diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index c38061c7d..7ca04d7ba 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -104,39 +104,58 @@ public class PlaylistsController : BaseJellyfinApiController
/// Get a playlist's users.
///
/// The playlist id.
+ /// Found shares.
+ /// Unauthorized access.
+ /// Playlist not found.
///
/// A list of objects.
///
[HttpGet("{playlistId}/User")]
[ProducesResponseType(StatusCodes.Status200OK)]
- public IReadOnlyList GetPlaylistUsers(
+ [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult> GetPlaylistUsers(
[FromRoute, Required] Guid playlistId)
{
- var userId = RequestHelpers.GetUserId(User, default);
+ var userId = User.GetUserId();
var playlist = _playlistManager.GetPlaylist(userId, playlistId);
+ if (playlist is null)
+ {
+ return NotFound("Playlist not found");
+ }
+
var isPermitted = playlist.OwnerUserId.Equals(userId)
|| playlist.Shares.Any(s => s.CanEdit && s.UserId.Equals(userId));
- return isPermitted ? playlist.Shares : [];
+ return isPermitted ? playlist.Shares.ToList() : Unauthorized("Unauthorized Access");
}
///
- /// Toggles OpenAccess of a playlist.
+ /// Toggles public access of a playlist.
///
/// The playlist id.
+ /// Public access toggled.
+ /// Unauthorized access.
+ /// Playlist not found.
///
- /// A that represents the asynchronous operation to toggle OpenAccess of a playlist.
+ /// A that represents the asynchronous operation to toggle public access of a playlist.
/// The task result contains an indicating success.
///
- [HttpPost("{playlistId}/ToggleOpenAccess")]
- [ProducesResponseType(StatusCodes.Status200OK)]
- public async Task ToggleOpenAccess(
+ [HttpPost("{playlistId}/TogglePublic")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+ public async Task TogglePublicAccess(
[FromRoute, Required] Guid playlistId)
{
- var callingUserId = RequestHelpers.GetUserId(User, default);
+ var callingUserId = User.GetUserId();
var playlist = _playlistManager.GetPlaylist(callingUserId, playlistId);
+ if (playlist is null)
+ {
+ return NotFound("Playlist not found");
+ }
+
var isPermitted = playlist.OwnerUserId.Equals(callingUserId)
|| playlist.Shares.Any(s => s.CanEdit && s.UserId.Equals(callingUserId));
@@ -151,25 +170,34 @@ public class PlaylistsController : BaseJellyfinApiController
}
///
- /// Upsert a user to a playlist's users.
+ /// Modify a user to a playlist's users.
///
/// The playlist id.
/// The user id.
/// Edit permission.
+ /// User's permissions modified.
+ /// Unauthorized access.
+ /// Playlist not found.
///
- /// A that represents the asynchronous operation to upsert an user to a playlist.
+ /// A that represents the asynchronous operation to modify an user's playlist permissions.
/// The task result contains an indicating success.
///
[HttpPost("{playlistId}/User/{userId}")]
- [ProducesResponseType(StatusCodes.Status200OK)]
- public async Task AddUserToPlaylist(
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+ public async Task ModifyPlaylistUserPermissions(
[FromRoute, Required] Guid playlistId,
[FromRoute, Required] Guid userId,
[FromBody] bool canEdit)
{
- var callingUserId = RequestHelpers.GetUserId(User, default);
+ var callingUserId = User.GetUserId();
var playlist = _playlistManager.GetPlaylist(callingUserId, playlistId);
+ if (playlist is null)
+ {
+ return NotFound("Playlist not found");
+ }
+
var isPermitted = playlist.OwnerUserId.Equals(callingUserId)
|| playlist.Shares.Any(s => s.CanEdit && s.UserId.Equals(callingUserId));
@@ -188,19 +216,29 @@ public class PlaylistsController : BaseJellyfinApiController
///
/// The playlist id.
/// The user id.
+ /// User permissions removed from playlist.
+ /// Unauthorized access.
+ /// No playlist or user permissions found.
///
/// A that represents the asynchronous operation to delete a user from a playlist's shares.
/// The task result contains an indicating success.
///
[HttpDelete("{playlistId}/User/{userId}")]
- [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task RemoveUserFromPlaylist(
[FromRoute, Required] Guid playlistId,
[FromRoute, Required] Guid userId)
{
- var callingUserId = RequestHelpers.GetUserId(User, default);
+ var callingUserId = User.GetUserId();
var playlist = _playlistManager.GetPlaylist(callingUserId, playlistId);
+ if (playlist is null)
+ {
+ return NotFound("Playlist not found");
+ }
+
var isPermitted = playlist.OwnerUserId.Equals(callingUserId)
|| playlist.Shares.Any(s => s.CanEdit && s.UserId.Equals(callingUserId));
@@ -210,10 +248,9 @@ public class PlaylistsController : BaseJellyfinApiController
}
var share = playlist.Shares.FirstOrDefault(s => s.UserId.Equals(userId));
-
if (share is null)
{
- return NotFound();
+ return NotFound("User permissions not found");
}
await _playlistManager.RemoveFromShares(playlistId, callingUserId, share).ConfigureAwait(false);
diff --git a/MediaBrowser.Model/Entities/UserPermissions.cs b/MediaBrowser.Model/Entities/UserPermissions.cs
index 271feed11..80e2cd32c 100644
--- a/MediaBrowser.Model/Entities/UserPermissions.cs
+++ b/MediaBrowser.Model/Entities/UserPermissions.cs
@@ -3,17 +3,26 @@ namespace MediaBrowser.Model.Entities;
///
/// Class to hold data on user permissions for lists.
///
-/// The user id.
-/// Edit permission.
-public class UserPermissions(string userId, bool canEdit = false)
+public class UserPermissions
{
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The user id.
+ /// Edit permission.
+ public UserPermissions(string userId, bool canEdit = false)
+ {
+ UserId = userId;
+ CanEdit = canEdit;
+ }
+
///
/// Gets or sets the user id.
///
- public string UserId { get; set; } = userId;
+ public string UserId { get; set; }
///
/// Gets or sets a value indicating whether the user has edit permissions.
///
- public bool CanEdit { get; set; } = canEdit;
+ public bool CanEdit { get; set; }
}