diff options
| author | Shadowghost <Ghost_of_Stone@web.de> | 2023-05-09 15:25:41 +0200 |
|---|---|---|
| committer | Shadowghost <Ghost_of_Stone@web.de> | 2023-05-09 15:25:41 +0200 |
| commit | 6cc1203c1b423ee2765be7e33aad56be374c8314 (patch) | |
| tree | 57ce21874de41124f2626c5f06328bcb2e9734d5 /Jellyfin.Api/Controllers/LibraryController.cs | |
| parent | 520c07e8cad3e4372f6a5214160d1600106a7bfd (diff) | |
| parent | 92a0d26f31743ca0015fcc3e0a4fe094792ac63c (diff) | |
Merge branch 'master' into network-rewrite
Diffstat (limited to 'Jellyfin.Api/Controllers/LibraryController.cs')
| -rw-r--r-- | Jellyfin.Api/Controllers/LibraryController.cs | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs index bf59febed..e094d2d77 100644 --- a/Jellyfin.Api/Controllers/LibraryController.cs +++ b/Jellyfin.Api/Controllers/LibraryController.cs @@ -15,6 +15,7 @@ using Jellyfin.Api.Models.LibraryDtos; using Jellyfin.Data.Entities; using Jellyfin.Data.Enums; using Jellyfin.Extensions; +using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Progress; using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Dto; @@ -332,12 +333,26 @@ public class LibraryController : BaseJellyfinApiController [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] + [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult DeleteItem(Guid itemId) { + var isApiKey = User.GetIsApiKey(); + var userId = User.GetUserId(); + var user = !isApiKey && !userId.Equals(default) + ? _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException() + : null; + if (!isApiKey && user is null) + { + return Unauthorized("Unauthorized access"); + } + var item = _libraryManager.GetItemById(itemId); - var user = _userManager.GetUserById(User.GetUserId()); + if (item is null) + { + return NotFound(); + } - if (!item.CanDelete(user)) + if (user is not null && !item.CanDelete(user)) { return Unauthorized("Unauthorized access"); } @@ -361,26 +376,31 @@ public class LibraryController : BaseJellyfinApiController [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] + [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids) { - if (ids.Length == 0) + var isApiKey = User.GetIsApiKey(); + var userId = User.GetUserId(); + var user = !isApiKey && !userId.Equals(default) + ? _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException() + : null; + + if (!isApiKey && user is null) { - return NoContent(); + return Unauthorized("Unauthorized access"); } foreach (var i in ids) { var item = _libraryManager.GetItemById(i); - var user = _userManager.GetUserById(User.GetUserId()); - - if (!item.CanDelete(user)) + if (item is null) { - if (ids.Length > 1) - { - return Unauthorized("Unauthorized access"); - } + return NotFound(); + } - continue; + if (user is not null && !item.CanDelete(user)) + { + return Unauthorized("Unauthorized access"); } _libraryManager.DeleteItem( |