@ -274,16 +274,15 @@ public class UserController : BaseJellyfinApiController
[FromBody, Required] UpdateUserPassword request )
{
var requestUserId = userId ? ? User . GetUserId ( ) ;
if ( ! RequestHelpers . AssertCanUpdateUser ( _userManager , User , requestUserId , true ) )
var user = _userManager . GetUserById ( requestUserId ) ;
if ( user is null )
{
return StatusCode( StatusCodes . Status403Forbidden , "User is not allowed to update the password." ) ;
return NotFound( ) ;
}
var user = _userManager . GetUserById ( requestUserId ) ;
if ( user is null )
if ( ! RequestHelpers . AssertCanUpdateUser ( User , user , true ) )
{
return NotFound( "User not found ") ;
return StatusCode ( StatusCodes . Status403Forbidden , "User is not allowed to update the password." ) ;
}
if ( request . ResetPassword )
@ -386,7 +385,7 @@ public class UserController : BaseJellyfinApiController
return NotFound ( ) ;
}
if ( ! RequestHelpers . AssertCanUpdateUser ( _userManager, User, req uestU serId , true ) )
if ( ! RequestHelpers . AssertCanUpdateUser ( User, user, true ) )
{
return StatusCode ( StatusCodes . Status403Forbidden , "User update not allowed." ) ;
}
@ -396,7 +395,7 @@ public class UserController : BaseJellyfinApiController
await _userManager . RenameUser ( user , updateUser . Name ) . ConfigureAwait ( false ) ;
}
await _userManager . UpdateConfigurationAsync ( user. Id, updateUser . Configuration ) . ConfigureAwait ( false ) ;
await _userManager . UpdateConfigurationAsync ( req uestU serId, updateUser . Configuration ) . ConfigureAwait ( false ) ;
return NoContent ( ) ;
}
@ -495,7 +494,13 @@ public class UserController : BaseJellyfinApiController
[FromBody, Required] UserConfiguration userConfig )
{
var requestUserId = userId ? ? User . GetUserId ( ) ;
if ( ! RequestHelpers . AssertCanUpdateUser ( _userManager , User , requestUserId , true ) )
var user = _userManager . GetUserById ( requestUserId ) ;
if ( user is null )
{
return NotFound ( ) ;
}
if ( ! RequestHelpers . AssertCanUpdateUser ( User , user , true ) )
{
return StatusCode ( StatusCodes . Status403Forbidden , "User configuration update not allowed" ) ;
}