From 935c2c97fe2b8d8c5ec7cf4c53d941da34983295 Mon Sep 17 00:00:00 2001 From: Niels van Velzen Date: Thu, 25 Apr 2024 21:52:20 +0200 Subject: [PATCH] Require elevation for plugin related endpoints --- Jellyfin.Api/Controllers/DashboardController.cs | 3 ++- Jellyfin.Api/Controllers/PackageController.cs | 5 +---- Jellyfin.Api/Controllers/PluginsController.cs | 6 +----- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/Jellyfin.Api/Controllers/DashboardController.cs b/Jellyfin.Api/Controllers/DashboardController.cs index 076084c7a3..ee912a9be8 100644 --- a/Jellyfin.Api/Controllers/DashboardController.cs +++ b/Jellyfin.Api/Controllers/DashboardController.cs @@ -5,6 +5,7 @@ using System.Linq; using System.Net.Mime; using Jellyfin.Api.Attributes; using Jellyfin.Api.Models; +using MediaBrowser.Common.Api; using MediaBrowser.Common.Plugins; using MediaBrowser.Model.Net; using MediaBrowser.Model.Plugins; @@ -45,9 +46,9 @@ public class DashboardController : BaseJellyfinApiController /// Server still loading. /// An with infos about the plugins. [HttpGet("web/ConfigurationPages")] + [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status404NotFound)] - [Authorize] public ActionResult> GetConfigurationPages( [FromQuery] bool? enableInMainMenu) { diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs index c5e940108c..274e94ee6d 100644 --- a/Jellyfin.Api/Controllers/PackageController.cs +++ b/Jellyfin.Api/Controllers/PackageController.cs @@ -18,7 +18,7 @@ namespace Jellyfin.Api.Controllers; /// Package Controller. /// [Route("")] -[Authorize] +[Authorize(Policy = Policies.RequiresElevation)] public class PackageController : BaseJellyfinApiController { private readonly IInstallationManager _installationManager; @@ -90,7 +90,6 @@ public class PackageController : BaseJellyfinApiController [HttpPost("Packages/Installed/{name}")] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status404NotFound)] - [Authorize(Policy = Policies.RequiresElevation)] public async Task InstallPackage( [FromRoute, Required] string name, [FromQuery] Guid? assemblyGuid, @@ -128,7 +127,6 @@ public class PackageController : BaseJellyfinApiController /// Installation cancelled. /// A on successfully cancelling a package installation. [HttpDelete("Packages/Installing/{packageId}")] - [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status204NoContent)] public ActionResult CancelPackageInstallation( [FromRoute, Required] Guid packageId) @@ -156,7 +154,6 @@ public class PackageController : BaseJellyfinApiController /// Package repositories saved. /// A . [HttpPost("Repositories")] - [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status204NoContent)] public ActionResult SetRepositories([FromBody, Required] RepositoryInfo[] repositoryInfos) { diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs index f63e639276..6abd7a23ee 100644 --- a/Jellyfin.Api/Controllers/PluginsController.cs +++ b/Jellyfin.Api/Controllers/PluginsController.cs @@ -22,7 +22,7 @@ namespace Jellyfin.Api.Controllers; /// /// Plugins controller. /// -[Authorize] +[Authorize(Policy = Policies.RequiresElevation)] public class PluginsController : BaseJellyfinApiController { private readonly IInstallationManager _installationManager; @@ -66,7 +66,6 @@ public class PluginsController : BaseJellyfinApiController /// Plugin not found. /// An on success, or a if the plugin could not be found. [HttpPost("{pluginId}/{version}/Enable")] - [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult EnablePlugin([FromRoute, Required] Guid pluginId, [FromRoute, Required] Version version) @@ -90,7 +89,6 @@ public class PluginsController : BaseJellyfinApiController /// Plugin not found. /// An on success, or a if the plugin could not be found. [HttpPost("{pluginId}/{version}/Disable")] - [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult DisablePlugin([FromRoute, Required] Guid pluginId, [FromRoute, Required] Version version) @@ -114,7 +112,6 @@ public class PluginsController : BaseJellyfinApiController /// Plugin not found. /// An on success, or a if the plugin could not be found. [HttpDelete("{pluginId}/{version}")] - [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult UninstallPluginByVersion([FromRoute, Required] Guid pluginId, [FromRoute, Required] Version version) @@ -137,7 +134,6 @@ public class PluginsController : BaseJellyfinApiController /// Plugin not found. /// An on success, or a if the plugin could not be found. [HttpDelete("{pluginId}")] - [Authorize(Policy = Policies.RequiresElevation)] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status404NotFound)] [Obsolete("Please use the UninstallPluginByVersion API.")]