diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 846cd849a3..3f946d9d22 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis;
using System.Threading;
+using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authorization;
@@ -13,7 +14,7 @@ namespace Jellyfin.Api.Controllers
///
/// Display Preferences Controller.
///
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class DisplayPreferencesController : BaseJellyfinApiController
{
private readonly IDisplayPreferencesRepository _displayPreferencesRepository;
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index dc5b0d9061..0934a116a0 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,6 +1,7 @@
using System;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
+using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Entities.Audio;
@@ -18,7 +19,7 @@ namespace Jellyfin.Api.Controllers
///
/// Filters controller.
///
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class FilterController : BaseJellyfinApiController
{
private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/ImageByNameController.cs b/Jellyfin.Api/Controllers/ImageByNameController.cs
index 0e3c32d3cc..4800c0608f 100644
--- a/Jellyfin.Api/Controllers/ImageByNameController.cs
+++ b/Jellyfin.Api/Controllers/ImageByNameController.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net.Mime;
+using Jellyfin.Api.Constants;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Entities;
@@ -43,7 +44,7 @@ namespace Jellyfin.Api.Controllers
/// Retrieved list of images.
/// An containing the list of images.
[HttpGet("General")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult> GetGeneralImages()
{
@@ -88,7 +89,7 @@ namespace Jellyfin.Api.Controllers
/// Retrieved list of images.
/// An containing the list of images.
[HttpGet("Ratings")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult> GetRatingImages()
{
@@ -121,7 +122,7 @@ namespace Jellyfin.Api.Controllers
/// Image list retrieved.
/// An containing the list of images.
[HttpGet("MediaInfo")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult> GetMediaInfoImages()
{
diff --git a/Jellyfin.Api/Controllers/ItemLookupController.cs b/Jellyfin.Api/Controllers/ItemLookupController.cs
index 75cba450f9..44709d0ee6 100644
--- a/Jellyfin.Api/Controllers/ItemLookupController.cs
+++ b/Jellyfin.Api/Controllers/ItemLookupController.cs
@@ -30,7 +30,7 @@ namespace Jellyfin.Api.Controllers
///
/// Item lookup controller.
///
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class ItemLookupController : BaseJellyfinApiController
{
private readonly IProviderManager _providerManager;
diff --git a/Jellyfin.Api/Controllers/ItemRefreshController.cs b/Jellyfin.Api/Controllers/ItemRefreshController.cs
index e527e54107..e6cdf4edbb 100644
--- a/Jellyfin.Api/Controllers/ItemRefreshController.cs
+++ b/Jellyfin.Api/Controllers/ItemRefreshController.cs
@@ -1,6 +1,7 @@
using System;
using System.ComponentModel;
using System.Diagnostics.CodeAnalysis;
+using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Providers;
using MediaBrowser.Model.IO;
@@ -15,7 +16,7 @@ namespace Jellyfin.Api.Controllers
///
/// [Authenticated]
[Route("/Items")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class ItemRefreshController : BaseJellyfinApiController
{
private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index 2e3f6c54af..2dc0d2dc71 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -1,6 +1,7 @@
using System;
using System.Linq;
using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using Jellyfin.Api.Models.PlaylistDtos;
@@ -20,7 +21,7 @@ namespace Jellyfin.Api.Controllers
///
/// Playlists controller.
///
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class PlaylistsController : BaseJellyfinApiController
{
private readonly IPlaylistManager _playlistManager;
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index f6036b748d..979d401191 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Controllers
///
/// Plugins controller.
///
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class PluginsController : BaseJellyfinApiController
{
private readonly IApplicationHost _appHost;
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
index 41b7f98ee1..a0d14be7a5 100644
--- a/Jellyfin.Api/Controllers/RemoteImageController.cs
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -5,6 +5,7 @@ using System.Linq;
using System.Net.Mime;
using System.Threading;
using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller;
@@ -25,7 +26,7 @@ namespace Jellyfin.Api.Controllers
/// Remote Images Controller.
///
[Route("Images")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
public class RemoteImageController : BaseJellyfinApiController
{
private readonly IProviderManager _providerManager;
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 315bc9728b..39da4178d6 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -5,6 +5,7 @@ using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Threading;
+using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Devices;
@@ -57,7 +58,7 @@ namespace Jellyfin.Api.Controllers
/// List of sessions returned.
/// An with the available sessions.
[HttpGet("/Sessions")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult> GetSessions(
[FromQuery] Guid controllableByUserId,
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 0d57dcc837..c1f417df52 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -72,7 +72,7 @@ namespace Jellyfin.Api.Controllers
/// Users returned.
/// An containing the users.
[HttpGet]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
public ActionResult> GetUsers(
@@ -237,7 +237,7 @@ namespace Jellyfin.Api.Controllers
/// User not found.
/// A indicating success or a or a on failure.
[HttpPost("{userId}/Password")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -295,7 +295,7 @@ namespace Jellyfin.Api.Controllers
/// User not found.
/// A indicating success or a or a on failure.
[HttpPost("{userId}/EasyPassword")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -337,7 +337,7 @@ namespace Jellyfin.Api.Controllers
/// User update forbidden.
/// A indicating success or a or a on failure.
[HttpPost("{userId}")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -381,7 +381,7 @@ namespace Jellyfin.Api.Controllers
/// User policy update forbidden.
/// A indicating success or a or a on failure..
[HttpPost("{userId}/Policy")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -437,7 +437,7 @@ namespace Jellyfin.Api.Controllers
/// User configuration update forbidden.
/// A indicating success.
[HttpPost("{userId}/Configuration")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult UpdateUserConfiguration(
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 532ce59c50..effe630a9b 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -51,7 +51,7 @@ namespace Jellyfin.Api.Controllers
/// Additional parts returned.
/// A with the parts.
[HttpGet("{itemId}/AdditionalParts")]
- [Authorize]
+ [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult> GetAdditionalPart([FromRoute] Guid itemId, [FromQuery] Guid userId)
{