aboutsummaryrefslogtreecommitdiff
path: root/Jellyfin.Api/Controllers/ImageController.cs
diff options
context:
space:
mode:
Diffstat (limited to 'Jellyfin.Api/Controllers/ImageController.cs')
-rw-r--r--Jellyfin.Api/Controllers/ImageController.cs13
1 files changed, 9 insertions, 4 deletions
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index 6a169eae3..b71199026 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -109,7 +109,7 @@ public class ImageController : BaseJellyfinApiController
return NotFound();
}
- if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, requestUserId, true))
+ if (!RequestHelpers.AssertCanUpdateUser(HttpContext.User, user, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
}
@@ -203,13 +203,18 @@ public class ImageController : BaseJellyfinApiController
[FromQuery] Guid? userId)
{
var requestUserId = RequestHelpers.GetUserId(User, userId);
- if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, requestUserId, true))
+ var user = _userManager.GetUserById(requestUserId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
+ if (!RequestHelpers.AssertCanUpdateUser(HttpContext.User, user, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to delete the image.");
}
- var user = _userManager.GetUserById(requestUserId);
- if (user?.ProfileImage is null)
+ if (user.ProfileImage is null)
{
return NoContent();
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-06 15:48:34 +0000