using System.Threading.Tasks ;
using Jellyfin.Api.Extensions ;
using Jellyfin.Extensions ;
using MediaBrowser.Common.Extensions ;
using MediaBrowser.Controller.Library ;
using Microsoft.AspNetCore.Authorization ;
namespace Jellyfin.Api.Auth.UserPermissionPolicy
{
/// <summary>
/// User permission authorization handler.
/// </summary>
public class UserPermissionHandler : AuthorizationHandler < UserPermissionRequirement >
{
private readonly IUserManager _userManager ;
/// <summary>
/// Initializes a new instance of the <see cref="UserPermissionHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
public UserPermissionHandler ( IUserManager userManager )
{
_userManager = userManager ;
}
/// <inheritdoc />
protected override Task HandleRequirementAsync ( AuthorizationHandlerContext context , UserPermissionRequirement requirement )
{
// Api keys have global permissions, so just succeed the requirement.
if ( context . User . GetIsApiKey ( ) )
{
context . Succeed ( requirement ) ;
}
else
{
var userId = context . User . GetUserId ( ) ;
if ( ! userId . IsEmpty ( ) )
{
var user = _userManager . GetUserById ( context . User . GetUserId ( ) ) ;
if ( user is null )
{
throw new ResourceNotFoundException ( ) ;
}
if ( user . HasPermission ( requirement . RequiredPermission ) )
{
context . Succeed ( requirement ) ;
}
}
}
return Task . CompletedTask ;
}
}
}