mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-23 09:19:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update:Express middleware sets req.user to new data model, openid permissions functions moved to new data model

Browse source
This commit is contained in:
advplyr 2024-08-11 16:07:29 -05:00
parent 29a15858f4
commit 2472b86284
29 changed files with 474 additions and 430 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/controllers/CustomMetadataProviderController.js
View file

@ -101,8 +101,8 @@ class CustomMetadataProviderController {
* @param {import('express').NextFunction} next
*/
async middleware(req, res, next) {
if (!req.userNew.isAdminOrUp) {
Logger.warn(`[CustomMetadataProviderController] Non-admin user "${req.userNew.username}" attempted access route "${req.path}"`)
if (!req.user.isAdminOrUp) {
Logger.warn(`[CustomMetadataProviderController] Non-admin user "${req.user.username}" attempted access route "${req.path}"`)
return res.sendStatus(403)
}