From c63a52629d0d47d4476943357afdc23cba7c292f Mon Sep 17 00:00:00 2001
From: Stefan Hacker <duffy@debian-linux-terminal.local>
Date: Sun, 12 Apr 2026 10:01:43 +0200
Subject: [PATCH] fix: Lock/Unlock-Buttons in FilesView - doppelter /api-Prefix

apiClient hat baseURL '/api' - die URL darf nicht nochmal mit /api
anfangen, sonst wird daraus /api/api/... und der Request geht ins
Leere.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 frontend/src/views/FilesView.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/views/FilesView.vue b/frontend/src/views/FilesView.vue
index 8d2e853..87cc0b6 100644
--- a/frontend/src/views/FilesView.vue
+++ b/frontend/src/views/FilesView.vue
@@ -678,7 +678,7 @@ async function removeShare(token) {
 
 async function lockFile(data) {
   try {
-    await apiClient.post(`/api/files/${data.id}/lock`, { client_info: 'Web-GUI' })
+    await apiClient.post(`/files/${data.id}/lock`, { client_info: 'Web-GUI' })
     toast.add({ severity: 'success', summary: 'Ausgecheckt', detail: `${data.name} ist jetzt fuer dich gesperrt.`, life: 3000 })
     await filesStore.loadFiles(currentParentId())
   } catch (err) {
@@ -690,7 +690,7 @@ async function unlockFile(data) {
   const isAdminOverride = data.locked_by !== auth.user?.username
   if (isAdminOverride && !confirm(`Den Lock von ${data.locked_by} zwangsweise entfernen?`)) return
   try {
-    await apiClient.post(`/api/files/${data.id}/unlock`)
+    await apiClient.post(`/files/${data.id}/unlock`)
     toast.add({ severity: 'success', summary: 'Eingecheckt', detail: `${data.name} ist wieder frei.`, life: 3000 })
     await filesStore.loadFiles(currentParentId())
   } catch (err) {