diff options
Diffstat (limited to 'Jellyfin.Api/Controllers/ImageController.cs')
| -rw-r--r-- | Jellyfin.Api/Controllers/ImageController.cs | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs index 8e8accab3..b71199026 100644 --- a/Jellyfin.Api/Controllers/ImageController.cs +++ b/Jellyfin.Api/Controllers/ImageController.cs @@ -109,7 +109,7 @@ public class ImageController : BaseJellyfinApiController return NotFound(); } - if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, requestUserId, true)) + if (!RequestHelpers.AssertCanUpdateUser(HttpContext.User, user, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image."); } @@ -203,13 +203,18 @@ public class ImageController : BaseJellyfinApiController [FromQuery] Guid? userId) { var requestUserId = RequestHelpers.GetUserId(User, userId); - if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, requestUserId, true)) + var user = _userManager.GetUserById(requestUserId); + if (user is null) + { + return NotFound(); + } + + if (!RequestHelpers.AssertCanUpdateUser(HttpContext.User, user, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to delete the image."); } - var user = _userManager.GetUserById(requestUserId); - if (user?.ProfileImage is null) + if (user.ProfileImage is null) { return NoContent(); } @@ -2089,6 +2094,8 @@ public class ImageController : BaseJellyfinApiController Response.Headers.Append(HeaderNames.Age, Convert.ToInt64((DateTime.UtcNow - dateImageModified).TotalSeconds).ToString(CultureInfo.InvariantCulture)); Response.Headers.Append(HeaderNames.Vary, HeaderNames.Accept); + Response.Headers.ContentDisposition = "attachment"; + if (disableCaching) { Response.Headers.Append(HeaderNames.CacheControl, "no-cache, no-store, must-revalidate"); |