shpaq/sct-overseerr
1
0
Fork 0
mirror of https://github.com/sct/overseerr.git synced 2025-09-17 17:24:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): check correct permissions for auto approve when requests are created

Browse Source
This commit is contained in:
sct
2021-03-09 15:04:24 +00:00
parent 3384eb1c47
commit 3c1a72b038
1 changed files with 50 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
server/routes/request.ts
View File

@@ -211,32 +211,34 @@ requestRoutes.post(
media, media,
requestedBy: requestUser, requestedBy: requestUser,
// If the user is an admin or has the "auto approve" permission, automatically approve the request // If the user is an admin or has the "auto approve" permission, automatically approve the request
status: status: req.user?.hasPermission(
req.user?.hasPermission( [
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K ? Permission.AUTO_APPROVE_4K
: Permission.AUTO_APPROVE : Permission.AUTO_APPROVE,
) ||
req.user?.hasPermission(
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K_MOVIE ? Permission.AUTO_APPROVE_4K_MOVIE
: Permission.AUTO_APPROVE_MOVIE : Permission.AUTO_APPROVE_MOVIE,
) Permission.MANAGE_REQUESTS,
? MediaRequestStatus.APPROVED ],
: MediaRequestStatus.PENDING, { type: 'or' }
modifiedBy: )
req.user?.hasPermission( ? MediaRequestStatus.APPROVED
: MediaRequestStatus.PENDING,
modifiedBy: req.user?.hasPermission(
[
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K ? Permission.AUTO_APPROVE_4K
: Permission.AUTO_APPROVE : Permission.AUTO_APPROVE,
) ||
req.user?.hasPermission(
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K_MOVIE ? Permission.AUTO_APPROVE_4K_MOVIE
: Permission.AUTO_APPROVE_MOVIE : Permission.AUTO_APPROVE_MOVIE,
) Permission.MANAGE_REQUESTS,
? req.user ],
: undefined, { type: 'or' }
)
? req.user
: undefined,
is4k: req.body.is4k, is4k: req.body.is4k,
serverId: req.body.serverId, serverId: req.body.serverId,
profileId: req.body.profileId, profileId: req.body.profileId,
@@ -286,32 +288,34 @@ requestRoutes.post(
media, media,
requestedBy: requestUser, requestedBy: requestUser,
// If the user is an admin or has the "auto approve" permission, automatically approve the request // If the user is an admin or has the "auto approve" permission, automatically approve the request
status: status: req.user?.hasPermission(
req.user?.hasPermission( [
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K ? Permission.AUTO_APPROVE_4K
: Permission.AUTO_APPROVE : Permission.AUTO_APPROVE,
) ||
req.user?.hasPermission(
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K_TV ? Permission.AUTO_APPROVE_4K_TV
: Permission.AUTO_APPROVE_TV : Permission.AUTO_APPROVE_TV,
) Permission.MANAGE_REQUESTS,
? MediaRequestStatus.APPROVED ],
: MediaRequestStatus.PENDING, { type: 'or' }
modifiedBy: )
req.user?.hasPermission( ? MediaRequestStatus.APPROVED
: MediaRequestStatus.PENDING,
modifiedBy: req.user?.hasPermission(
[
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K ? Permission.AUTO_APPROVE_4K
: Permission.AUTO_APPROVE : Permission.AUTO_APPROVE,
) ||
req.user?.hasPermission(
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K_TV ? Permission.AUTO_APPROVE_4K_TV
: Permission.AUTO_APPROVE_TV : Permission.AUTO_APPROVE_TV,
) Permission.MANAGE_REQUESTS,
? req.user ],
: undefined, { type: 'or' }
)
? req.user
: undefined,
is4k: req.body.is4k, is4k: req.body.is4k,
serverId: req.body.serverId, serverId: req.body.serverId,
profileId: req.body.profileId, profileId: req.body.profileId,
@@ -321,19 +325,20 @@ requestRoutes.post(
(sn) => (sn) =>
new SeasonRequest({ new SeasonRequest({
seasonNumber: sn, seasonNumber: sn,
status: status: req.user?.hasPermission(
req.user?.hasPermission( [
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K ? Permission.AUTO_APPROVE_4K
: Permission.AUTO_APPROVE : Permission.AUTO_APPROVE,
) ||
req.user?.hasPermission(
req.body.is4k req.body.is4k
? Permission.AUTO_APPROVE_4K_TV ? Permission.AUTO_APPROVE_4K_TV
: Permission.AUTO_APPROVE_TV : Permission.AUTO_APPROVE_TV,
) Permission.MANAGE_REQUESTS,
? MediaRequestStatus.APPROVED ],
: MediaRequestStatus.PENDING, { type: 'or' }
)
? MediaRequestStatus.APPROVED
: MediaRequestStatus.PENDING,
}) })
), ),
}); });