|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
using Jellyfin.Api.Extensions;
|
|
|
|
|
using Jellyfin.Extensions;
|
|
|
|
|
using MediaBrowser.Common.Extensions;
|
|
|
|
|
using MediaBrowser.Controller.Library;
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
|
|
|
|
|
namespace Jellyfin.Api.Auth.UserPermissionPolicy
|
|
|
|
|
{
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// User permission authorization handler.
|
|
|
|
|
/// </summary>
|
|
|
|
|
public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
|
|
|
|
|
{
|
|
|
|
|
private readonly IUserManager _userManager;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Initializes a new instance of the <see cref="UserPermissionHandler"/> class.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
|
|
|
|
|
public UserPermissionHandler(IUserManager userManager)
|
|
|
|
|
{
|
|
|
|
|
_userManager = userManager;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <inheritdoc />
|
|
|
|
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserPermissionRequirement requirement)
|
|
|
|
|
{
|
|
|
|
|
// Api keys have global permissions, so just succeed the requirement.
|
|
|
|
|
if (context.User.GetIsApiKey())
|
|
|
|
|
{
|
|
|
|
|
context.Succeed(requirement);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
var userId = context.User.GetUserId();
|
|
|
|
|
if (!userId.IsEmpty())
|
|
|
|
|
{
|
|
|
|
|
var user = _userManager.GetUserById(context.User.GetUserId());
|
|
|
|
|
if (user is null)
|
|
|
|
|
{
|
|
|
|
|
throw new ResourceNotFoundException();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user.HasPermission(requirement.RequiredPermission))
|
|
|
|
|
{
|
|
|
|
|
context.Succeed(requirement);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Task.CompletedTask;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|