mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-21 00:26:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Update upload endpoint to check user has access to library

Browse source
This commit is contained in:
advplyr 2025-06-11 16:14:51 -05:00
parent aac01d6d9a
commit a6f10ca48e
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/controllers/MiscController.js
View file

@ -59,6 +59,12 @@ class MiscController {
if (!library) {
return res.status(404).send('Library not found')
}
if (!req.user.checkCanAccessLibrary(library.id)) {
Logger.error(`[MiscController] User "${req.user.username}" attempting to upload to library "${library.id}" without access`)
return res.sendStatus(403)
}
const folder = library.libraryFolders.find((fold) => fold.id === folderId)
if (!folder) {
return res.status(404).send('Folder not found')