Validate item access (#11171)

author: Cody Robibero <cody@robibe.ro> 2024-04-14 08:18:36 -0600
committer: GitHub <noreply@github.com> 2024-04-14 08:18:36 -0600
commit: 6fb6b5f1766a1f37a61b9faaa40209bab995bf30 (patch)
tree: f169e72afeda371db2ffeb1b47c4dd88a03b4744 /Emby.Server.Implementations/Library/LibraryManager.cs
parent: 9a4db8008593647cb6728b10317680dd3152c934 (diff)
1 files changed, 33 insertions, 6 deletions
diff --git a/Emby.Server.Implementations/Library/LibraryManager.cs b/Emby.Server.Implementations/Library/LibraryManager.cs
index bb5cc746e..0a4432bec 100644
--- a/Emby.Server.Implementations/Library/LibraryManager.cs
+++ b/Emby.Server.Implementations/Library/LibraryManager.cs
@@ -46,6 +46,7 @@ using MediaBrowser.Model.Library;
 using MediaBrowser.Model.Querying;
 using MediaBrowser.Model.Tasks;
 using Microsoft.Extensions.Logging;
+using TMDbLib.Objects.Authentication;
 using Episode = MediaBrowser.Controller.Entities.TV.Episode;
 using EpisodeInfo = Emby.Naming.TV.EpisodeInfo;
 using Genre = MediaBrowser.Controller.Entities.Genre;
@@ -1222,12 +1223,7 @@ namespace Emby.Server.Implementations.Library
             return null;
         }
 
-        /// <summary>
-        /// Gets the item by id.
-        /// </summary>
-        /// <param name="id">The id.</param>
-        /// <returns>BaseItem.</returns>
-        /// <exception cref="ArgumentNullException"><paramref name="id"/> is <c>null</c>.</exception>
+        /// <inheritdoc />
         public BaseItem GetItemById(Guid id)
         {
             if (id.IsEmpty())
@@ -1263,6 +1259,22 @@ namespace Emby.Server.Implementations.Library
             return null;
         }
 
+        /// <inheritdoc />
+        public T GetItemById<T>(Guid id, Guid userId)
+            where T : BaseItem
+        {
+            var user = userId.IsEmpty() ? null : _userManager.GetUserById(userId);
+            return GetItemById<T>(id, user);
+        }
+
+        /// <inheritdoc />
+        public T GetItemById<T>(Guid id, User user)
+            where T : BaseItem
+        {
+            var item = GetItemById<T>(id);
+            return ItemIsVisible(item, user) ? item : null;
+        }
+
         public List<BaseItem> GetItemList(InternalItemsQuery query, bool allowExternalContent)
         {
             if (query.Recursive && !query.ParentId.IsEmpty())
@@ -3191,5 +3203,20 @@ namespace Emby.Server.Implementations.Library
 
             CollectionFolder.SaveLibraryOptions(virtualFolderPath, libraryOptions);
         }
+
+        private static bool ItemIsVisible(BaseItem item, User user)
+        {
+            if (item is null)
+            {
+                return false;
+            }
+
+            if (user is null)
+            {
+                return true;
+            }
+
+            return item is UserRootFolder || item.IsVisibleStandalone(user);
+        }
     }
 }
author	Cody Robibero <cody@robibe.ro>	2024-04-14 08:18:36 -0600
committer	GitHub <noreply@github.com>	2024-04-14 08:18:36 -0600
commit	6fb6b5f1766a1f37a61b9faaa40209bab995bf30 (patch)
tree	f169e72afeda371db2ffeb1b47c4dd88a03b4744 /Emby.Server.Implementations/Library/LibraryManager.cs
parent	9a4db8008593647cb6728b10317680dd3152c934 (diff)