Use elevated access control for media folders endpoint

1 files changed, 1 insertions, 7 deletions

diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index b056215b9..7a57bf1a2 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -485,18 +485,12 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Media folders returned.</response>
         /// <returns>List of user media folders.</returns>
         [HttpGet("Library/MediaFolders")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden)
         {
             var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
 
-            if (!User.GetIsApiKey() && !User.IsInRole(UserRoles.Administrator))
-            {
-                var user = _userManager.GetUserById(User.GetUserId());
-                items = items.Where(i => i.IsVisible(user)).ToList();
-            }
-
             if (isHidden.HasValue)
             {
                 var val = isHidden.Value;