Merge pull request #11665 from Bond-009/getuserbyid

author: Cody Robibero <cody@robibe.ro> 2024-08-28 12:39:48 -0600
committer: GitHub <noreply@github.com> 2024-08-28 12:39:48 -0600
commit: 8c3f3c503b4b0606e2987ed58e5228d72669afeb (patch)
tree: f139dd171ac4fcc5328061aa455644586c428b7a /Jellyfin.Api/Controllers/UserController.cs
parent: 639d75bd8300ee9538c5a8142cb86b7e89305d9a (diff)
parent: e221c1d25d640eaac01220b3f5b1422f4c11ed46 (diff)
1 files changed, 14 insertions, 9 deletions
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index c3923a2ad..2df79c80c 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -274,16 +274,15 @@ public class UserController : BaseJellyfinApiController
         [FromBody, Required] UpdateUserPassword request)
     {
         var requestUserId = userId ?? User.GetUserId();
-        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
+        var user = _userManager.GetUserById(requestUserId);
+        if (user is null)
         {
-            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
+            return NotFound();
         }
 
-        var user = _userManager.GetUserById(requestUserId);
-
-        if (user is null)
+        if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
         {
-            return NotFound("User not found");
+            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
         }
 
         if (request.ResetPassword)
@@ -386,7 +385,7 @@ public class UserController : BaseJellyfinApiController
             return NotFound();
         }
 
-        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
+        if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
         }
@@ -396,7 +395,7 @@ public class UserController : BaseJellyfinApiController
             await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
         }
 
-        await _userManager.UpdateConfigurationAsync(user.Id, updateUser.Configuration).ConfigureAwait(false);
+        await _userManager.UpdateConfigurationAsync(requestUserId, updateUser.Configuration).ConfigureAwait(false);
 
         return NoContent();
     }
@@ -495,7 +494,13 @@ public class UserController : BaseJellyfinApiController
         [FromBody, Required] UserConfiguration userConfig)
     {
         var requestUserId = userId ?? User.GetUserId();
-        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true))
+        var user = _userManager.GetUserById(requestUserId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
+        if (!RequestHelpers.AssertCanUpdateUser(User, user, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed");
         }
author	Cody Robibero <cody@robibe.ro>	2024-08-28 12:39:48 -0600
committer	GitHub <noreply@github.com>	2024-08-28 12:39:48 -0600
commit	8c3f3c503b4b0606e2987ed58e5228d72669afeb (patch)
tree	f139dd171ac4fcc5328061aa455644586c428b7a /Jellyfin.Api/Controllers/UserController.cs
parent	639d75bd8300ee9538c5a8142cb86b7e89305d9a (diff)
parent	e221c1d25d640eaac01220b3f5b1422f4c11ed46 (diff)