diff --git a/server/src/controllers/asset.controller.spec.ts b/server/src/controllers/asset.controller.spec.ts
index 7a7a37fe2e..649c80e850 100644
--- a/server/src/controllers/asset.controller.spec.ts
+++ b/server/src/controllers/asset.controller.spec.ts
@@ -57,6 +57,28 @@ describe(AssetController.name, () => {
     });
   });
 
+  describe('PUT /assets/copy', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).get(`/assets/copy`);
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+
+    it('should require target and source id', async () => {
+      const { status, body } = await request(ctx.getHttpServer()).put('/assets/copy').send({});
+      expect(status).toBe(400);
+      expect(body).toEqual(
+        factory.responses.badRequest(expect.arrayContaining(['sourceId must be a UUID', 'targetId must be a UUID'])),
+      );
+    });
+
+    it('should work', async () => {
+      const { status } = await request(ctx.getHttpServer())
+        .put('/assets/copy')
+        .send({ sourceId: factory.uuid(), targetId: factory.uuid() });
+      expect(status).toBe(204);
+    });
+  });
+
   describe('PUT /assets/:id', () => {
     it('should be an authenticated route', async () => {
       await request(ctx.getHttpServer()).get(`/assets/123`);
diff --git a/server/src/controllers/asset.controller.ts b/server/src/controllers/asset.controller.ts
index fb528a5830..a6f8c7921d 100644
--- a/server/src/controllers/asset.controller.ts
+++ b/server/src/controllers/asset.controller.ts
@@ -81,6 +81,13 @@ export class AssetController {
     return this.service.get(auth, id) as Promise<AssetResponseDto>;
   }
 
+  @Put('copy')
+  @Authenticated({ permission: Permission.AssetCopy })
+  @HttpCode(HttpStatus.NO_CONTENT)
+  copyAsset(@Auth() auth: AuthDto, @Body() dto: AssetCopyDto): Promise<void> {
+    return this.service.copy(auth, dto);
+  }
+
   @Put(':id')
   @Authenticated({ permission: Permission.AssetUpdate })
   updateAsset(
@@ -91,13 +98,6 @@ export class AssetController {
     return this.service.update(auth, id, dto);
   }
 
-  @Put('copy')
-  @Authenticated({ permission: Permission.AssetCopy })
-  @HttpCode(HttpStatus.NO_CONTENT)
-  copyAsset(@Auth() auth: AuthDto, @Body() dto: AssetCopyDto): Promise<void> {
-    return this.service.copy(auth, dto);
-  }
-
   @Get(':id/metadata')
   @Authenticated({ permission: Permission.AssetRead })
   getAssetMetadata(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<AssetMetadataResponseDto[]> {