mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-24 09:49:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Update:Give full permissions to admin users except updating root or viewing root api token #137

Browse source
This commit is contained in:
advplyr 2022-05-03 19:16:16 -05:00
parent 195a30096f
commit 2e070227ab
17 changed files with 75 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/controllers/LibraryController.js
View file

@ -320,7 +320,7 @@ class LibraryController {
// PATCH: Change the order of libraries
async reorder(req, res) {
if (!req.user.isRoot) {
if (!req.user.isAdminOrUp) {
Logger.error('[LibraryController] ReorderLibraries invalid user', req.user)
return res.sendStatus(403)
}
@ -457,7 +457,7 @@ class LibraryController {
}
async matchAll(req, res) {
if (!req.user.isRoot) {
if (!req.user.isAdminOrUp) {
Logger.error(`[LibraryController] Non-root user attempted to match library items`, req.user)
return res.sendStatus(403)
}
@ -467,7 +467,7 @@ class LibraryController {
// GET: api/scan (Root)
async scan(req, res) {
if (!req.user.isRoot) {
if (!req.user.isAdminOrUp) {
Logger.error(`[LibraryController] Non-root user attempted to scan library`, req.user)
return res.sendStatus(403)
}