extern/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2024-10-05 09:42:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix user issue sending POST requests to play endpoints #473

Browse Source
This commit is contained in:
advplyr 2022-04-21 07:24:54 -05:00
parent f2d9de5a5f
commit 1ff5637c1b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/controllers/LibraryItemController.js
View File

@ -353,11 +353,13 @@ class LibraryItemController {
return res.sendStatus(403)
}
if (req.method == 'DELETE' && !req.user.canDelete) {
if (req.path.includes('/play')) {
// allow POST requests using /play and /play/:episodeId
} else if (req.method == 'DELETE' && !req.user.canDelete) {
Logger.warn(`[LibraryItemController] User attempted to delete without permission`, req.user)
return res.sendStatus(403)
} else if ((req.method == 'PATCH' || req.method == 'POST') && !req.user.canUpdate) {
Logger.warn('[LibraryItemController] User attempted to update without permission', req.user)
Logger.warn('[LibraryItemController] User attempted to update without permission', req.user.username)
return res.sendStatus(403)
}