starred/jellyfin-jellyfin-1
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-12-17 22:43:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Change arguments AssertCanUpdateUser to take a user

Browse Source
This commit is contained in:
Bond_009
2024-05-15 17:51:40 +02:00
parent c831af2fe2
commit 4549337335
4 changed files with 41 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Jellyfin.Api/Controllers/UserController.cs
View File

@@ -274,16 +274,15 @@ public class UserController : BaseJellyfinApiController
[FromBody, Required] UpdateUserPassword request)
{
var requestUserId = userId ?? User.GetUserId();
if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
}
var user = _userManager.GetUserById(requestUserId);
if (user is null)
{
return NotFound("User not found");
return NotFound();
}
if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
}
if (request.ResetPassword)
@@ -386,7 +385,7 @@ public class UserController : BaseJellyfinApiController
return NotFound();
}
if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
}
@@ -396,7 +395,7 @@ public class UserController : BaseJellyfinApiController
await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
}
await _userManager.UpdateConfigurationAsync(user.Id, updateUser.Configuration).ConfigureAwait(false);
await _userManager.UpdateConfigurationAsync(requestUserId, updateUser.Configuration).ConfigureAwait(false);
return NoContent();
}
@@ -495,7 +494,13 @@ public class UserController : BaseJellyfinApiController
[FromBody, Required] UserConfiguration userConfig)
{
var requestUserId = userId ?? User.GetUserId();
if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
var user = _userManager.GetUserById(requestUserId);
if (user is null)
{
return NotFound();
}
if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed");
}