Always grant access for Administrator role

Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs

@@ -1,10 +1,6 @@
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
-using Jellyfin.Api.Extensions;
-using Jellyfin.Extensions;
 using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Controller.Library;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
@@ -15,19 +11,14 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
     public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
     {
         private readonly IConfigurationManager _configurationManager;
-        private readonly IUserManager _userManager;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
         /// </summary>
         /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        public FirstTimeSetupHandler(
-            IConfigurationManager configurationManager,
-            IUserManager userManager)
+        public FirstTimeSetupHandler(IConfigurationManager configurationManager)
         {
             _configurationManager = configurationManager;
-            _userManager = userManager;
         }
 
         /// <inheritdoc />
@@ -36,37 +27,14 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
             if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
             {
                 context.Succeed(requirement);
-                return Task.CompletedTask;
             }
-
-            var contextUser = context.User;
-            if (requirement.RequireAdmin && !contextUser.IsInRole(UserRoles.Administrator))
+            else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
             {
                 context.Fail();
-                return Task.CompletedTask;
             }
-
-            var userId = contextUser.GetUserId();
-            if (userId.IsEmpty())
-            {
-                context.Fail();
-                return Task.CompletedTask;
-            }
-
-            if (!requirement.ValidateParentalSchedule)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var user = _userManager.GetUserById(userId);
-            if (user is null)
-            {
-                throw new ResourceNotFoundException();
-            }
-
-            if (user.IsParentalScheduleAllowed())
+            else
             {
+                // Any user-specific checks are handled in the DefaultAuthorizationHandler.
                 context.Succeed(requirement);
             }
 

tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs

@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using AutoFixture;
 using AutoFixture.AutoMoq;
@@ -67,5 +68,16 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
             await _firstTimeSetupHandler.HandleAsync(context);
             Assert.Equal(shouldSucceed, context.HasSucceeded);
         }
+
+        [Fact]
+        public async Task ShouldAllowAdminApiKeyIfStartupWizardComplete()
+        {
+            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
+            var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(ClaimTypes.Role, UserRoles.Administrator)]));
+            var context = new AuthorizationHandlerContext(_requirements, claims, null);
+
+            await _firstTimeSetupHandler.HandleAsync(context);
+            Assert.True(context.HasSucceeded);
+        }
     }
 }