dandri/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2026-05-15 03:05:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Admin API: Check rights, require OPERATOR

Browse Source
This commit is contained in:
Rory&
2025-11-24 20:24:17 +01:00
parent 814f532160
commit eb07c5c956
6 changed files with 129 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
extra/admin-api/Spacebar.AdminAPI/Controllers/Media/UserMediaController.cs
+5 -2
View File
@@ -1,6 +1,8 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Spacebar.AdminAPI.Extensions;
using Spacebar.AdminApi.Models;
using Spacebar.AdminAPI.Services;
using Spacebar.Db.Contexts;
using Spacebar.Db.Models;
using Spacebar.RabbitMqUtilities;
@@ -9,10 +11,11 @@ namespace Spacebar.AdminAPI.Controllers.Media;
[ApiController]
[Route("/media/user")]
public class UserMediaController(ILogger<UserMediaController> logger, SpacebarDbContext db, RabbitMQService mq, IServiceProvider sp) : ControllerBase {
public class UserMediaController(ILogger<UserMediaController> logger, SpacebarDbContext db, RabbitMQService mq, AuthenticationService auth, IServiceProvider sp) : ControllerBase {
[HttpGet("{userId}/attachments")]
public async IAsyncEnumerable<Attachment> GetAttachmentsByUser(string userId) {
(await auth.GetCurrentUser(Request)).GetRights().AssertHasAllRights(SpacebarRights.Rights.OPERATOR);
var db2 = sp.CreateScope().ServiceProvider.GetService<SpacebarDbContext>();
var attachments = db.Attachments
// .IgnoreAutoIncludes()