Change arguments AssertCanUpdateUser to take a user

author: Bond_009 <bond.009@outlook.com> 2024-05-15 17:51:40 +0200
committer: Bond_009 <bond.009@outlook.com> 2024-08-05 17:17:57 +0200
commit: 454933733574dae8fa9b255d62a89cf953f1fe44 (patch)
tree: b6fdf84dd829fcb63433816f52a92c4b798701d3 /Jellyfin.Api/Controllers/UserController.cs
parent: c831af2fe23b6400ea6ee9a57b938a594b654ad5 (diff)
1 files changed, 14 insertions, 9 deletions
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index c3923a2ad..2df79c80c 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -274,16 +274,15 @@ public class UserController : BaseJellyfinApiController
         [FromBody, Required] UpdateUserPassword request)
     {
         var requestUserId = userId ?? User.GetUserId();
-        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
+        var user = _userManager.GetUserById(requestUserId);
+        if (user is null)
         {
-            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
+            return NotFound();
         }
 
-        var user = _userManager.GetUserById(requestUserId);
-
-        if (user is null)
+        if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
         {
-            return NotFound("User not found");
+            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
         }
 
         if (request.ResetPassword)
@@ -386,7 +385,7 @@ public class UserController : BaseJellyfinApiController
             return NotFound();
         }
 
-        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
+        if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
         }
@@ -396,7 +395,7 @@ public class UserController : BaseJellyfinApiController
             await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
         }
 
-        await _userManager.UpdateConfigurationAsync(user.Id, updateUser.Configuration).ConfigureAwait(false);
+        await _userManager.UpdateConfigurationAsync(requestUserId, updateUser.Configuration).ConfigureAwait(false);
 
         return NoContent();
     }
@@ -495,7 +494,13 @@ public class UserController : BaseJellyfinApiController
         [FromBody, Required] UserConfiguration userConfig)
     {
         var requestUserId = userId ?? User.GetUserId();
-        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
+        var user = _userManager.GetUserById(requestUserId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
+        if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed");
         }
author	Bond_009 <bond.009@outlook.com>	2024-05-15 17:51:40 +0200
committer	Bond_009 <bond.009@outlook.com>	2024-08-05 17:17:57 +0200
commit	454933733574dae8fa9b255d62a89cf953f1fe44 (patch)
tree	b6fdf84dd829fcb63433816f52a92c4b798701d3 /Jellyfin.Api/Controllers/UserController.cs
parent	c831af2fe23b6400ea6ee9a57b938a594b654ad5 (diff)