mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-27 11:19:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Update:Give full permissions to admin users except updating root or viewing root api token #137

Browse source
This commit is contained in:
advplyr 2022-05-03 19:16:16 -05:00
parent 195a30096f
commit 2e070227ab
17 changed files with 75 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

12
server/controllers/LibraryItemController.js
View file

@ -331,8 +331,8 @@ class LibraryItemController {
// DELETE: api/items/all
async deleteAll(req, res) {
if (!req.user.isRoot) {
Logger.warn('User other than root attempted to delete all library items', req.user)
if (!req.user.isAdminOrUp) {
Logger.warn('User other than admin attempted to delete all library items', req.user)
return res.sendStatus(403)
}
Logger.info('Removing all Library Items')
@ -341,10 +341,10 @@ class LibraryItemController {
else res.sendStatus(500)
}
// GET: api/items/:id/scan (Root)
// GET: api/items/:id/scan (admin)
async scan(req, res) {
if (!req.user.isRoot) {
Logger.error(`[LibraryItemController] Non-root user attempted to scan library item`, req.user)
if (!req.user.isAdminOrUp) {
Logger.error(`[LibraryItemController] Non-admin user attempted to scan library item`, req.user)
return res.sendStatus(403)
}
@ -361,7 +361,7 @@ class LibraryItemController {
// POST: api/items/:id/audio-metadata
async updateAudioFileMetadata(req, res) {
if (!req.user.isRoot) {
if (!req.user.isAdminOrUp) {
Logger.error(`[LibraryItemController] Non-root user attempted to update audio metadata`, req.user)
return res.sendStatus(403)
}