PR #4928 broke admin's ability to set user's favorites via API

[disconn3ct]

I have a script (below) that copies favorites from one user to another. With the changes in #4928 it does not seem possible for an admin token to set a user's favorites.

The original request was POST to /api/users/UUID-UUID/favorites/recipe_ID. That returns "Use the Admin API to update other users". Switching to /api/admin/users/UUID-UUID/favorites/recipe_ID returns "detail": "Method Not Allowed" regardless of POST or PUT.

Script:

#/bin/ash

set -euo pipefail
# Default to TOKEN
RTOKEN=${READTOKEN:-$TOKEN}
WTOKEN=${WRITETOKEN:-$TOKEN}

curl -sS -H "accept: application/json" -H"Authorization: Bearer $RTOKEN" -X GET "$MEALIEURL/api/users/$READUSER/favorites" | \
  jq -r ".ratings[].recipeId" | \
  while read a; do 
    curl -sS -H "accept: application/json" -H"Authorization: Bearer $WTOKEN" -X PUT "$MEALIEURL/api/admin/users/$WRITEUSER/favorites/$a" 
  done

[Kuchenpirat]

Hi, thanks for reporting this issue. Please use our issue template next time.

I don't know if we actually want an admin to be able to set a users favorites. I would argue no. Admins should be able to administer users but setting a users favs seems a bit outside of scope for this.
What is the usecase where you would need this?

[disconn3ct]

(No idea why it didn't prompt the form. Let me know if there is info you need and I'll update from a PC later.)

In this case, we have a location user ("kitchen") who's favorites are synced one-way from the human users. Since it's a service user, it is not a huge deal to use self, but it's at least a regression.