Merge branch 'master' into simplify_authz

# Conflicts: # Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
2025-12-16 22:13:06 +03:00 · 2023-02-12 22:59:48 +01:00
parent c9aef96dba 318f11e793
commit 52e2776d8e
60 changed files with 700 additions and 357 deletions
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -99,12 +99,17 @@ public class ImageController : BaseJellyfinApiController
        [FromRoute, Required] ImageType imageType,
        [FromQuery] int? index = null)
    {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
        if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
        {
            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
        }

-        var user = _userManager.GetUserById(userId);
        var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
        await using (memoryStream.ConfigureAwait(false))
        {
@@ -148,12 +153,17 @@ public class ImageController : BaseJellyfinApiController
        [FromRoute, Required] ImageType imageType,
        [FromRoute] int index)
    {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
        if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
        {
            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
        }

-        var user = _userManager.GetUserById(userId);
        var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
        await using (memoryStream.ConfigureAwait(false))
        {