter,
 	})
 	p.setSortMappings(
 		map[string]string{
@@ -84,11 +85,12 @@ func (r *playlistTrackRepository) Count(options ...rest.QueryOptions) (int64, er
 }
 
 func (r *playlistTrackRepository) Read(id string) (interface{}, error) {
+	userID := loggedUser(r.ctx).ID
 	sel := r.newSelect().
 		LeftJoin("annotation on ("+
 			"annotation.item_id = media_file_id"+
 			" AND annotation.item_type = 'media_file'"+
-			" AND annotation.user_id = '"+userId(r.ctx)+"')").
+			" AND annotation.user_id = '"+userID+"')").
 		Columns(
 			"coalesce(starred, 0) as starred",
 			"coalesce(play_count, 0) as play_count",

persistence/scrobble_buffer_repository.go

@@ -8,6 +8,7 @@ import (
 	. "github.com/Masterminds/squirrel"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/model/id"
+	"github.com/navidrome/navidrome/model/request"
 	"github.com/pocketbase/dbx"
 )
 
@@ -82,7 +83,20 @@ func (r *scrobbleBufferRepository) Next(service string, userId string) (*model.S
 	if err != nil {
 		return nil, err
 	}
+
+	// Create context with user information for getParticipants call
+	// This is needed because the artist repository requires user context for multi-library support
+	userRepo := NewUserRepository(r.ctx, r.db)
+	user, err := userRepo.Get(res.ScrobbleEntry.UserID)
+	if err != nil {
+		return nil, err
+	}
+	// Temporarily use user context for getParticipants
+	originalCtx := r.ctx
+	r.ctx = request.WithUser(r.ctx, *user)
 	res.ScrobbleEntry.Participants, err = r.getParticipants(&res.ScrobbleEntry.MediaFile)
+	r.ctx = originalCtx // Restore original context
+
 	if err != nil {
 		return nil, err
 	}

persistence/sql_annotations.go

@@ -15,15 +15,14 @@ import (
 const annotationTable = "annotation"
 
 func (r sqlRepository) withAnnotation(query SelectBuilder, idField string) SelectBuilder {
-	if userId(r.ctx) == invalidUserId {
+	userID := loggedUser(r.ctx).ID
+	if userID == invalidUserId {
 		return query
 	}
 	query = query.
 		LeftJoin("annotation on ("+
 			"annotation.item_id = "+idField+
-			// item_ids are unique across different item_types, so the clause below is not needed
-			//" AND annotation.item_type = '"+r.tableName+"'"+
-			" AND annotation.user_id = '"+userId(r.ctx)+"')").
+			" AND annotation.user_id = '"+userID+"')").
 		Columns(
 			"coalesce(starred, 0) as starred",
 			"coalesce(rating, 0) as rating",
@@ -42,8 +41,9 @@ func (r sqlRepository) withAnnotation(query SelectBuilder, idField string) Selec
 }
 
 func (r sqlRepository) annId(itemID ...string) And {
+	userID := loggedUser(r.ctx).ID
 	return And{
-		Eq{annotationTable + ".user_id": userId(r.ctx)},
+		Eq{annotationTable + ".user_id": userID},
 		Eq{annotationTable + ".item_type": r.tableName},
 		Eq{annotationTable + ".item_id": itemID},
 	}
@@ -56,8 +56,9 @@ func (r sqlRepository) annUpsert(values map[string]interface{}, itemIDs ...strin
 	}
 	c, err := r.executeSQL(upd)
 	if c == 0 || errors.Is(err, sql.ErrNoRows) {
+		userID := loggedUser(r.ctx).ID
 		for _, itemID := range itemIDs {
-			values["user_id"] = userId(r.ctx)
+			values["user_id"] = userID
 			values["item_type"] = r.tableName
 			values["item_id"] = itemID
 			ins := Insert(annotationTable).SetMap(values)
@@ -86,8 +87,9 @@ func (r sqlRepository) IncPlayCount(itemID string, ts time.Time) error {
 	c, err := r.executeSQL(upd)
 
 	if c == 0 || errors.Is(err, sql.ErrNoRows) {
+		userID := loggedUser(r.ctx).ID
 		values := map[string]interface{}{}
-		values["user_id"] = userId(r.ctx)
+		values["user_id"] = userID
 		values["item_type"] = r.tableName
 		values["item_id"] = itemID
 		values["play_count"] = 1

persistence/sql_base_repository.go

@@ -49,27 +49,14 @@ type sqlRepository struct {
 
 const invalidUserId = "-1"
 
-func userId(ctx context.Context) string {
-	if user, ok := request.UserFrom(ctx); !ok {
-		return invalidUserId
-	} else {
-		return user.ID
-	}
-}
-
 func loggedUser(ctx context.Context) *model.User {
 	if user, ok := request.UserFrom(ctx); !ok {
-		return &model.User{}
+		return &model.User{ID: invalidUserId}
 	} else {
 		return &user
 	}
 }
 
-func isAdmin(ctx context.Context) bool {
-	user := loggedUser(ctx)
-	return user.IsAdmin
-}
-
 func (r *sqlRepository) registerModel(instance any, filters map[string]filterFunc) {
 	if r.tableName == "" {
 		r.tableName = strings.TrimPrefix(reflect.TypeOf(instance).String(), "*model.")
@@ -199,10 +186,52 @@ func (r sqlRepository) applyFilters(sq SelectBuilder, options ...model.QueryOpti
 	return sq
 }
 
+func (r *sqlRepository) withTableName(filter filterFunc) filterFunc {
+	return func(field string, value any) Sqlizer {
+		if r.tableName != "" {
+			field = r.tableName + "." + field
+		}
+		return filter(field, value)
+	}
+}
+
+// libraryIdFilter is a filter function to be added to resources that have a library_id column.
+func libraryIdFilter(_ string, value interface{}) Sqlizer {
+	return Eq{"library_id": value}
+}
+
+// applyLibraryFilter adds library filtering to queries for tables that have a library_id column
+// This ensures users only see content from libraries they have access to
+func (r sqlRepository) applyLibraryFilter(sq SelectBuilder, tableName ...string) SelectBuilder {
+	user := loggedUser(r.ctx)
+
+	// Admin users see all content
+	if user.IsAdmin {
+		return sq
+	}
+
+	// Get user's accessible library IDs
+	userID := loggedUser(r.ctx).ID
+	if userID == invalidUserId {
+		// No user context - return empty result set
+		return sq.Where(Eq{"1": "0"})
+	}
+
+	table := r.tableName
+	if len(tableName) > 0 {
+		table = tableName[0]
+	}
+
+	// Use subquery to filter by user's library access
+	// This approach doesn't require DataStore in context
+	return sq.Where(Expr(table+".library_id IN ("+
+		"SELECT ul.library_id FROM user_library ul WHERE ul.user_id = ?)", userID))
+}
+
 func (r sqlRepository) seedKey() string {
 	// Seed keys must be all lowercase, or else SQLite3 will encode it, making it not match the seed
 	// used in the query. Hashing the user ID and converting it to a hex string will do the trick
-	userIDHash := md5.Sum([]byte(userId(r.ctx)))
+	userIDHash := md5.Sum([]byte(loggedUser(r.ctx).ID))
 	return fmt.Sprintf("%s|%x", r.tableName, userIDHash)
 }
 

persistence/sql_bookmarks.go

@@ -15,21 +15,20 @@ import (
 const bookmarkTable = "bookmark"
 
 func (r sqlRepository) withBookmark(query SelectBuilder, idField string) SelectBuilder {
-	if userId(r.ctx) == invalidUserId {
+	userID := loggedUser(r.ctx).ID
+	if userID == invalidUserId {
 		return query
 	}
 	return query.
 		LeftJoin("bookmark on (" +
 			"bookmark.item_id = " + idField +
-			// item_ids are unique across different item_types, so the clause below is not needed
-			//" AND bookmark.item_type = '" + r.tableName + "'" +
-			" AND bookmark.user_id = '" + userId(r.ctx) + "')").
+			" AND bookmark.user_id = '" + userID + "')").
 		Columns("coalesce(position, 0) as bookmark_position")
 }
 
 func (r sqlRepository) bmkID(itemID ...string) And {
 	return And{
-		Eq{bookmarkTable + ".user_id": userId(r.ctx)},
+		Eq{bookmarkTable + ".user_id": loggedUser(r.ctx).ID},
 		Eq{bookmarkTable + ".item_type": r.tableName},
 		Eq{bookmarkTable + ".item_id": itemID},
 	}

persistence/sql_tags.go

@@ -1,12 +1,15 @@
 package persistence
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"strings"
 
 	. "github.com/Masterminds/squirrel"
+	"github.com/deluan/rest"
 	"github.com/navidrome/navidrome/model"
+	"github.com/pocketbase/dbx"
 )
 
 // Format of a tag in the DB
@@ -55,3 +58,106 @@ func tagIDFilter(name string, idValue any) Sqlizer {
 		},
 	)
 }
+
+// tagLibraryIdFilter filters tags based on library access through the library_tag table
+func tagLibraryIdFilter(_ string, value interface{}) Sqlizer {
+	return Eq{"library_tag.library_id": value}
+}
+
+// baseTagRepository provides common functionality for all tag-based repositories.
+// It handles CRUD operations with optional filtering by tag name.
+type baseTagRepository struct {
+	sqlRepository
+	tagFilter *model.TagName // nil = no filter (all tags), non-nil = filter by specific tag name
+}
+
+// newBaseTagRepository creates a new base tag repository with optional tag filtering.
+// If tagFilter is nil, the repository will work with all tags.
+// If tagFilter is provided, the repository will only work with tags of that specific name.
+func newBaseTagRepository(ctx context.Context, db dbx.Builder, tagFilter *model.TagName) *baseTagRepository {
+	r := &baseTagRepository{
+		tagFilter: tagFilter,
+	}
+	r.ctx = ctx
+	r.db = db
+	r.tableName = "tag"
+	r.registerModel(&model.Tag{}, map[string]filterFunc{
+		"name":       containsFilter("tag_value"),
+		"library_id": tagLibraryIdFilter,
+	})
+	r.setSortMappings(map[string]string{
+		"name": "tag_value",
+	})
+	return r
+}
+
+// newSelect overrides the base implementation to apply tag name filtering and library filtering.
+func (r *baseTagRepository) newSelect(options ...model.QueryOptions) SelectBuilder {
+	user := loggedUser(r.ctx)
+	if user.ID == invalidUserId {
+		// No user context - return empty result set
+		return SelectBuilder{}.Where(Eq{"1": "0"})
+	}
+	sq := r.sqlRepository.newSelect(options...)
+	if r.tagFilter != nil {
+		sq = sq.Where(Eq{"tag.tag_name": *r.tagFilter})
+	}
+	sq = sq.Columns(
+		"tag.id",
+		"tag.tag_value as name",
+		"COALESCE(SUM(library_tag.album_count), 0) as album_count",
+		"COALESCE(SUM(library_tag.media_file_count), 0) as song_count",
+	).
+		LeftJoin("library_tag on library_tag.tag_id = tag.id").
+		// Apply library filtering by joining only with accessible libraries
+		Join("user_library on user_library.library_id = library_tag.library_id AND user_library.user_id = ?", user.ID).
+		GroupBy("tag.id", "tag.tag_value")
+	return sq
+}
+
+// ResourceRepository interface implementation
+
+func (r *baseTagRepository) Count(options ...rest.QueryOptions) (int64, error) {
+	// Create a query that counts distinct tags without GROUP BY
+	user := loggedUser(r.ctx)
+	if user.ID == invalidUserId {
+		return 0, nil
+	}
+
+	// Build the same base query as newSelect but for counting
+	sq := Select()
+	if r.tagFilter != nil {
+		sq = sq.Where(Eq{"tag.tag_name": *r.tagFilter})
+	}
+
+	// Apply the same joins as newSelect
+	sq = sq.LeftJoin("library_tag on library_tag.tag_id = tag.id").
+		Join("user_library on user_library.library_id = library_tag.library_id AND user_library.user_id = ?", user.ID)
+
+	return r.count(sq, r.parseRestOptions(r.ctx, options...))
+}
+
+func (r *baseTagRepository) Read(id string) (interface{}, error) {
+	query := r.newSelect().Columns("*").Where(Eq{"id": id})
+	var res model.Tag
+	err := r.queryOne(query, &res)
+	return &res, err
+}
+
+func (r *baseTagRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+	query := r.newSelect(r.parseRestOptions(r.ctx, options...)).Columns("*")
+	var res model.TagList
+	err := r.queryAll(query, &res)
+	return res, err
+}
+
+func (r *baseTagRepository) EntityName() string {
+	return "tag"
+}
+
+func (r *baseTagRepository) NewInstance() interface{} {
+	return model.Tag{}
+}
+
+// Interface compliance check
+var _ model.ResourceRepository = (*baseTagRepository)(nil)

persistence/tag_library_filtering_test.go

@@ -0,0 +1,228 @@
+package persistence
+
+import (
+	"context"
+
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/conf/configtest"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/id"
+	"github.com/navidrome/navidrome/model/request"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/pocketbase/dbx"
+)
+
+var _ = Describe("Tag Library Filtering", func() {
+
+	BeforeEach(func() {
+		DeferCleanup(configtest.SetupConfig())
+
+		// Clean up all relevant tables
+		db := GetDBXBuilder()
+		_, err := db.NewQuery("DELETE FROM library_tag").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("DELETE FROM tag").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("DELETE FROM user_library WHERE user_id != 'userid' AND user_id != '2222'").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("DELETE FROM library WHERE id > 1").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Create test libraries
+		_, err = db.NewQuery("INSERT INTO library (id, name, path) VALUES (2, 'Library 2', '/music/lib2')").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("INSERT INTO library (id, name, path) VALUES (3, 'Library 3', '/music/lib3')").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Ensure admin user has access to all libraries (since admin users should have access to all libraries)
+		_, err = db.NewQuery("INSERT OR IGNORE INTO user_library (user_id, library_id) VALUES ('userid', 1)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("INSERT OR IGNORE INTO user_library (user_id, library_id) VALUES ('userid', 2)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("INSERT OR IGNORE INTO user_library (user_id, library_id) VALUES ('userid', 3)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Set up test tags
+		newTag := func(name, value string) model.Tag {
+			return model.Tag{ID: id.NewTagID(name, value), TagName: model.TagName(name), TagValue: value}
+		}
+
+		// Create tags in admin context
+		adminCtx := request.WithUser(log.NewContext(context.TODO()), adminUser)
+		tagRepo := NewTagRepository(adminCtx, GetDBXBuilder())
+
+		// Add tags to different libraries
+		err = tagRepo.Add(1, newTag("genre", "rock"))
+		Expect(err).ToNot(HaveOccurred())
+		err = tagRepo.Add(2, newTag("genre", "pop"))
+		Expect(err).ToNot(HaveOccurred())
+		err = tagRepo.Add(3, newTag("genre", "jazz"))
+		Expect(err).ToNot(HaveOccurred())
+		err = tagRepo.Add(2, newTag("genre", "rock"))
+		Expect(err).ToNot(HaveOccurred())
+
+		// Update counts manually for testing
+		_, err = db.NewQuery("UPDATE library_tag SET album_count = 5, media_file_count = 20 WHERE tag_id = {:tagId} AND library_id = 1").Bind(dbx.Params{"tagId": id.NewTagID("genre", "rock")}).Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("UPDATE library_tag SET album_count = 3, media_file_count = 10 WHERE tag_id = {:tagId} AND library_id = 2").Bind(dbx.Params{"tagId": id.NewTagID("genre", "pop")}).Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("UPDATE library_tag SET album_count = 2, media_file_count = 8 WHERE tag_id = {:tagId} AND library_id = 3").Bind(dbx.Params{"tagId": id.NewTagID("genre", "jazz")}).Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("UPDATE library_tag SET album_count = 1, media_file_count = 4 WHERE tag_id = {:tagId} AND library_id = 2").Bind(dbx.Params{"tagId": id.NewTagID("genre", "rock")}).Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Set up user library access - Regular user has access to libraries 1 and 2 only
+		_, err = db.NewQuery("INSERT INTO user_library (user_id, library_id) VALUES ('2222', 2)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	Describe("TagRepository Library Filtering", func() {
+		Context("Admin User", func() {
+			It("should see all tags regardless of library", func() {
+				ctx := request.WithUser(log.NewContext(context.TODO()), adminUser)
+				tagRepo := NewTagRepository(ctx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				tags, err := repo.ReadAll()
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+				Expect(tagList).To(HaveLen(3))
+			})
+		})
+
+		Context("Regular User with Limited Library Access", func() {
+			It("should only see tags from accessible libraries", func() {
+				ctx := request.WithUser(log.NewContext(context.TODO()), regularUser)
+				tagRepo := NewTagRepository(ctx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				tags, err := repo.ReadAll()
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+
+				// Should see rock (libraries 1,2) and pop (library 2), but not jazz (library 3)
+				Expect(tagList).To(HaveLen(2))
+			})
+
+			It("should respect explicit library_id filters within accessible libraries", func() {
+				ctx := request.WithUser(log.NewContext(context.TODO()), regularUser)
+				tagRepo := NewTagRepository(ctx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				// Filter by library 2 (user has access to libraries 1 and 2)
+				tags, err := repo.ReadAll(rest.QueryOptions{
+					Filters: map[string]interface{}{
+						"library_id": 2,
+					},
+				})
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+
+				// Should see only tags from library 2: pop and rock(lib2)
+				Expect(tagList).To(HaveLen(2))
+
+				// Verify the tags are correct
+				tagValues := make([]string, len(tagList))
+				for i, tag := range tagList {
+					tagValues[i] = tag.TagValue
+				}
+				Expect(tagValues).To(ContainElements("pop", "rock"))
+			})
+
+			It("should not return tags when filtering by inaccessible library", func() {
+				ctx := request.WithUser(log.NewContext(context.TODO()), regularUser)
+				tagRepo := NewTagRepository(ctx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				// Try to filter by library 3 (user doesn't have access)
+				tags, err := repo.ReadAll(rest.QueryOptions{
+					Filters: map[string]interface{}{
+						"library_id": 3,
+					},
+				})
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+
+				// Should return no tags since user can't access library 3
+				Expect(tagList).To(HaveLen(0))
+			})
+
+			It("should filter by library 1 correctly", func() {
+				ctx := request.WithUser(log.NewContext(context.TODO()), regularUser)
+				tagRepo := NewTagRepository(ctx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				// Filter by library 1 (user has access)
+				tags, err := repo.ReadAll(rest.QueryOptions{
+					Filters: map[string]interface{}{
+						"library_id": 1,
+					},
+				})
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+
+				// Should see only rock from library 1
+				Expect(tagList).To(HaveLen(1))
+				Expect(tagList[0].TagValue).To(Equal("rock"))
+			})
+		})
+
+		Context("Admin User with Explicit Library Filtering", func() {
+			It("should see all tags when no filter is applied", func() {
+				adminCtx := request.WithUser(log.NewContext(context.TODO()), adminUser)
+				tagRepo := NewTagRepository(adminCtx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				tags, err := repo.ReadAll()
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+				Expect(tagList).To(HaveLen(3))
+			})
+
+			It("should respect explicit library_id filters", func() {
+				adminCtx := request.WithUser(log.NewContext(context.TODO()), adminUser)
+				tagRepo := NewTagRepository(adminCtx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				// Filter by library 3
+				tags, err := repo.ReadAll(rest.QueryOptions{
+					Filters: map[string]interface{}{
+						"library_id": 3,
+					},
+				})
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+
+				// Should see only jazz from library 3
+				Expect(tagList).To(HaveLen(1))
+				Expect(tagList[0].TagValue).To(Equal("jazz"))
+			})
+
+			It("should filter by library 2 correctly", func() {
+				adminCtx := request.WithUser(log.NewContext(context.TODO()), adminUser)
+				tagRepo := NewTagRepository(adminCtx, GetDBXBuilder())
+				repo := tagRepo.(model.ResourceRepository)
+
+				// Filter by library 2
+				tags, err := repo.ReadAll(rest.QueryOptions{
+					Filters: map[string]interface{}{
+						"library_id": 2,
+					},
+				})
+				Expect(err).ToNot(HaveOccurred())
+				tagList := tags.(model.TagList)
+
+				// Should see pop and rock from library 2
+				Expect(tagList).To(HaveLen(2))
+
+				tagValues := make([]string, len(tagList))
+				for i, tag := range tagList {
+					tagValues[i] = tag.TagValue
+				}
+				Expect(tagValues).To(ContainElements("pop", "rock"))
+			})
+		})
+	})
+})

persistence/tag_repository.go

@@ -7,26 +7,22 @@ import (
 	"time"
 
 	. "github.com/Masterminds/squirrel"
-	"github.com/deluan/rest"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
 	"github.com/pocketbase/dbx"
 )
 
 type tagRepository struct {
-	sqlRepository
+	*baseTagRepository
 }
 
 func NewTagRepository(ctx context.Context, db dbx.Builder) model.TagRepository {
-	r := &tagRepository{}
-	r.ctx = ctx
-	r.db = db
-	r.tableName = "tag"
-	r.registerModel(&model.Tag{}, nil)
-	return r
+	return &tagRepository{
+		baseTagRepository: newBaseTagRepository(ctx, db, nil), // nil = no filter, works with all tags
+	}
 }
 
-func (r *tagRepository) Add(tags ...model.Tag) error {
+func (r *tagRepository) Add(libraryID int, tags ...model.Tag) error {
 	for chunk := range slices.Chunk(tags, 200) {
 		sq := Insert(r.tableName).Columns("id", "tag_name", "tag_value").
 			Suffix("on conflict (id) do nothing")
@@ -37,34 +33,41 @@ func (r *tagRepository) Add(tags ...model.Tag) error {
 		if err != nil {
 			return err
 		}
+
+		// Create library_tag entries for library filtering
+		libSq := Insert("library_tag").Columns("tag_id", "library_id", "album_count", "media_file_count").
+			Suffix("on conflict (tag_id, library_id) do nothing")
+		for _, t := range chunk {
+			libSq = libSq.Values(t.ID, libraryID, 0, 0)
+		}
+		_, err = r.executeSQL(libSq)
+		if err != nil {
+			return fmt.Errorf("adding library_tag entries: %w", err)
+		}
 	}
 	return nil
 }
 
-// UpdateCounts updates the album_count and media_file_count columns in the tag_counts table.
+// UpdateCounts updates the library_tag table with per-library statistics.
 // Only genres are being updated for now.
 func (r *tagRepository) UpdateCounts() error {
 	template := `
-with updated_values as (
-    select jt.value as id, count(distinct %[1]s.id) as %[1]s_count
-    from %[1]s
-             join json_tree(tags, '$.genre') as jt
-    where atom is not null
-      and key = 'id'
-    group by jt.value
-)
-update tag
-set %[1]s_count = updated_values.%[1]s_count
-from updated_values
-where tag.id = updated_values.id;
+INSERT INTO library_tag (tag_id, library_id, %[1]s_count)
+SELECT jt.value as tag_id, %[1]s.library_id, count(distinct %[1]s.id) as %[1]s_count
+FROM %[1]s
+JOIN json_tree(%[1]s.tags, '$.genre') as jt ON jt.atom IS NOT NULL AND jt.key = 'id'
+GROUP BY jt.value, %[1]s.library_id
+ON CONFLICT (tag_id, library_id) 
+DO UPDATE SET %[1]s_count = excluded.%[1]s_count;
 `
+
 	for _, table := range []string{"album", "media_file"} {
 		start := time.Now()
 		query := Expr(fmt.Sprintf(template, table))
 		c, err := r.executeSQL(query)
-		log.Debug(r.ctx, "Updated tag counts", "table", table, "elapsed", time.Since(start), "updated", c)
+		log.Debug(r.ctx, "Updated library tag counts", "table", table, "elapsed", time.Since(start), "updated", c)
 		if err != nil {
-			return fmt.Errorf("updating %s tag counts: %w", table, err)
+			return fmt.Errorf("updating %s library tag counts: %w", table, err)
 		}
 	}
 	return nil
@@ -74,6 +77,11 @@ func (r *tagRepository) purgeUnused() error {
 	del := Delete(r.tableName).Where(`	
 	id not in (select jt.value
 	from album left join json_tree(album.tags, '$') as jt
+	where atom is not null
+	  and key = 'id'
+	UNION 
+	select jt.value
+	from media_file left join json_tree(media_file.tags, '$') as jt
 	where atom is not null
 	  and key = 'id')
 `)
@@ -87,30 +95,4 @@ func (r *tagRepository) purgeUnused() error {
 	return err
 }
 
-func (r *tagRepository) Count(options ...rest.QueryOptions) (int64, error) {
-	return r.count(r.newSelect(), r.parseRestOptions(r.ctx, options...))
-}
-
-func (r *tagRepository) Read(id string) (interface{}, error) {
-	query := r.newSelect().Columns("*").Where(Eq{"id": id})
-	var res model.Tag
-	err := r.queryOne(query, &res)
-	return &res, err
-}
-
-func (r *tagRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
-	query := r.newSelect(r.parseRestOptions(r.ctx, options...)).Columns("*")
-	var res model.TagList
-	err := r.queryAll(query, &res)
-	return res, err
-}
-
-func (r *tagRepository) EntityName() string {
-	return "tag"
-}
-
-func (r *tagRepository) NewInstance() interface{} {
-	return model.Tag{}
-}
-
 var _ model.ResourceRepository = &tagRepository{}

persistence/tag_repository_test.go

@@ -0,0 +1,249 @@
+package persistence
+
+import (
+	"context"
+	"slices"
+	"strings"
+
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/conf/configtest"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/id"
+	"github.com/navidrome/navidrome/model/request"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("TagRepository", func() {
+	var repo model.TagRepository
+	var restRepo model.ResourceRepository
+	var ctx context.Context
+
+	BeforeEach(func() {
+		DeferCleanup(configtest.SetupConfig())
+		ctx = request.WithUser(log.NewContext(context.TODO()), model.User{ID: "userid", UserName: "johndoe", IsAdmin: true})
+		tagRepo := NewTagRepository(ctx, GetDBXBuilder())
+		repo = tagRepo
+		restRepo = tagRepo.(model.ResourceRepository)
+
+		// Clean the database before each test to ensure isolation
+		db := GetDBXBuilder()
+		_, err := db.NewQuery("DELETE FROM tag").Execute()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = db.NewQuery("DELETE FROM library_tag").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Ensure library 1 exists (if it doesn't already)
+		_, err = db.NewQuery("INSERT OR IGNORE INTO library (id, name, path, default_new_users) VALUES (1, 'Test Library', '/test', true)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Ensure the admin user has access to library 1
+		_, err = db.NewQuery("INSERT OR IGNORE INTO user_library (user_id, library_id) VALUES ('userid', 1)").Execute()
+		Expect(err).ToNot(HaveOccurred())
+
+		// Add comprehensive test data that covers all test scenarios
+		newTag := func(name, value string) model.Tag {
+			return model.Tag{ID: id.NewTagID(name, value), TagName: model.TagName(name), TagValue: value}
+		}
+
+		err = repo.Add(1,
+			// Genre tags
+			newTag("genre", "rock"),
+			newTag("genre", "pop"),
+			newTag("genre", "jazz"),
+			newTag("genre", "electronic"),
+			newTag("genre", "classical"),
+			newTag("genre", "ambient"),
+			newTag("genre", "techno"),
+			newTag("genre", "house"),
+			newTag("genre", "trance"),
+			newTag("genre", "Alternative Rock"),
+			newTag("genre", "Blues"),
+			newTag("genre", "Country"),
+			// Mood tags
+			newTag("mood", "happy"),
+			newTag("mood", "sad"),
+			newTag("mood", "energetic"),
+			newTag("mood", "calm"),
+			// Other tag types
+			newTag("instrument", "guitar"),
+			newTag("instrument", "piano"),
+			newTag("decade", "1980s"),
+			newTag("decade", "1990s"),
+		)
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	Describe("Add", func() {
+		It("should handle adding new tags", func() {
+			newTag := model.Tag{
+				ID:       id.NewTagID("genre", "experimental"),
+				TagName:  "genre",
+				TagValue: "experimental",
+			}
+
+			err := repo.Add(1, newTag)
+			Expect(err).ToNot(HaveOccurred())
+
+			// Verify tag was added
+			result, err := restRepo.Read(newTag.ID)
+			Expect(err).ToNot(HaveOccurred())
+			resultTag := result.(*model.Tag)
+			Expect(resultTag.TagValue).To(Equal("experimental"))
+
+			// Check count increased
+			count, err := restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(int64(21))) // 20 from dataset + 1 new
+		})
+
+		It("should handle duplicate tags gracefully", func() {
+			// Try to add a duplicate tag
+			duplicateTag := model.Tag{
+				ID:       id.NewTagID("genre", "rock"), // This already exists
+				TagName:  "genre",
+				TagValue: "rock",
+			}
+
+			count, err := restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(int64(20))) // Still 20 tags
+
+			err = repo.Add(1, duplicateTag)
+			Expect(err).ToNot(HaveOccurred()) // Should not error
+
+			// Count should remain the same
+			count, err = restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(int64(20))) // Still 20 tags
+		})
+	})
+
+	Describe("UpdateCounts", func() {
+		It("should update tag counts successfully", func() {
+			err := repo.UpdateCounts()
+			Expect(err).ToNot(HaveOccurred())
+		})
+
+		It("should handle empty database gracefully", func() {
+			// Clear the database first
+			db := GetDBXBuilder()
+			_, err := db.NewQuery("DELETE FROM tag").Execute()
+			Expect(err).ToNot(HaveOccurred())
+
+			err = repo.UpdateCounts()
+			Expect(err).ToNot(HaveOccurred())
+		})
+	})
+
+	Describe("Count", func() {
+		It("should return correct count of tags", func() {
+			count, err := restRepo.Count()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(int64(20))) // From the test dataset
+		})
+	})
+
+	Describe("Read", func() {
+		It("should return existing tag", func() {
+			rockID := id.NewTagID("genre", "rock")
+			result, err := restRepo.Read(rockID)
+			Expect(err).ToNot(HaveOccurred())
+			resultTag := result.(*model.Tag)
+			Expect(resultTag.ID).To(Equal(rockID))
+			Expect(resultTag.TagName).To(Equal(model.TagName("genre")))
+			Expect(resultTag.TagValue).To(Equal("rock"))
+		})
+
+		It("should return error for non-existent tag", func() {
+			_, err := restRepo.Read("non-existent-id")
+			Expect(err).To(HaveOccurred())
+		})
+	})
+
+	Describe("ReadAll", func() {
+		It("should return all tags from dataset", func() {
+			result, err := restRepo.ReadAll()
+			Expect(err).ToNot(HaveOccurred())
+			tags := result.(model.TagList)
+			Expect(tags).To(HaveLen(20))
+		})
+
+		It("should filter tags by partial value correctly", func() {
+			options := rest.QueryOptions{
+				Filters: map[string]interface{}{"name": "%rock%"}, // Tags containing 'rock'
+			}
+			result, err := restRepo.ReadAll(options)
+			Expect(err).ToNot(HaveOccurred())
+			tags := result.(model.TagList)
+			Expect(tags).To(HaveLen(2)) // "rock" and "Alternative Rock"
+
+			// Verify all returned tags contain 'rock' in their value
+			for _, tag := range tags {
+				Expect(strings.ToLower(tag.TagValue)).To(ContainSubstring("rock"))
+			}
+		})
+
+		It("should filter tags by partial value using LIKE", func() {
+			options := rest.QueryOptions{
+				Filters: map[string]interface{}{"name": "%e%"}, // Tags containing 'e'
+			}
+			result, err := restRepo.ReadAll(options)
+			Expect(err).ToNot(HaveOccurred())
+			tags := result.(model.TagList)
+			Expect(tags).To(HaveLen(8)) // electronic, house, trance, energetic, Blues, decade x2, Alternative Rock
+
+			// Verify all returned tags contain 'e' in their value
+			for _, tag := range tags {
+				Expect(strings.ToLower(tag.TagValue)).To(ContainSubstring("e"))
+			}
+		})
+
+		It("should sort tags by value ascending", func() {
+			options := rest.QueryOptions{
+				Filters: map[string]interface{}{"name": "%r%"}, // Tags containing 'r'
+				Sort:    "name",
+				Order:   "asc",
+			}
+			result, err := restRepo.ReadAll(options)
+			Expect(err).ToNot(HaveOccurred())
+			tags := result.(model.TagList)
+			Expect(tags).To(HaveLen(7))
+
+			Expect(slices.IsSortedFunc(tags, func(a, b model.Tag) int {
+				return strings.Compare(strings.ToLower(a.TagValue), strings.ToLower(b.TagValue))
+			}))
+		})
+
+		It("should sort tags by value descending", func() {
+			options := rest.QueryOptions{
+				Filters: map[string]interface{}{"name": "%r%"}, // Tags containing 'r'
+				Sort:    "name",
+				Order:   "desc",
+			}
+			result, err := restRepo.ReadAll(options)
+			Expect(err).ToNot(HaveOccurred())
+			tags := result.(model.TagList)
+			Expect(tags).To(HaveLen(7))
+
+			Expect(slices.IsSortedFunc(tags, func(a, b model.Tag) int {
+				return strings.Compare(strings.ToLower(b.TagValue), strings.ToLower(a.TagValue)) // Descending order
+			}))
+		})
+	})
+
+	Describe("EntityName", func() {
+		It("should return correct entity name", func() {
+			name := restRepo.EntityName()
+			Expect(name).To(Equal("tag"))
+		})
+	})
+
+	Describe("NewInstance", func() {
+		It("should return new tag instance", func() {
+			instance := restRepo.NewInstance()
+			Expect(instance).To(BeAssignableToTypeOf(model.Tag{}))
+		})
+	})
+})

persistence/transcoding_repository.go

@@ -41,7 +41,7 @@ func (r *transcodingRepository) FindByFormat(format string) (*model.Transcoding,
 }
 
 func (r *transcodingRepository) Put(t *model.Transcoding) error {
-	if !isAdmin(r.ctx) {
+	if !loggedUser(r.ctx).IsAdmin {
 		return rest.ErrPermissionDenied
 	}
 	_, err := r.put(t.ID, t)
@@ -72,7 +72,7 @@ func (r *transcodingRepository) NewInstance() interface{} {
 }
 
 func (r *transcodingRepository) Save(entity interface{}) (string, error) {
-	if !isAdmin(r.ctx) {
+	if !loggedUser(r.ctx).IsAdmin {
 		return "", rest.ErrPermissionDenied
 	}
 	t := entity.(*model.Transcoding)
@@ -84,7 +84,7 @@ func (r *transcodingRepository) Save(entity interface{}) (string, error) {
 }
 
 func (r *transcodingRepository) Update(id string, entity interface{}, cols ...string) error {
-	if !isAdmin(r.ctx) {
+	if !loggedUser(r.ctx).IsAdmin {
 		return rest.ErrPermissionDenied
 	}
 	t := entity.(*model.Transcoding)
@@ -97,7 +97,7 @@ func (r *transcodingRepository) Update(id string, entity interface{}, cols ...st
 }
 
 func (r *transcodingRepository) Delete(id string) error {
-	if !isAdmin(r.ctx) {
+	if !loggedUser(r.ctx).IsAdmin {
 		return rest.ErrPermissionDenied
 	}
 	err := r.delete(Eq{"id": id})

persistence/user_repository.go

@@ -3,6 +3,7 @@ package persistence
 import (
 	"context"
 	"crypto/sha256"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
@@ -17,6 +18,7 @@ import (
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/model/id"
 	"github.com/navidrome/navidrome/utils"
+	"github.com/navidrome/navidrome/utils/slice"
 	"github.com/pocketbase/dbx"
 )
 
@@ -24,6 +26,26 @@ type userRepository struct {
 	sqlRepository
 }
 
+type dbUser struct {
+	*model.User   `structs:",flatten"`
+	LibrariesJSON string `structs:"-" json:"-"`
+}
+
+func (u *dbUser) PostScan() error {
+	if u.LibrariesJSON != "" {
+		if err := json.Unmarshal([]byte(u.LibrariesJSON), &u.User.Libraries); err != nil {
+			return fmt.Errorf("parsing user libraries from db: %w", err)
+		}
+	}
+	return nil
+}
+
+type dbUsers []dbUser
+
+func (us dbUsers) toModels() model.Users {
+	return slice.Map(us, func(u dbUser) model.User { return *u.User })
+}
+
 var (
 	once   sync.Once
 	encKey []byte
@@ -33,8 +55,10 @@ func NewUserRepository(ctx context.Context, db dbx.Builder) model.UserRepository
 	r := &userRepository{}
 	r.ctx = ctx
 	r.db = db
+	r.tableName = "user"
 	r.registerModel(&model.User{}, map[string]filterFunc{
 		"password": invalidFilter(ctx),
+		"name":     r.withTableName(startsWithFilter),
 	})
 	once.Do(func() {
 		_ = r.initPasswordEncryptionKey()
@@ -42,28 +66,48 @@ func NewUserRepository(ctx context.Context, db dbx.Builder) model.UserRepository
 	return r
 }
 
+// selectUserWithLibraries returns a SelectBuilder that includes library information
+func (r *userRepository) selectUserWithLibraries(options ...model.QueryOptions) SelectBuilder {
+	return r.newSelect(options...).
+		Columns(`user.*`,
+			`COALESCE(json_group_array(json_object(
+				'id', library.id,
+				'name', library.name,
+				'path', library.path,
+				'remote_path', library.remote_path,
+				'last_scan_at', library.last_scan_at,
+				'last_scan_started_at', library.last_scan_started_at,
+				'full_scan_in_progress', library.full_scan_in_progress,
+				'updated_at', library.updated_at,
+				'created_at', library.created_at
+			)) FILTER (WHERE library.id IS NOT NULL), '[]') AS libraries_json`).
+		LeftJoin("user_library ul ON user.id = ul.user_id").
+		LeftJoin("library ON ul.library_id = library.id").
+		GroupBy("user.id")
+}
+
 func (r *userRepository) CountAll(qo ...model.QueryOptions) (int64, error) {
 	return r.count(Select(), qo...)
 }
 
 func (r *userRepository) Get(id string) (*model.User, error) {
-	sel := r.newSelect().Columns("*").Where(Eq{"id": id})
-	var res model.User
+	sel := r.selectUserWithLibraries().Where(Eq{"user.id": id})
+	var res dbUser
 	err := r.queryOne(sel, &res)
 	if err != nil {
 		return nil, err
 	}
-	return &res, nil
+	return res.User, nil
 }
 
 func (r *userRepository) GetAll(options ...model.QueryOptions) (model.Users, error) {
-	sel := r.newSelect(options...).Columns("*")
-	res := model.Users{}
+	sel := r.selectUserWithLibraries(options...)
+	var res dbUsers
 	err := r.queryAll(sel, &res)
 	if err != nil {
 		return nil, err
 	}
-	return res, nil
+	return res.toModels(), nil
 }
 
 func (r *userRepository) Put(u *model.User) error {
@@ -79,38 +123,65 @@ func (r *userRepository) Put(u *model.User) error {
 		return fmt.Errorf("error converting user to SQL args: %w", err)
 	}
 	delete(values, "current_password")
+
+	// Save/update the user
 	update := Update(r.tableName).Where(Eq{"id": u.ID}).SetMap(values)
 	count, err := r.executeSQL(update)
 	if err != nil {
 		return err
 	}
-	if count > 0 {
-		return nil
+
+	isNewUser := count == 0
+	if isNewUser {
+		values["created_at"] = time.Now()
+		insert := Insert(r.tableName).SetMap(values)
+		_, err = r.executeSQL(insert)
+		if err != nil {
+			return err
+		}
 	}
-	values["created_at"] = time.Now()
-	insert := Insert(r.tableName).SetMap(values)
-	_, err = r.executeSQL(insert)
-	return err
+
+	// Auto-assign all libraries to admin users in a single SQL operation
+	if u.IsAdmin {
+		sql := Expr(
+			"INSERT OR IGNORE INTO user_library (user_id, library_id) SELECT ?, id FROM library",
+			u.ID,
+		)
+		if _, err := r.executeSQL(sql); err != nil {
+			return fmt.Errorf("failed to assign all libraries to admin user: %w", err)
+		}
+	} else if isNewUser { // Only for new regular users
+		// Auto-assign default libraries to new regular users
+		sql := Expr(
+			"INSERT OR IGNORE INTO user_library (user_id, library_id) SELECT ?, id FROM library WHERE default_new_users = true",
+			u.ID,
+		)
+		if _, err := r.executeSQL(sql); err != nil {
+			return fmt.Errorf("failed to assign default libraries to new user: %w", err)
+		}
+	}
+
+	return nil
 }
 
 func (r *userRepository) FindFirstAdmin() (*model.User, error) {
-	sel := r.newSelect(model.QueryOptions{Sort: "updated_at", Max: 1}).Columns("*").Where(Eq{"is_admin": true})
-	var usr model.User
+	sel := r.selectUserWithLibraries(model.QueryOptions{Sort: "updated_at", Max: 1}).Where(Eq{"user.is_admin": true})
+	var usr dbUser
 	err := r.queryOne(sel, &usr)
 	if err != nil {
 		return nil, err
 	}
-	return &usr, nil
+	return usr.User, nil
 }
 
 func (r *userRepository) FindByUsername(username string) (*model.User, error) {
-	sel := r.newSelect().Columns("*").Where(Expr("user_name = ? COLLATE NOCASE", username))
-	var usr model.User
+	sel := r.selectUserWithLibraries().Where(Expr("user.user_name = ? COLLATE NOCASE", username))
+	var usr dbUser
 	err := r.queryOne(sel, &usr)
 	if err != nil {
 		return nil, err
 	}
-	return &usr, nil
+	return usr.User, nil
 }
 
 func (r *userRepository) FindByUsernameWithPassword(username string) (*model.User, error) {
@@ -365,6 +436,39 @@ func (r *userRepository) decryptAllPasswords(users model.Users) error {
 	return nil
 }
 
+// Library association methods
+
+func (r *userRepository) GetUserLibraries(userID string) (model.Libraries, error) {
+	sel := Select("l.*").
+		From("library l").
+		Join("user_library ul ON l.id = ul.library_id").
+		Where(Eq{"ul.user_id": userID}).
+		OrderBy("l.name")
+
+	var res model.Libraries
+	err := r.queryAll(sel, &res)
+	return res, err
+}
+
+func (r *userRepository) SetUserLibraries(userID string, libraryIDs []int) error {
+	// Remove existing associations
+	delSql := Delete("user_library").Where(Eq{"user_id": userID})
+	if _, err := r.executeSQL(delSql); err != nil {
+		return err
+	}
+
+	// Add new associations
+	if len(libraryIDs) > 0 {
+		insert := Insert("user_library").Columns("user_id", "library_id")
+		for _, libID := range libraryIDs {
+			insert = insert.Values(userID, libID)
+		}
+		_, err := r.executeSQL(insert)
+		return err
+	}
+	return nil
+}
+
 var _ model.UserRepository = (*userRepository)(nil)
 var _ rest.Repository = (*userRepository)(nil)
 var _ rest.Persistable = (*userRepository)(nil)

persistence/user_repository_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 
+	"github.com/Masterminds/squirrel"
 	"github.com/deluan/rest"
 	"github.com/navidrome/navidrome/consts"
 	"github.com/navidrome/navidrome/log"
@@ -235,4 +236,330 @@ var _ = Describe("UserRepository", func() {
 			Expect(err).To(MatchError("fake error"))
 		})
 	})
+
+	Describe("Library Association Methods", func() {
+		var userID string
+		var library1, library2 model.Library
+
+		BeforeEach(func() {
+			// Create a test user first to satisfy foreign key constraints
+			testUser := model.User{
+				ID:          "test-user-id",
+				UserName:    "testuser",
+				Name:        "Test User",
+				Email:       "test@example.com",
+				NewPassword: "password",
+				IsAdmin:     false,
+			}
+			Expect(repo.Put(&testUser)).To(BeNil())
+			userID = testUser.ID
+
+			library1 = model.Library{ID: 0, Name: "Library 500", Path: "/path/500"}
+			library2 = model.Library{ID: 0, Name: "Library 501", Path: "/path/501"}
+
+			// Create test libraries
+			libRepo := NewLibraryRepository(log.NewContext(context.TODO()), GetDBXBuilder())
+			Expect(libRepo.Put(&library1)).To(BeNil())
+			Expect(libRepo.Put(&library2)).To(BeNil())
+		})
+
+		AfterEach(func() {
+			// Clean up user-library associations to ensure test isolation
+			_ = repo.SetUserLibraries(userID, []int{})
+
+			// Clean up test libraries to ensure isolation between test groups
+			libRepo := NewLibraryRepository(log.NewContext(context.TODO()), GetDBXBuilder())
+			_ = libRepo.(*libraryRepository).delete(squirrel.Eq{"id": []int{library1.ID, library2.ID}})
+		})
+
+		Describe("GetUserLibraries", func() {
+			It("returns empty list when user has no library associations", func() {
+				libraries, err := repo.GetUserLibraries("non-existent-user")
+				Expect(err).To(BeNil())
+				Expect(libraries).To(HaveLen(0))
+			})
+
+			It("returns user's associated libraries", func() {
+				err := repo.SetUserLibraries(userID, []int{library1.ID, library2.ID})
+				Expect(err).To(BeNil())
+
+				libraries, err := repo.GetUserLibraries(userID)
+				Expect(err).To(BeNil())
+				Expect(libraries).To(HaveLen(2))
+
+				libIDs := []int{libraries[0].ID, libraries[1].ID}
+				Expect(libIDs).To(ContainElements(library1.ID, library2.ID))
+			})
+		})
+
+		Describe("SetUserLibraries", func() {
+			It("sets user's library associations", func() {
+				libraryIDs := []int{library1.ID, library2.ID}
+				err := repo.SetUserLibraries(userID, libraryIDs)
+				Expect(err).To(BeNil())
+
+				libraries, err := repo.GetUserLibraries(userID)
+				Expect(err).To(BeNil())
+				Expect(libraries).To(HaveLen(2))
+			})
+
+			It("replaces existing associations", func() {
+				// Set initial associations
+				err := repo.SetUserLibraries(userID, []int{library1.ID, library2.ID})
+				Expect(err).To(BeNil())
+
+				// Replace with just one library
+				err = repo.SetUserLibraries(userID, []int{library1.ID})
+				Expect(err).To(BeNil())
+
+				libraries, err := repo.GetUserLibraries(userID)
+				Expect(err).To(BeNil())
+				Expect(libraries).To(HaveLen(1))
+				Expect(libraries[0].ID).To(Equal(library1.ID))
+			})
+
+			It("removes all associations when passed empty slice", func() {
+				// Set initial associations
+				err := repo.SetUserLibraries(userID, []int{library1.ID, library2.ID})
+				Expect(err).To(BeNil())
+
+				// Remove all
+				err = repo.SetUserLibraries(userID, []int{})
+				Expect(err).To(BeNil())
+
+				libraries, err := repo.GetUserLibraries(userID)
+				Expect(err).To(BeNil())
+				Expect(libraries).To(HaveLen(0))
+			})
+		})
+	})
+
+	Describe("Admin User Auto-Assignment", func() {
+		var (
+			libRepo         model.LibraryRepository
+			library1        model.Library
+			library2        model.Library
+			initialLibCount int
+		)
+
+		BeforeEach(func() {
+			libRepo = NewLibraryRepository(log.NewContext(context.TODO()), GetDBXBuilder())
+
+			// Count initial libraries
+			existingLibs, err := libRepo.GetAll()
+			Expect(err).To(BeNil())
+			initialLibCount = len(existingLibs)
+
+			library1 = model.Library{ID: 0, Name: "Admin Test Library 1", Path: "/admin/test/path1"}
+			library2 = model.Library{ID: 0, Name: "Admin Test Library 2", Path: "/admin/test/path2"}
+
+			// Create test libraries
+			Expect(libRepo.Put(&library1)).To(BeNil())
+			Expect(libRepo.Put(&library2)).To(BeNil())
+		})
+
+		AfterEach(func() {
+			// Clean up test libraries and their associations
+			_ = libRepo.(*libraryRepository).delete(squirrel.Eq{"id": []int{library1.ID, library2.ID}})
+
+			// Clean up user-library associations for these test libraries
+			_, _ = repo.(*userRepository).executeSQL(squirrel.Delete("user_library").Where(squirrel.Eq{"library_id": []int{library1.ID, library2.ID}}))
+		})
+
+		It("automatically assigns all libraries to admin users when created", func() {
+			adminUser := model.User{
+				ID:          "admin-user-id-1",
+				UserName:    "adminuser1",
+				Name:        "Admin User",
+				Email:       "admin1@example.com",
+				NewPassword: "password",
+				IsAdmin:     true,
+			}
+
+			err := repo.Put(&adminUser)
+			Expect(err).To(BeNil())
+
+			// Admin should automatically have access to all libraries (including existing ones)
+			libraries, err := repo.GetUserLibraries(adminUser.ID)
+			Expect(err).To(BeNil())
+			Expect(libraries).To(HaveLen(initialLibCount + 2)) // Initial libraries + our 2 test libraries
+
+			libIDs := make([]int, len(libraries))
+			for i, lib := range libraries {
+				libIDs[i] = lib.ID
+			}
+			Expect(libIDs).To(ContainElements(library1.ID, library2.ID))
+		})
+
+		It("automatically assigns all libraries to admin users when updated", func() {
+			// Create regular user first
+			regularUser := model.User{
+				ID:          "regular-user-id-1",
+				UserName:    "regularuser1",
+				Name:        "Regular User",
+				Email:       "regular1@example.com",
+				NewPassword: "password",
+				IsAdmin:     false,
+			}
+
+			err := repo.Put(&regularUser)
+			Expect(err).To(BeNil())
+
+			// Give them access to just one library
+			err = repo.SetUserLibraries(regularUser.ID, []int{library1.ID})
+			Expect(err).To(BeNil())
+
+			// Promote to admin
+			regularUser.IsAdmin = true
+			err = repo.Put(&regularUser)
+			Expect(err).To(BeNil())
+
+			// Should now have access to all libraries (including existing ones)
+			libraries, err := repo.GetUserLibraries(regularUser.ID)
+			Expect(err).To(BeNil())
+			Expect(libraries).To(HaveLen(initialLibCount + 2)) // Initial libraries + our 2 test libraries
+
+			libIDs := make([]int, len(libraries))
+			for i, lib := range libraries {
+				libIDs[i] = lib.ID
+			}
+			// Should include our test libraries plus all existing ones
+			Expect(libIDs).To(ContainElements(library1.ID, library2.ID))
+		})
+
+		It("assigns default libraries to regular users", func() {
+			regularUser := model.User{
+				ID:          "regular-user-id-2",
+				UserName:    "regularuser2",
+				Name:        "Regular User",
+				Email:       "regular2@example.com",
+				NewPassword: "password",
+				IsAdmin:     false,
+			}
+
+			err := repo.Put(&regularUser)
+			Expect(err).To(BeNil())
+
+			// Regular user should be assigned to default libraries (library ID 1 from migration)
+			libraries, err := repo.GetUserLibraries(regularUser.ID)
+			Expect(err).To(BeNil())
+			Expect(libraries).To(HaveLen(1))
+			Expect(libraries[0].ID).To(Equal(1))
+			Expect(libraries[0].DefaultNewUsers).To(BeTrue())
+		})
+	})
+
+	Describe("Libraries Field Population", func() {
+		var (
+			libRepo  model.LibraryRepository
+			library1 model.Library
+			library2 model.Library
+			testUser model.User
+		)
+
+		BeforeEach(func() {
+			libRepo = NewLibraryRepository(log.NewContext(context.TODO()), GetDBXBuilder())
+			library1 = model.Library{ID: 0, Name: "Field Test Library 1", Path: "/field/test/path1"}
+			library2 = model.Library{ID: 0, Name: "Field Test Library 2", Path: "/field/test/path2"}
+
+			// Create test libraries
+			Expect(libRepo.Put(&library1)).To(BeNil())
+			Expect(libRepo.Put(&library2)).To(BeNil())
+
+			// Create test user
+			testUser = model.User{
+				ID:          "field-test-user",
+				UserName:    "fieldtestuser",
+				Name:        "Field Test User",
+				Email:       "fieldtest@example.com",
+				NewPassword: "password",
+				IsAdmin:     false,
+			}
+			Expect(repo.Put(&testUser)).To(BeNil())
+
+			// Assign libraries to user
+			Expect(repo.SetUserLibraries(testUser.ID, []int{library1.ID, library2.ID})).To(BeNil())
+		})
+
+		AfterEach(func() {
+			// Clean up test libraries and their associations
+			_ = libRepo.(*libraryRepository).delete(squirrel.Eq{"id": []int{library1.ID, library2.ID}})
+			_ = repo.(*userRepository).delete(squirrel.Eq{"id": testUser.ID})
+
+			// Clean up user-library associations for these test libraries
+			_, _ = repo.(*userRepository).executeSQL(squirrel.Delete("user_library").Where(squirrel.Eq{"library_id": []int{library1.ID, library2.ID}}))
+		})
+
+		It("populates Libraries field when getting a single user", func() {
+			user, err := repo.Get(testUser.ID)
+			Expect(err).To(BeNil())
+			Expect(user.Libraries).To(HaveLen(2))
+
+			libIDs := []int{user.Libraries[0].ID, user.Libraries[1].ID}
+			Expect(libIDs).To(ContainElements(library1.ID, library2.ID))
+
+			// Check that library details are properly populated
+			for _, lib := range user.Libraries {
+				if lib.ID == library1.ID {
+					Expect(lib.Name).To(Equal("Field Test Library 1"))
+					Expect(lib.Path).To(Equal("/field/test/path1"))
+				} else if lib.ID == library2.ID {
+					Expect(lib.Name).To(Equal("Field Test Library 2"))
+					Expect(lib.Path).To(Equal("/field/test/path2"))
+				}
+			}
+		})
+
+		It("populates Libraries field when getting all users", func() {
+			users, err := repo.(*userRepository).GetAll()
+			Expect(err).To(BeNil())
+
+			// Find our test user in the results
+			var foundUser *model.User
+			for i := range users {
+				if users[i].ID == testUser.ID {
+					foundUser = &users[i]
+					break
+				}
+			}
+
+			Expect(foundUser).ToNot(BeNil())
+			Expect(foundUser.Libraries).To(HaveLen(2))
+
+			libIDs := []int{foundUser.Libraries[0].ID, foundUser.Libraries[1].ID}
+			Expect(libIDs).To(ContainElements(library1.ID, library2.ID))
+		})
+
+		It("populates Libraries field when finding user by username", func() {
+			user, err := repo.FindByUsername(testUser.UserName)
+			Expect(err).To(BeNil())
+			Expect(user.Libraries).To(HaveLen(2))
+
+			libIDs := []int{user.Libraries[0].ID, user.Libraries[1].ID}
+			Expect(libIDs).To(ContainElements(library1.ID, library2.ID))
+		})
+
+		It("returns default Libraries array for new regular users", func() {
+			// Create a user with no explicit library associations - should get default libraries
+			userWithoutLibs := model.User{
+				ID:          "no-libs-user",
+				UserName:    "nolibsuser",
+				Name:        "No Libs User",
+				Email:       "nolibs@example.com",
+				NewPassword: "password",
+				IsAdmin:     false,
+			}
+			Expect(repo.Put(&userWithoutLibs)).To(BeNil())
+			defer func() {
+				_ = repo.(*userRepository).delete(squirrel.Eq{"id": userWithoutLibs.ID})
+			}()
+
+			user, err := repo.Get(userWithoutLibs.ID)
+			Expect(err).To(BeNil())
+			Expect(user.Libraries).ToNot(BeNil())
+			// Regular users should be assigned to default libraries (library ID 1 from migration)
+			Expect(user.Libraries).To(HaveLen(1))
+			Expect(user.Libraries[0].ID).To(Equal(1))
+		})
+	})
 })