feat: per-user parental controls (content rating limits)

[ProgenyAlpha]

Description

Adds admin-enforced per-user content rating limits (parental controls). Admins can set maximum movie (MPAA) and TV (US Parental Guidelines) ratings per user, plus a "block unrated" toggle for fail-closed filtering. Restricted users see no indication that filtering exists.

• Fixes [Feature Request] Limit Visible Requests By Jellyfin Parental Control Ratings #354
• Fixes Adjustable Age Restrictions for viewing content per user #501
• Closes feat(content-filtering): add per-user content rating filters #2275

Screenshot

Admin view: User > Settings > Parental Controls

How It Works

Admin Sets Limits

A new Parental Controls tab appears in user settings (admin-only — restricted users cannot see or modify their own limits). Admins choose:

• Max Movie Rating: G, PG, PG-13, R, or NC-17 (MPAA)
• Max TV Rating: TV-Y, TV-Y7, TV-G, TV-PG, TV-14, or TV-MA (US Parental Guidelines)
• Block Unrated: When enabled, content without a US certification is hidden

Limits are stored as new columns on UserSettings (maxMovieRating, maxTvRating, blockUnrated) with TypeORM migrations for both PostgreSQL and SQLite.

Discover Filtering (Two-Layer)

1. Pre-filter: TMDB's native certification.lte / certification_country query params remove rated content above the limit at the API level — no extra requests needed
2. Post-filter: For blockUnrated users, results that slipped through (unrated content TMDB doesn't filter) are caught server-side by fetching each item's US certification and checking against the hierarchy

Search Filtering

Search results don't support TMDB's certification params, so all filtering is server-side. Certifications are fetched in parallel via Promise.allSettled for each result, then filtered against the user's limits.

Backfill

When post-filtering drops a page below 15 results, the next TMDB page is automatically fetched and filtered to prevent sparse/empty pages. This applies to both discover and search routes.

Fail-Closed Design

• If a certification lookup fails → result is blocked (not leaked)
• Unknown ratings not in the hierarchy → treated as unrated
• No rating at all → blocked when blockUnrated is true, allowed when false

Rating Hierarchies

Single source of truth in server/constants/contentRatings.ts:

• Movies: G < PG < PG-13 < R < NC-17
• TV: TV-Y < TV-Y7 < TV-G < TV-PG < TV-14 < TV-MA

Scoped to US ratings — TMDB's certification data is most complete for the US market.

Files Changed

File	Purpose
server/constants/contentRatings.ts	Rating hierarchies, filter functions, types, UI dropdown options
server/entity/UserSettings.ts	New columns: maxMovieRating, maxTvRating, blockUnrated
server/migration/	PostgreSQL + SQLite migrations for new columns
server/routes/discover.ts	Pre-filter via certificationLte, post-filter for unrated, backfill
server/routes/search.ts	Parallel cert lookup, filtering, backfill
server/routes/user/usersettings.ts	GET/POST endpoints for parental controls
src/.../UserParentalControlsSettings/	Admin-only settings UI (dropdowns + toggle)
src/i18n/locale/en.json	15 new translation keys

Testing

• Built and deployed to production Seerr instance (Docker, SQLite)
• Verified admin can set rating limits per user
• Verified restricted user sees filtered discover/search results
• Verified blockUnrated hides content without US certification
• Verified backfill fills sparse pages from next TMDB page
• Verified unrestricted users see no change in behavior
• pnpm build passes clean (both build:next and build:server)

AI Disclosure

This PR was developed with Claude Code (Claude Opus 4.6), with human review, testing, and architectural direction at every step. All code was verified against existing codebase patterns and deployed before submission.

Checklist

• I have read and followed the contribution guidelines
• Disclosed any use of AI (see our policy)
• I have updated the documentation accordingly
• All new and existing tests passed
• Successful build pnpm build
• Translation keys pnpm i18n:extract
• Database migration (if required)

Summary by CodeRabbit

• New Features
  • Admins can view and update per-user parental controls (max movie/TV rating, block unrated, block adult) via new API endpoints and an admin-only settings page/tab.
  • User settings UI and bulk-edit modal support parental controls with mixed-value handling.
  • Discovery and search now respect per-user content restrictions, filtering and optionally backfilling results.
• Chores
  • Database migrations added to persist new settings.
• i18n
  • Added localization keys for parental controls UI.

[fallenbagel]

Isnt this the same as
#2275

[ProgenyAlpha]

Isnt this the same as #2275

I wasn't aware of #2275 because it wasn't linked to any of the issues, so it didn't come up when I scoped out existing work before starting. But probably wouldn't have matter as I technically started this back in December 2025 and wanted to use it for an extensive period of time before submitting it.

That said, the implementations are architecturally different. #2275 makes live TMDB API calls per-item at request time to fetch certifications, which adds latency to every discovery and search page and scales poorly with TMDB rate limits. This PR uses a static rating hierarchy; filtering is instant with zero external API overhead.

A few other things this PR brings to the table:

• Explicit blockUnrated toggle instead of overloading NR into the rating dropdown
• Dedicated parental controls settings page for cleaner UX separation
• OpenAPI spec updates for the new endpoints

Happy to collaborate or consolidate, the static rating approach could drop right into #2275 as a performance improvement if the maintainers prefer that path.

[mcfalld]

Nice work — this PR looks cleaner and will perform better than mine, especially with the backfill. I do have a few suggestions and one gap to call out; I'd love to see a hybrid that combines your architecture with a couple of features from my branch.

High-level takeaways
• Your static hierarchies + TMDB pre‑filtering are the right move for performance.
• I think the rating fallback from #2275 is still worth keeping; it handles some edge cases better.
• If we can merge those two approaches and add bulk edit support, this would be a very complete parental‑control solution.

What I'd bring from my PR

Enhanced rating fallback (applies when blockUnrated=true)
• Exclude "NR" when choosing the most restrictive US rating so unrated director's cuts don't override theatrical ratings.
• Collect all US ratings instead of stopping at the first match.
• Stronger international fallback: filter to a known hierarchy and pick the most restrictive available.

Detailed logging
• Log blocked items with the reason for the block to make production debugging and audits much easier. (Skip this if logging verbosity is a concern.)

Bulk edit for parental controls
• Added UI in the existing BulkEditModal so admins can set maxMovieRating / maxTvRating for multiple users at once; backend endpoint included.

Architecture note
• Your static hierarchies + TMDB pre‑filtering are superior for performance. My suggestion is to keep that, and fold in the certification-fetching logic and bulk edit capability.

Missing coverage
• Certification filtering currently runs only on the main /movies and /tv routes. The specialized endpoints below aren't passing certification parameters to TMDB, so users can bypass parental controls entirely by browsing those pages:

/movies/studio/:studioId
/tv/network/:networkId
/movies/genre/:genreId
/tv/genre/:genreId
/movies/language/:language
/tv/language/:language
/movies/upcoming
/tv/upcoming
/trending
We should extend those routes to include certification filtering so parental controls behave consistently across the app. (Full transparency: my implementation covers some 5 of these 9 routes—I'm missing the genre and language ones, which I'll add before finalizing.)

I'm excited about this — I can't really let friends and family use the app until something like this is in place. If you want, I can open a follow-up PR that merges the rating fallback and bulk edit into this branch.

[mcfalld]

Hey, wanted to follow up — after digging deeper into your branch I realize my earlier comment overstated the route coverage gap. You're actually filtering 10 out of 11 discover routes, which is great. The only one missing filtering is /trending. Apologies for the inaccuracy there.

I still think there are a few things from my branch that could complement yours nicely — bulk edit (setting parental controls on multiple users at once), smarter certification lookup (excluding NR from unrated director's cuts so the theatrical rating wins, plus international fallback when there's no US rating), and an optional "block adult content" toggle. These all slot into your existing architecture without extra API overhead. Happy to put together a PR into your branch if you're interested.

[ProgenyAlpha]

Hey! Sorry, saw your email but it's been a busy week so I didn't get a chance to reply. Just saw your PR, so I'll dig into your comments and review everything this weekend. Thanks for putting this together!

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds per-user parental controls: DB migrations, new content-rating constants and filtering helpers, discovery/search enforcement with optional backfill, admin API endpoints to get/update settings, bulk-edit and user settings UI, a Next.js settings page, and new localization keys.

Changes

Cohort / File(s)	Summary
API Spec seerr-api.yml	Add GET and POST /user/{userId}/settings/parental-controls for retrieving/updating maxMovieRating, maxTvRating, blockUnrated, blockAdult (MANAGE_USERS required).
Content Ratings & Helpers server/constants/contentRatings.ts	New rating lists, unrated constants, types, UI option helpers, and filtering functions shouldFilterMovie/shouldFilterTv.
Entity & Interfaces server/entity/UserSettings.ts, server/interfaces/api/userSettingsInterfaces.ts	Add maxMovieRating, maxTvRating, blockUnrated, blockAdult to UserSettings and new UserSettingsParentalControlsResponse interface.
Migrations (Postgres) server/migration/postgres/1765557160380-AddUserContentRatingLimits.ts, server/migration/postgres/1765557160381-AddBlockUnrated.ts, server/migration/postgres/1770627987305-AddBlockAdult.ts	Add maxMovieRating, maxTvRating (VARCHAR) and blockUnrated, blockAdult (boolean) to user_settings with reversible up/down methods.
Migrations (SQLite) server/migration/sqlite/.../1765557160380-AddUserContentRatingLimits.ts, server/migration/sqlite/.../1765557160381-AddBlockUnrated.ts, server/migration/sqlite/.../1770627987305-AddBlockAdult.ts	SQLite table-recreation migrations to add parental-control columns with defaults and reversible down methods.
Discovery Integration server/routes/discover.ts	Export getUserContentRatingLimits; apply per-user movie/TV certification filtering, per-item post-filtering, and optional next-page backfill; thread limits through discover endpoints.
Search Integration server/routes/search.ts	Apply rating-aware filtering to TMDB search results with batch certification fetches, fail-closed behavior on lookup failures, optional backfill, and adjust returned metadata to reflect filtering.
User Routes & Bulk Update server/routes/user/index.ts, server/routes/user/usersettings.ts	Validate/persist parental control fields in single and bulk user updates; add admin GET/POST /parental-controls with owner/permission checks and rating validation.
Frontend Components src/components/UserList/BulkEditModal.tsx, src/components/UserProfile/UserSettings/UserParentalControlsSettings/index.tsx, src/components/UserProfile/UserSettings/index.tsx	Add parental-controls UI to bulk edit modal; new Parental Controls settings component with SWR/Formik and submission; integrate tab into settings navigation with access gating.
Frontend Page src/pages/users/[userId]/settings/parental-controls.tsx	New Next.js page composing UserSettings wrapper and Parental Controls component, guarded by MANAGE_USERS.
Localization src/i18n/locale/en.json	Add translation keys for bulk-edit labels, parental controls form, tooltips, toasts, and menu item.

Sequence Diagram(s)

sequenceDiagram
    participant Admin as Admin
    participant API as Overseerr API
    participant DB as Database
    participant TMDB as TMDB

    Admin->>API: PUT /user (bulk) with parental control fields
    API->>API: Validate ratings (MOVIE_RATINGS/TV_RATINGS)
    API->>DB: Load/create & save user.settings (maxMovieRating,maxTvRating,blockUnrated,blockAdult)
    DB-->>API: Persisted settings
    API-->>Admin: 200 OK

    Note over API,TMDB: Per-user limits applied during discovery/search

    participant User as Target User
    participant Discover as Discover Route

    User->>Discover: GET /discover/movies
    Discover->>DB: Fetch user's content limits
    DB-->>Discover: maxMovieRating, blockUnrated, blockAdult
    Discover->>TMDB: TMDB search
    TMDB-->>Discover: Results page
    Discover->>TMDB: Fetch details/certifications for results
    TMDB-->>Discover: Details with ratings
    Discover->>Discover: Apply shouldFilterMovie/shouldFilterTv per item
    alt Filtered count < threshold
        Discover->>TMDB: Fetch next page (backfill)
        TMDB-->>Discover: Additional results
        Discover->>Discover: Re-apply filters
    end
    Discover-->>User: Filtered results

Loading

sequenceDiagram
    participant Browser as Admin Browser
    participant NextJS as Next.js Page
    participant API as Overseerr API
    participant DB as Database

    Browser->>NextJS: Load /users/[id]/settings/parental-controls
    NextJS->>NextJS: Check MANAGE_USERS permission
    NextJS-->>Browser: Render Parental Controls page

    Browser->>API: GET /api/v1/user/{id}/settings/parental-controls
    API->>DB: Load user.settings
    DB-->>API: Settings JSON
    API-->>Browser: 200 + settings
    Browser->>Browser: Formik initializes with values

    Browser->>API: POST /api/v1/user/{id}/settings/parental-controls
    API->>API: Validate ratings
    API->>DB: Update/create user.settings
    DB-->>API: Updated record
    API-->>Browser: 200 + updated settings
    Browser->>Browser: Show success toast & revalidate

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

"🐰
I nibble code and hop with glee,
Ratings set for safe movie spree.
Filters guard each show and night,
Admins tweak to get it right.
Hooray — quiet screens, tucked tight!"

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: per-user parental controls (content rating limits)' accurately summarizes the main feature added—admin-enforced per-user content rating limits across discover and search.
Linked Issues check	✅ Passed	The PR implementation meets objectives from #354 (limit visible movies by rating) and #501 (adjustable per-user age restrictions) by adding per-user max movie/TV ratings, blockUnrated toggle, filtering in discover/search, admin UI, and bulk edit support.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing per-user parental controls: rating constants, entity fields, migrations, filtering logic, API endpoints, UI components, and localization—no unrelated modifications detected.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/components/UserList/BulkEditModal.tsx (1)

47-73: ⚠️ Potential issue | 🟠 Major

Avoid unintentionally clearing parental controls during bulk edits.

Right now the modal always sends maxMovieRating, maxTvRating, blockUnrated, and blockAdult with default ''/false, which will wipe existing restrictions even when the admin only edits permissions. Please only send these fields when the admin actually changes them (or prefill and compare).

✅ Suggested fix (track “touched” fields and conditionally include in payload)

-  const [currentMaxMovieRating, setCurrentMaxMovieRating] = useState<
-    string | undefined
-  >(undefined);
-  const [currentMaxTvRating, setCurrentMaxTvRating] = useState<
-    string | undefined
-  >(undefined);
-  const [currentBlockUnrated, setCurrentBlockUnrated] = useState(false);
-  const [currentBlockAdult, setCurrentBlockAdult] = useState(false);
+  const [currentMaxMovieRating, setCurrentMaxMovieRating] = useState<
+    string | undefined
+  >(undefined);
+  const [currentMaxTvRating, setCurrentMaxTvRating] = useState<
+    string | undefined
+  >(undefined);
+  const [currentBlockUnrated, setCurrentBlockUnrated] = useState(false);
+  const [currentBlockAdult, setCurrentBlockAdult] = useState(false);
+  const [maxMovieRatingTouched, setMaxMovieRatingTouched] = useState(false);
+  const [maxTvRatingTouched, setMaxTvRatingTouched] = useState(false);
+  const [blockUnratedTouched, setBlockUnratedTouched] = useState(false);
+  const [blockAdultTouched, setBlockAdultTouched] = useState(false);

       const { data: updated } = await axios.put<User[]>(`/api/v1/user`, {
         ids: selectedUserIds,
         permissions: currentPermission,
-        maxMovieRating: currentMaxMovieRating || '',
-        maxTvRating: currentMaxTvRating || '',
-        blockUnrated: currentBlockUnrated,
-        blockAdult: currentBlockAdult,
+        ...(maxMovieRatingTouched
+          ? { maxMovieRating: currentMaxMovieRating || '' }
+          : {}),
+        ...(maxTvRatingTouched ? { maxTvRating: currentMaxTvRating || '' } : {}),
+        ...(blockUnratedTouched ? { blockUnrated: currentBlockUnrated } : {}),
+        ...(blockAdultTouched ? { blockAdult: currentBlockAdult } : {}),
       });

-  onChange={(e) =>
-    setCurrentMaxMovieRating(e.target.value || undefined)
-  }
+  onChange={(e) => {
+    setMaxMovieRatingTouched(true);
+    setCurrentMaxMovieRating(e.target.value || undefined);
+  }}

-  onChange={(e) =>
-    setCurrentMaxTvRating(e.target.value || undefined)
-  }
+  onChange={(e) => {
+    setMaxTvRatingTouched(true);
+    setCurrentMaxTvRating(e.target.value || undefined);
+  }}

-  onChange={(e) => setCurrentBlockUnrated(e.target.checked)}
+  onChange={(e) => {
+    setBlockUnratedTouched(true);
+    setCurrentBlockUnrated(e.target.checked);
+  }}

-  onChange={(e) => setCurrentBlockAdult(e.target.checked)}
+  onChange={(e) => {
+    setBlockAdultTouched(true);
+    setCurrentBlockAdult(e.target.checked);
+  }}

Also applies to: 128-205

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/components/UserList/BulkEditModal.tsx` around lines 47 - 73, The
bulk-edit currently always sends
maxMovieRating/maxTvRating/blockUnrated/blockAdult (defaulting to ''/false) and
can unintentionally clear parental controls; change the component to track
whether each parental-control field was touched (e.g., add
touchedMaxMovieRating/touchedMaxTvRating/touchedBlockUnrated/touchedBlockAdult
or make block states undefined initially) and update the form controls to mark
those touched flags when the admin changes them; then in updateUsers build the
PUT payload starting with ids: selectedUserIds and permissions:
currentPermission and only attach
maxMovieRating/currentMaxTvRating/currentBlockUnrated/currentBlockAdult if their
corresponding touched flag is true (or value !== undefined) so unchanged fields
are omitted from the request; ensure references to currentMaxMovieRating,
currentMaxTvRating, currentBlockUnrated, currentBlockAdult and updateUsers are
updated accordingly.

server/routes/discover.ts (1)

1338-1381: ⚠️ Potential issue | 🟡 Minor

Missing parental controls filtering on keyword movies endpoint.

This endpoint does not apply content rating filtering, which could allow users to bypass parental controls by navigating to keyword-based movie listings.

🔒 Proposed fix to add filtering

 discoverRoutes.get<{ keywordId: string }>(
   '/keyword/:keywordId/movies',
   async (req, res, next) => {
     const tmdb = new TheMovieDb();
+    const ratingLimits = getUserContentRatingLimits(req.user);

     try {
       const data = await tmdb.getMoviesByKeyword({
         keywordId: Number(req.params.keywordId),
         page: Number(req.query.page),
         language: (req.query.language as string) ?? req.locale,
       });

+      // Post-filter for parental controls
+      const filteredResults = await postFilterDiscoverMovies(
+        data.results,
+        tmdb,
+        ratingLimits,
+        undefined,
+        false // no pre-filter applied
+      );
+
       const media = await Media.getRelatedMedia(
         req.user,
-        data.results.map((result) => result.id)
+        filteredResults.map((result) => result.id)
       );

       return res.status(200).json({
         page: data.page,
         totalPages: data.total_pages,
         totalResults: data.total_results,
-        results: data.results.map((result) =>
+        results: filteredResults.map((result) =>
           mapMovieResult(
             result,
             media.find(
               (med) =>
                 med.tmdbId === result.id && med.mediaType === MediaType.MOVIE
             )
           )
         ),
       });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/discover.ts` around lines 1338 - 1381, The keyword movies
handler (discoverRoutes.get -> tmdb.getMoviesByKeyword) currently returns TMDB
results without applying parental controls; update the handler to filter
data.results using the same parental-controls helper used elsewhere (apply
before mapping and before computing results sent to the client) based on
req.user (e.g., the helper used by other discover/search endpoints), then call
Media.getRelatedMedia and map via mapMovieResult only for the filtered IDs
(MediaType.MOVIE); ensure the response results array and counts reflect the
filtered set (or explicitly document preserving TMDB counts) and keep the
existing error handling.

🧹 Nitpick comments (2)

server/routes/search.ts (1)

66-125: Skip certification lookups when only blockAdult is active.

If no rating/unrated limits are set, you can return the adult-pre-filtered list immediately and avoid extra TMDB calls.

⚡️ Suggested optimization

-  const settled = await Promise.allSettled(
-    preFiltered.map((r) => getCertification(r, tmdb))
-  );
+  if (!maxMovieRating && !maxTvRating && !blockUnrated) {
+    return preFiltered;
+  }
+
+  const settled = await Promise.allSettled(
+    preFiltered.map((r) => getCertification(r, tmdb))
+  );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/search.ts` around lines 66 - 125, The function
filterSearchBatch does unnecessary TMDB certification lookups when there are no
rating/unrated constraints—add an early return that returns preFiltered
immediately if there are no rating limits and blockUnrated is false (i.e. when
!maxMovieRating && !maxTvRating && !blockUnrated); place this check before
calling Promise.allSettled so getCertification is not invoked, referencing the
existing preFiltered variable and the getCertification calls inside
filterSearchBatch.

server/routes/discover.ts (1)

268-300: TV filtering lacks international rating fallback unlike movies.

The movie filtering at lines 181-192 falls back to international ratings if no US rating is found, but the TV filtering only checks for US ratings. This inconsistency may result in more TV content being treated as unrated compared to movies.

Consider adding similar international fallback logic for TV shows if consistent behavior across media types is desired. This could help reduce false positives for international TV content when blockUnrated is enabled.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/discover.ts` around lines 268 - 300, filterTvBatch currently
only uses the US rating from details.content_ratings for TV shows, so add the
same international-fallback behavior used in movie filtering: when
tmdb.getTvShow(...) returns details and no US rating is found, fall back to the
first available rating from details.content_ratings.results (or a suitable
non-US entry) to compute cert before calling shouldFilterTv; update the
destructuring/assignment where you derive cert (from
details.content_ratings?.results?.find(...)) to try US first then fallback to an
international rating, and keep the logger.debug call (logger.debug,
tvId/show.id, tvTitle/title, certification, maxRating) unchanged so blocked
shows still log with the chosen certification.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@server/constants/contentRatings.ts`:
- Around line 1-6: The top header comment in contentRatings.ts incorrectly
states "Lower index = more restrictive" while the rating arrays are ordered from
least restrictive to most restrictive; update that comment to say something like
"Lower index = less restrictive (suitable for older audiences)" or "Lists are
ordered from least restrictive to most restrictive" so it matches the ordering
used by the rating arrays (e.g., TV and movie rating constants) in this file.

In `@server/routes/search.ts`:
- Around line 212-245: The current computation of filterRatio can exceed 1 when
backfill adds results, inflating totalPages/totalResults; change the filterRatio
calculation in this block to clamp it to a maximum of 1. Specifically, update
the filterRatio assignment (which uses originalCount and filteredCount) to use
Math.min(1, filteredCount / originalCount) when originalCount > 0 (leave it as 1
when originalCount === 0), so the totals computed after calling
filterSearchResultsByRating and Media.getRelatedMedia cannot exceed TMDB's
original totals.

In `@server/routes/user/index.ts`:
- Around line 493-524: The bulk update loop in users.map updates parental
controls without protecting admin users; before applying any parental-controls
fields (maxMovieRating, maxTvRating, blockUnrated, blockAdult) check the user's
permissions (e.g., user.permissions includes 'MANAGE_USERS' or the constant used
elsewhere) and either skip applying those settings or throw an error consistent
with usersettings.ts behavior; locate the block inside the async map where
UserSettings is created/modified and add the same guard as in usersettings.ts
(reject or no-op for users with MANAGE_USERS) before mutating settings and
calling userRepository.save(user).

---

Outside diff comments:
In `@server/routes/discover.ts`:
- Around line 1338-1381: The keyword movies handler (discoverRoutes.get ->
tmdb.getMoviesByKeyword) currently returns TMDB results without applying
parental controls; update the handler to filter data.results using the same
parental-controls helper used elsewhere (apply before mapping and before
computing results sent to the client) based on req.user (e.g., the helper used
by other discover/search endpoints), then call Media.getRelatedMedia and map via
mapMovieResult only for the filtered IDs (MediaType.MOVIE); ensure the response
results array and counts reflect the filtered set (or explicitly document
preserving TMDB counts) and keep the existing error handling.

In `@src/components/UserList/BulkEditModal.tsx`:
- Around line 47-73: The bulk-edit currently always sends
maxMovieRating/maxTvRating/blockUnrated/blockAdult (defaulting to ''/false) and
can unintentionally clear parental controls; change the component to track
whether each parental-control field was touched (e.g., add
touchedMaxMovieRating/touchedMaxTvRating/touchedBlockUnrated/touchedBlockAdult
or make block states undefined initially) and update the form controls to mark
those touched flags when the admin changes them; then in updateUsers build the
PUT payload starting with ids: selectedUserIds and permissions:
currentPermission and only attach
maxMovieRating/currentMaxTvRating/currentBlockUnrated/currentBlockAdult if their
corresponding touched flag is true (or value !== undefined) so unchanged fields
are omitted from the request; ensure references to currentMaxMovieRating,
currentMaxTvRating, currentBlockUnrated, currentBlockAdult and updateUsers are
updated accordingly.

---

Nitpick comments:
In `@server/routes/discover.ts`:
- Around line 268-300: filterTvBatch currently only uses the US rating from
details.content_ratings for TV shows, so add the same international-fallback
behavior used in movie filtering: when tmdb.getTvShow(...) returns details and
no US rating is found, fall back to the first available rating from
details.content_ratings.results (or a suitable non-US entry) to compute cert
before calling shouldFilterTv; update the destructuring/assignment where you
derive cert (from details.content_ratings?.results?.find(...)) to try US first
then fallback to an international rating, and keep the logger.debug call
(logger.debug, tvId/show.id, tvTitle/title, certification, maxRating) unchanged
so blocked shows still log with the chosen certification.

In `@server/routes/search.ts`:
- Around line 66-125: The function filterSearchBatch does unnecessary TMDB
certification lookups when there are no rating/unrated constraints—add an early
return that returns preFiltered immediately if there are no rating limits and
blockUnrated is false (i.e. when !maxMovieRating && !maxTvRating &&
!blockUnrated); place this check before calling Promise.allSettled so
getCertification is not invoked, referencing the existing preFiltered variable
and the getCertification calls inside filterSearchBatch.

[ProgenyAlpha]

Update: Merged contributions from #2275 + cleanup

I've rebased onto the latest develop and incorporated @mcfalld's enhancements from PR #1 on my fork. Here's a summary of everything that changed since the original submission:

Bug fix (critical)

The post-filter functions (postFilterDiscoverMovies / postFilterDiscoverTv) had an early return gated on blockUnrated, which meant maxMovieRating / maxTvRating filtering was completely bypassed when blockUnrated was disabled. R-rated content was visible to users with a PG-13 limit on routes like /trending that don't use TMDB's certification.lte pre-filter. Also fixed filterMovieBatch / filterTvBatch where blockUnrated was hardcoded to true instead of using the user's actual setting.

New features (from @mcfalld)

• Trending route filtering — the one discover route that was missing parental controls. Splits results by media type and applies movie/TV filters separately with preFiltered=false
• blockAdult toggle — filters on TMDB's adult flag, zero API overhead since the field is already in every response
• Bulk edit — admins can set parental controls on multiple users at once via the existing bulk edit modal
• Enhanced cert lookup — collects all US release date certifications, excludes NR/unrated director's cuts, returns the most restrictive. Falls back to international ratings when no US cert exists
• Debug logging — blocked items now log title, ID, certification, and max rating at debug level

Cleanup

• Deduplicated rating arrays — BulkEditModal and UserParentalControlsSettings now import getMovieRatingOptions() / getTvRatingOptions() from contentRatings.ts instead of hardcoding identical arrays
• Input validation — both the parental controls POST endpoint and the bulk edit PUT endpoint now validate rating values against the allowed constants (returns 400 for invalid values)
• blockAdult in search — extended blockAdult filtering to the search route, which was previously only applied on discover routes
• OpenAPI spec — added blockUnrated and blockAdult fields to the GET response, POST request, and POST response schemas
• Fixed indentation in the trending route's map callbacks to match the rest of discover.ts
• Removed unused i18n keys

Performance note

Added a preFiltered parameter to the post-filter functions. Routes that already pass certification.lte to TMDB (all discover routes except trending) skip the expensive per-item certification lookups — only blockUnrated checks run on those. Trending is the only route that does item-level TMDB lookups for rating checks.

---

Big thanks to @mcfalld for the thorough review, the critical bug catch, and the feature additions. The static rating hierarchy from this PR combined with his enhanced cert lookup and bulk edit makes for a much more complete solution than either PR alone.

One thought: would the team be open to adding a small feature announcement (info banner or similar) so admins know parental controls are available after updating? Happy to implement whatever pattern you'd prefer, or leave it to the release notes.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

server/routes/search.ts (2)

190-191: Consider validating page number to avoid unexpected behavior.

searchPage defaults to 1 if NaN, but doesn't guard against negative values or zero. While TMDB likely handles invalid page numbers gracefully, explicit validation is defensive.

🛡️ Optional defensive validation

-  const searchPage = Number(req.query.page) || 1;
+  const searchPage = Math.max(1, Number(req.query.page) || 1);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/search.ts` around lines 190 - 191, The parsed searchPage from
req.query.page can be NaN, zero or negative; after parsing
Number(req.query.page) ensure it is a valid integer >= 1 (e.g., use
Number.parseInt/Math.floor and then clamp to at least 1) before using it in the
search flow so invalid values default to 1; update the logic around searchPage
(the variable assigned from req.query.page) to validate and normalize the value
defensively.

---

74-77: Verify adult filtering covers all result types with the adult property.

The pre-filter checks 'adult' in r but then casts to TmdbMovieResult. Per the interfaces, TmdbPersonResult and TmdbCollectionResult also have adult properties. The current implementation works because 'adult' in r is checked first, but the cast is misleading.

♻️ Suggested clarification (optional)

-  const preFiltered = blockAdult
-    ? results.filter((r) => !('adult' in r && (r as TmdbMovieResult).adult))
-    : results;
+  const preFiltered = blockAdult
+    ? results.filter((r) => !('adult' in r && r.adult))
+    : results;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/search.ts` around lines 74 - 77, Pre-filtering currently checks
'adult' in r then casts to TmdbMovieResult which is misleading because
TmdbPersonResult and TmdbCollectionResult also have adult; remove the cast and
either use a union cast or a small type guard: replace (r as
TmdbMovieResult).adult with (r as TmdbMovieResult | TmdbPersonResult |
TmdbCollectionResult).adult or implement a hasAdult(r): r is { adult: boolean }
type guard, and use that in the preFiltered computation (refer to variable
preFiltered and the results array).

src/components/UserList/BulkEditModal.tsx (1)

148-170: Consider showing a hint when selected users have different rating limits.

The select dropdowns start empty, but selected users may have varying limits. While the touchedFields pattern prevents accidental overwrites, admins have no visibility into the current state of selected users' parental controls.

For the permissions section, common values are computed and displayed. A similar approach (or at least a helper message) could improve UX.

This is a nice-to-have enhancement for future iteration, not a blocker.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/components/UserList/BulkEditModal.tsx` around lines 148 - 170, Add a UI
hint for mixed max movie ratings similar to the permissions section by computing
the common value across selected users (e.g., create a helper like
computeCommonMaxMovieRating or reuse existing common-value logic) and use that
to populate or annotate the select when currentMaxMovieRating is undefined and
the field is not yet touched; update the select display logic around
currentMaxMovieRating and the markTouched usage so that when values differ you
show a helper message such as "Multiple values selected" (or the common rating
if one exists) next to the select, and ensure getMovieRatingOptions() remains
the option source while keeping markTouched('maxMovieRating') and
setCurrentMaxMovieRating unchanged.

server/routes/user/index.ts (1)

513-517: Clarify behavior: empty string clears the rating but validation logic differs.

At line 464, validation skips if maxMovieRating is falsy (empty string). At line 514, settings.maxMovieRating = req.body.maxMovieRating || undefined converts empty string to undefined. This works but the coupling is implicit.

The validation uses truthy check (if (req.body.maxMovieRating && ...)) while the assignment uses || undefined. Both handle empty string as "clear", but through different mechanisms.

Consider adding a brief comment clarifying that empty string is intentionally used to clear ratings, or use explicit === '' checks for clarity.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/user/index.ts` around lines 513 - 517, The code treats an empty
string as a signal to clear ratings but does so inconsistently (validation uses
a truthy check while assignment uses `|| undefined`), so make the behavior
explicit: update the validation and assignment for `req.body.maxMovieRating` and
`req.body.maxTvRating` to check for `''` (empty string) and `undefined`
explicitly (e.g., if `req.body.maxMovieRating === ''` then set
`settings.maxMovieRating = undefined`, else if `req.body.maxMovieRating !==
undefined` validate and assign the provided value), and add a short comment near
`settings.maxMovieRating`/`settings.maxTvRating` explaining that an empty string
is intentionally used to clear the rating.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/components/UserList/BulkEditModal.tsx`:
- Around line 194-223: The blockUnrated/blockAdult checkboxes (controlled by
currentBlockUnrated/currentBlockAdult and updated via
setCurrentBlockUnrated/setCurrentBlockAdult with markTouched) default to false
and can unintentionally overwrite differing user settings; compute and set an
initial/common/indeterminate state for these controls based on the selected
users (the same logic used for permissions) or switch to a
tri-state/indeterminate UI so the checkbox reflects "mixed" values, and only
call markTouched when the admin explicitly changes the value; update the
initialization logic where currentBlockUnrated/currentBlockAdult are derived and
the onChange handlers to respect and clear indeterminate state instead of
forcing false for all users.

---

Nitpick comments:
In `@server/routes/search.ts`:
- Around line 190-191: The parsed searchPage from req.query.page can be NaN,
zero or negative; after parsing Number(req.query.page) ensure it is a valid
integer >= 1 (e.g., use Number.parseInt/Math.floor and then clamp to at least 1)
before using it in the search flow so invalid values default to 1; update the
logic around searchPage (the variable assigned from req.query.page) to validate
and normalize the value defensively.
- Around line 74-77: Pre-filtering currently checks 'adult' in r then casts to
TmdbMovieResult which is misleading because TmdbPersonResult and
TmdbCollectionResult also have adult; remove the cast and either use a union
cast or a small type guard: replace (r as TmdbMovieResult).adult with (r as
TmdbMovieResult | TmdbPersonResult | TmdbCollectionResult).adult or implement a
hasAdult(r): r is { adult: boolean } type guard, and use that in the preFiltered
computation (refer to variable preFiltered and the results array).

In `@server/routes/user/index.ts`:
- Around line 513-517: The code treats an empty string as a signal to clear
ratings but does so inconsistently (validation uses a truthy check while
assignment uses `|| undefined`), so make the behavior explicit: update the
validation and assignment for `req.body.maxMovieRating` and
`req.body.maxTvRating` to check for `''` (empty string) and `undefined`
explicitly (e.g., if `req.body.maxMovieRating === ''` then set
`settings.maxMovieRating = undefined`, else if `req.body.maxMovieRating !==
undefined` validate and assign the provided value), and add a short comment near
`settings.maxMovieRating`/`settings.maxTvRating` explaining that an empty string
is intentionally used to clear the rating.

In `@src/components/UserList/BulkEditModal.tsx`:
- Around line 148-170: Add a UI hint for mixed max movie ratings similar to the
permissions section by computing the common value across selected users (e.g.,
create a helper like computeCommonMaxMovieRating or reuse existing common-value
logic) and use that to populate or annotate the select when
currentMaxMovieRating is undefined and the field is not yet touched; update the
select display logic around currentMaxMovieRating and the markTouched usage so
that when values differ you show a helper message such as "Multiple values
selected" (or the common rating if one exists) next to the select, and ensure
getMovieRatingOptions() remains the option source while keeping
markTouched('maxMovieRating') and setCurrentMaxMovieRating unchanged.

[ProgenyAlpha]

CodeRabbit Review — All Findings Addressed

Round 1 (7 findings → all fixed in d3fef3a)

#	Finding	Severity	Resolution
1	BulkEditModal clears parental controls on permission-only edits	🟠 Major	Added touchedFields tracking — parental control fields are only sent in the PUT payload when the admin actually modifies them
2	Keyword movies endpoint bypasses parental controls	🟡 Minor	Added postFilterDiscoverMovies() call to /keyword/:keywordId/movies
3	Bulk edit missing admin user protection	🟠 Major	Added MANAGE_USERS permission check — parental controls are skipped for admin users, matching the individual endpoint behavior in usersettings.ts
4	Search: unnecessary cert lookups when only blockAdult active	Nitpick	Added early return in filterSearchBatch — skips expensive TMDB certification API calls when no rating/unrated constraints are set
5	TV filtering lacks international rating fallback	Nitpick	Added getTvCertFromDetails() with international fallback, matching the existing movie certification lookup behavior
6	contentRatings.ts comment inversion	🟡 Minor	Fixed header comment: "Lower index = less restrictive"
7	filterRatio exceeds 1.0 after backfill	🟡 Minor	Clamped with Math.min(1, filteredCount / originalCount)

[ProgenyAlpha]

Round 2 — Fixed in a3db62a

All five remaining nitpicks from the second CodeRabbit review have been addressed:

#	Finding	Fix
1	Checkbox indeterminate state for mixed settings	BulkEditModal now fetches parental controls for all selected users on mount. Checkboxes show indeterminate (semi-filled) state when values differ, with hint text: "Enabled for some but not all users"
2	Mixed rating value hints	Select dropdowns show "Varies across selected users" when selected users have different rating limits
3	searchPage negative/zero validation	Clamped with Math.max(1, ...)
4	Misleading adult cast	Replaced (r as TmdbMovieResult).adult with (r as { adult?: boolean }).adult — no longer implies only movies have the field
5	Empty string rating clearing	Added clarifying comment: // Empty string = "No Restriction" from the UI dropdown; convert to undefined for DB storage

Build and lint both pass clean.

[coderabbitai]

🧹 Nitpick comments (1)

server/routes/search.ts (1)

74-77: Consider simplifying the adult type guard.

The type cast is correct but verbose. A simpler approach using a type guard function could improve readability.

♻️ Optional simplification

-  const preFiltered = blockAdult
-    ? results.filter((r) => !('adult' in r && (r as { adult?: boolean }).adult))
-    : results;
+  const preFiltered = blockAdult
+    ? results.filter((r) => {
+        if ('adult' in r) {
+          return !(r as TmdbMovieResult | TmdbPersonResult | TmdbCollectionResult).adult;
+        }
+        return true;
+      })
+    : results;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/search.ts` around lines 74 - 77, The filter for preFiltered is
using a verbose cast; introduce a small type guard like hasAdultFlag(value):
value is { adult?: boolean } and then replace the predicate with
results.filter(r => !(hasAdultFlag(r) && r.adult)) so you avoid the (r as {
adult?: boolean }) cast while keeping the same logic; update the local symbols
preFiltered, blockAdult, results to use the new hasAdultFlag guard in search.ts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@server/routes/search.ts`:
- Around line 74-77: The filter for preFiltered is using a verbose cast;
introduce a small type guard like hasAdultFlag(value): value is { adult?:
boolean } and then replace the predicate with results.filter(r =>
!(hasAdultFlag(r) && r.adult)) so you avoid the (r as { adult?: boolean }) cast
while keeping the same logic; update the local symbols preFiltered, blockAdult,
results to use the new hasAdultFlag guard in search.ts.

[ProgenyAlpha]

Follow-up fix (921bdc9)

While making the mixed-value warning more visible in the bulk edit modal, also addressed the latest CodeRabbit nitpick:

• Dropdown placeholder: "Restrictions vary between selected users" now appears as the selected option in the rating dropdowns (replacing "No Restriction") when selected users have different limits — much harder to miss than the subtitle hint
• Type guard: Replaced inline (r as { adult?: boolean }).adult cast with a proper hasAdultFlag() type guard in search.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/components/UserList/BulkEditModal.tsx`:
- Around line 92-151: Reset the "mixed" flags and touched fields whenever the
selection changes to avoid stale UI state: at the start of fetchParentalControls
(or in a useEffect watching selectedUserIds) call the setters to clear mixed
flags (setMixedMovieRating(false), setMixedTvRating(false),
setMixedBlockUnrated(false), setMixedBlockAdult(false)) and reset touchedFields
via setTouchedFields({}) (and optionally clear current values like
setCurrentMaxMovieRating(undefined) / setCurrentMaxTvRating(undefined) if you
want a clean initial state) before fetching; this ensures previous mixed/touched
indicators don't persist across selection changes.

[ProgenyAlpha]

@mcfalld Heads up, your bug fix for the blockUnrated gating issue sent me down a rabbit hole. Once I started looking at the post-filter logic, I realized the content rating enforcement was only covering discover and search routes. Everything else: detail pages, recommendations, similar, collections, person credits, request submission..had zero rating checks. A restricted user could just navigate directly to /movie/550 and see whatever they wanted.

So I ended up doing a bigger refactor:

• Extracted all the shared rating logic (getUserContentRatingLimits, cert extraction, batch filtering) into server/lib/contentRating.ts — was duplicated across discover and search
• Created enforcement middleware in server/middleware/ratingCheck.ts for detail routes (returns 403) and list filtering utilities
• Closed every bypass gap I could find: movie/TV detail pages, seasons, recommendations, similar, collections, person credits, request creation, and the Plex watchlist
• Added proper frontend 403 handling so restricted users see "Content Restricted" instead of a broken error page

Also fixed a TypeORM issue where clearing a rating limit wasn't actually persisting to the DB (undefined vs null), and cleaned up the dropdown defaults to use NC-17/TV-MA as "no restriction" instead of an empty string.

Net result is about 130 fewer lines in discover.ts and rating enforcement everywhere it was missing. The two new commits on the PR cover all of it.

Thanks for taking the time to test and review, your catch on the blockUnrated bug is what kicked off finding all these other gaps.

[mcfalld]

I'd also noticed the 'No Restriction' not saving thing. Good catch.

1. Trending and upcoming pages look incomplete; the severity of incompleteness is a direct result of the ratings selected. Maybe this is an expected result of filtering?

2. Can you share your tsconfig by chance? I'm getting some type script errors.

[ProgenyAlpha]

Thanks for testing and reviewing, really appreciate it.

1. Yeah, that's expected behavior with restrictive ratings. The TMDB API doesn't support server-side filtering by content rating for trending/upcoming, so we pull the full result set and filter client-side. Originally we backfilled one extra page of results when filtering dropped the count too low, but in our latest commits we bumped that to backfill up to 2 additional pages if the visible count falls below 20 items. We could fetch even more pages, but each page is another API call and TMDB rate-limits to 40 requests per 10 seconds, so there's a ceiling.

We also caught foreign films leaking past the filters because they had no US certification (NR/unrated) but carried a G-equivalent rating under foreign cert authorities. We locked cert extraction to US-only to prevent that.

If TMDB ever adds native filtering by certification to their trending/upcoming endpoints, we could get much better result density. For now, client-side filtering after fetch is the only option.

2. Here's the tsconfig:

{
  "compilerOptions": {
    "target": "ES2021",
    "lib": ["dom", "dom.iterable", "esnext"],
    "allowJs": true,
    "skipLibCheck": true,
    "strict": true,
    "forceConsistentCasingInFileNames": true,
    "noEmit": true,
    "esModuleInterop": true,
    "module": "esnext",
    "moduleResolution": "node",
    "resolveJsonModule": true,
    "isolatedModules": true,
    "jsx": "preserve",
    "strictPropertyInitialization": false,
    "experimentalDecorators": true,
    "emitDecoratorMetadata": true,
    "useUnknownInCatchVariables": false,
    "incremental": true,
    "baseUrl": "src",
    "downlevelIteration": true,
    "paths": {
      "@server/*": ["../server/*"],
      "@app/*": ["*"]
    }
  },
  "include": ["next-env.d.ts", "src/**/*.ts", "src/**/*.tsx"],
  "exclude": ["node_modules"]
}

What errors are you seeing? Could be a path alias or strict mode thing.

[mcfalld]

getting 2 errors:

server/middleware/ratingCheck.ts:115:31 - error TS2352: Conversion of type 'TmdbTvDetails' to type 'Record<string, unknown>' may be a mistake because neither type sufficiently overlaps with the other. If this was intentional, convert the expression to 'unknown' first.
Index signature for type 'string' is missing in type 'TmdbTvDetails'.

115 if (limits.blockAdult && (details as Record<string, unknown>).adult) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

server/routes/discover.ts:1515:7 - error TS2322: Type '{ id: number; ratingKey: string; title: string; mediaType: string; tmdbId: number; }[]' is not assignable to type 'WatchlistItem[]'.
Type '{ id: number; ratingKey: string; title: string; mediaType: string; tmdbId: number; }' is not assignable to type 'WatchlistItem'.
Types of property 'mediaType' are incompatible.
Type 'string' is not assignable to type '"movie" | "tv"'.

1515 results: watchlistResults,

Errors Files
1 server/middleware/ratingCheck.ts:115
1 server/routes/discover.ts:1515

[ProgenyAlpha]

Good catches, both fixed in the latest push.

1. Added adult?: boolean to the TmdbTvDetails interface so we don't need to cast around it. TMDB returns the field, we just weren't declaring it.

2. Used as const on the watchlist mediaType ternary so TypeScript preserves the literal "tv" | "movie" instead of widening to string.

Out of curiosity, which IDE are you using? Wondering how your setup is picking up the server-side types since our tsconfig only includes src/.

[mcfalld]

I'm using VS Code.
I do a:
'pnpm build:server'

then

'$env:NODE_ENV="production"; node dist/index.js'

Then I see all the logs in my VS Code console.

But I'm doing this on a gaming PC not my server, so it's two separate instances.

[ProgenyAlpha]

Gotcha, the fix should be live so let me know if it persists. I'm running it via Docker so I wasn't catching the server-side type errors from pnpm build:server.

[ProgenyAlpha]

@ThermicWaffle Really appreciate you taking the time to look through this! Great questions, let me walk through each one.

1. blockAdult defaulting to false - The existing TMDB client already passes include_adult: false on every API call globally, so adult content is blocked for all users regardless of this setting. The per-user toggle is really just a secondary layer in case that global default ever changes. That's what I was thinking functionally, but I'm happy to flip the default to true if that feels safer and more intuitive.

2. Abstracting includeAdult into the per-user toggle - I agree that would be cleaner long-term and was considered. The challenge is that refactoring the shared TMDB client in server/api/themoviedb/index.ts to be user-context-aware would touch every route that calls it. I'd rather keep that as a separate follow-up so we don't scope-creep this PR.

3. Blocking common adult tags/genres - Yeah, genre and keyword-based filtering (erotic thrillers, etc.) would need a maintained blocklist and is a different filtering dimension from what TMDB provides via certifications and the adult flag. Definitely worth exploring, but probably deserves its own feature and discussion.

4. Defaulting blockUnrated to true - I hear you on this one, and I get the instinct. The tricky part is that "unrated" catches a lot of legitimate content like foreign films, indie releases, and anything without a US certification. The current design keeps parental controls as opt-in per user, so an admin who wants a fail-closed setup can flip both toggles on. Defaulting to blocked felt too aggressive for a general-purpose media request app, but I'm open to hearing other perspectives on it.

Thanks again for the thoughtful insight!

[ThermicWaffle]

Thank you for the thoughtful response! I think I'll leave the decision on these things to @fallenbagel .

I didn't think of it blocking indie/international films, good catch! I imagine TMDB doesn't capture ratings from other countries? If it does, could be cool to add in a later PR. Another thought I had, why TMDB over TVDB?

The scope creep explanations make sense. Thanks for the hard work on this you guys, I'm excited to finally filter out this content from my searches and suggestions!!

[ProgenyAlpha]

Thanks! To answer your questions:

International ratings: TMDB actually does have certification data for a bunch of countries (US, GB, AU, DE, BR, etc.). We just scope to US ratings right now since that's the hierarchy we built. Supporting multi-country rating maps is totally doable in a follow-up. The backend already stores the full certification response, so we'd just need additional rating hierarchies and a user/server-level country preference.

Why TMDB over TVDB: I thought about using TVDB and unless I missed something, TVDB doesn't provide content rating or certification data that we can filter on. TMDB does, and Seerr already uses it as the primary metadata source for discovery and search, so the certification data is already in the responses we're working with. No extra API calls needed.

[github-actions]

This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.

[ProgenyAlpha]

Merge Conflict Resolution

Upstream develop introduced media-type filtering for the /trending endpoint (mediaType/timeWindow params with per-type fetchers). This conflicted with our parental controls post-filter and backfill logic in the same route.

What changed upstream:

• Trending endpoint now accepts mediaType (all/movie/tv) and timeWindow (day/week) query params
• Uses a fetcher map pattern (trendingFetchers[mediaType]) instead of hardcoded getAllTrending
• Result mapping uses a generic mapper function instead of inline isMovie/isPerson/isCollection checks

How we resolved it:

• Adopted upstream's fetcher pattern in full
• Added a page parameter to each fetcher ((p: number) => ...) so our backfill loop can call the same fetcher for subsequent pages instead of hardcoding getAllTrending — this means parental controls backfill now works correctly for movie-only and tv-only trending views too
• Result mapping uses upstream's mapper(result, selectedMedia) pattern over our filteredResults (not data.results) so parental controls filtering is preserved
• All existing parental controls logic (pre-filter, post-filter, backfill, fail-closed) unchanged

Build passes clean (pnpm build).

[mcfalld]

Nice work man, I'll pull it tonight at some point and test it again.

[mcfalld]

Looks good — As mentioned previously, a handful of pages remain sparse due to filtering, but with the API limit in mind, this is fine.

[ProgenyAlpha]

Major Update: Pagination, Rate Limiting & Filtering Overhaul (85cb67f)

10 files changed, +645/-443 lines — this is a significant rework of how content filtering interacts with TMDB's API and how paginated results flow to the frontend.

---

Background

Testing parental controls under strict settings (PG / TV-G) exposed fundamental issues with how filtering, pagination, and TMDB API calls work together:

1. Broken infinite scroll — Server-side backfill was consuming extra TMDB pages to compensate for filtered results, but the frontend had no way to know which pages were already consumed. It would re-request them, causing duplicate and skipped content.

2. TMDB rate limit failures — TMDB's discover API ignores certification.lte for TV shows entirely, forcing individual detail fetches for every TV result. With 6-10 sliders loading simultaneously on a page, each firing 20+ parallel certification lookups, TMDB's rate limits were hit hard — up to 9/17 TV lookups failing per batch. Every failed lookup means content gets blocked (fail-closed), so users were seeing unnecessarily empty pages.

3. Duplicate API calls — ratingCheck.ts (used by movie/TV recommendations, similar titles, collections, and person credits — some of the heaviest endpoints) was making direct TMDB calls for certifications, completely bypassing the certification cache. The same title could be fetched 3-4 times across different sliders.

4. Adult content filtering gap — blockAdult was only checked in movie-specific code paths. filterTvBatch, filterTvListByRating, and the watchlist TV branch all had no adult content checks, meaning adult-flagged TV content could pass through to restricted users.

---

What Changed

Cursor-based pagination (5 server files + 2 frontend files)

All paginated endpoints (/discover/*, /movie/:id/recommendations, /movie/:id/similar, /tv/:id/recommendations, /tv/:id/similar, /user/:id/watchlist, /search) now return a nextPage field calculated from the actual number of TMDB pages consumed during backfill. The frontend (useDiscover.ts, MediaSlider) uses this instead of naively incrementing page + 1. This correctly handles cases where the server consumed pages 1-4 to fill a single response — the frontend knows to request page 5 next.

Global AIMD concurrency limiter (contentRating.ts, ~50 lines)

A process-wide semaphore controls all certification lookups across every route handler, every slider, every user. No new dependencies.

• Starts at 8 concurrent requests
• On TMDB 429 response: halves concurrency (multiplicative decrease)
• On success: +1 concurrency (additive increase)
• Bounded between 2 and 20 concurrent
• Failed requests retry up to 2 times with exponential backoff (500ms, 1s)
• Requests queue when the limit is reached — no requests are dropped

This means when the first 429 hits, the system immediately backs off, queued requests wait their turn, and concurrency gradually recovers. Multiple users hitting the app simultaneously are automatically coordinated through the same limiter.

Note on design: The throttle is currently scoped to certification lookups within this PR, but the pattern (acquire/release/throttledFetch) is generic and self-contained. If other features need TMDB rate limit protection in the future (e.g. batch metadata fetches, scanner operations, or any new endpoint that makes bulk TMDB calls), the limiter can be extracted into its own module and shared across the codebase. Since every new TheMovieDb() instance currently gets its own independent axios-rate-limit — meaning there's no global coordination across callers — a shared limiter like this would be the natural place to centralize TMDB rate limit management if that becomes a broader need.

Shared certification cache (contentRating.ts)

Process-wide in-memory Map keyed by movie:{tmdbId} / tv:{tvId}. Once any request (any user, any slider, any endpoint) fetches a title's certification, it's cached for the lifetime of the process. This dramatically reduces TMDB API load as more content is browsed — popular titles that appear across trending, genre sliders, and recommendations are only fetched once.

Cache + throttle adoption in ratingCheck.ts

filterMovieListByRating, filterTvListByRating, and filterCreditsByRating (the person credits filter that can fire 100+ concurrent lookups for a single actor page) all switched from direct tmdb.getMovie()/tmdb.getTvShow() calls to getCachedMovieCert/getCachedTvCert. This means they now benefit from both the cache and the throttle automatically.

blockAdult consistency fix (3 files)

Added adult content pre-filtering to filterMovieBatch, filterTvBatch (contentRating.ts), filterTvListByRating (ratingCheck.ts), and the watchlist TV branch (discover.ts). All filtering paths now check blockAdult consistently for both movie and TV content.

Dead code cleanup

Removed unused imports (getMovieCertFromDetails, getTvCertFromDetails from discover.ts), unused variables (originalCount, filteredCount from search.ts), a stale migration comment, and fixed an any type annotation.

---

Test Results

• TypeScript: zero errors, zero warnings
• ESLint: clean
• Cold-cache page load: throttle adapts within seconds, all lookups succeed on subsequent loads
• Warm-cache page load: zero TMDB API calls for cached titles, zero failures
• Strict filters (PG / TV-G): pages fill correctly via backfill, infinite scroll works
• Before: up to 9/17 TV cert lookups failing per batch → After: zero failures on steady state

[ProgenyAlpha]

Looks good — As mentioned previously, a handful of pages remain sparse due to filtering, but with the API limit in mind, this is fine.

It was bothering me how sparse everything looked, you should see significant improvement in the results and behavior and now infinite scroll works as intended. Thanks for bringing it up, seeing it bother you made me rework the entire process for the better.

[github-actions]

This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.

[ProgenyAlpha]

Merge conflicts resolved and build verified. Ready for review.

@fallenbagel @OwsleyJr — would appreciate a review when you get a chance.

[github-actions]

This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.

[ProgenyAlpha]

Merge conflicts with develop resolved — upstream changed getRelatedMedia() to accept {tmdbId, mediaType} objects instead of plain IDs. Updated all 5 conflicted route files to use our filteredResults (parental controls filtering) with the new signature.

Ready for review when you get a chance 🙏

[PonchoPig]

Thank you for working on this! I'm really excited for it!

[akj501]

Hey, is this due to be pushed to a stable version anytime soon?

[0xSysR3ll]

Hey, is this due to be pushed to a stable version anytime soon?

Not until it's properly reviewed, which is not.

[mcfalld]

Hey, is this due to be pushed to a stable version anytime soon?

Not until it's properly reviewed, which is not.

Not trying to be pushy. I'm genuinely curious, what does properly reviewed entail?

[fallenbagel]

Hey, is this due to be pushed to a stable version anytime soon?

Not until it's properly reviewed, which is not.

Not trying to be pushy. I'm genuinely curious, what does properly reviewed entail?

Us maintainers reviewing the code for its quality, architectural design, maintainability etc.

[github-actions]

This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.