Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-03-04 02:22:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update:Give full permissions to admin users except updating root or viewing root api token #137

Browse Source
This commit is contained in:
advplyr
2022-05-03 19:16:16 -05:00
parent 195a30096f
commit 2e070227ab
17 changed files with 75 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/controllers/MiscController.js
View File

@@ -159,10 +159,10 @@ class MiscController {
res.json(downloads)
}
// PATCH: api/settings (Root)
// PATCH: api/settings (admin)
async updateServerSettings(req, res) {
if (!req.user.isRoot) {
Logger.error('User other than root attempting to update server settings', req.user)
if (!req.user.isAdminOrUp) {
Logger.error('User other than admin attempting to update server settings', req.user)
return res.sendStatus(403)
}
var settingsUpdate = req.body
@@ -185,9 +185,9 @@ class MiscController {
})
}
// POST: api/purgecache (Root)
// POST: api/purgecache (admin)
async purgeCache(req, res) {
if (!req.user.isRoot) {
if (!req.user.isAdminOrUp) {
return res.sendStatus(403)
}
Logger.info(`[ApiRouter] Purging all cache`)
@@ -239,8 +239,8 @@ class MiscController {
}
getAllTags(req, res) {
if (!req.user.isRoot) {
Logger.error(`[MiscController] Non-root user attempted to getAllTags`)
if (!req.user.isAdminOrUp) {
Logger.error(`[MiscController] Non-admin user attempted to getAllTags`)
return res.sendStatus(404)
}
var tags = []