From 454933733574dae8fa9b255d62a89cf953f1fe44 Mon Sep 17 00:00:00 2001 From: Bond_009 Date: Wed, 15 May 2024 17:51:40 +0200 Subject: Change arguments AssertCanUpdateUser to take a user --- Jellyfin.Api/Controllers/ItemsController.cs | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'Jellyfin.Api/Controllers/ItemsController.cs') diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs index d33634412..828bd5174 100644 --- a/Jellyfin.Api/Controllers/ItemsController.cs +++ b/Jellyfin.Api/Controllers/ItemsController.cs @@ -972,12 +972,17 @@ public class ItemsController : BaseJellyfinApiController [FromRoute, Required] Guid itemId) { var requestUserId = RequestHelpers.GetUserId(User, userId); - if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true)) + var user = _userManager.GetUserById(requestUserId); + if (user is null) + { + return NotFound(); + } + + if (!RequestHelpers.AssertCanUpdateUser(User, user, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to view this item user data."); } - var user = _userManager.GetUserById(requestUserId) ?? throw new ResourceNotFoundException(); var item = _libraryManager.GetItemById(itemId, user); if (item is null) { @@ -1023,12 +1028,17 @@ public class ItemsController : BaseJellyfinApiController [FromBody, Required] UpdateUserItemDataDto userDataDto) { var requestUserId = RequestHelpers.GetUserId(User, userId); - if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true)) + var user = _userManager.GetUserById(requestUserId); + if (user is null) + { + return NotFound(); + } + + if (!RequestHelpers.AssertCanUpdateUser(User, user, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update this item user data."); } - var user = _userManager.GetUserById(requestUserId) ?? throw new ResourceNotFoundException(); var item = _libraryManager.GetItemById(itemId, user); if (item is null) { -- cgit v1.2.3