Merge pull request #3357 from crobibero/api-authorization

Add Authorization handlers
author: David <daullmer@gmail.com> 2020-06-18 18:37:08 +0200
committer: GitHub <noreply@github.com> 2020-06-18 18:37:08 +0200
commit: 522e44de59a8661a859f6a373e495a9e0e8d13ff (patch)
tree: c5d6db8a9ef69b345a439e3a45ee5eeec0e1e588 /Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
parent: 1da044e0eb6cd4a96f4c554a0348663380868f80 (diff)
parent: 0c01b6817b9e14661fd1ebea05590b60278e735c (diff)
1 files changed, 24 insertions, 2 deletions
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
index 2d3bb1aa48..b235c4b63b 100644
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
+++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
@@ -1,21 +1,43 @@
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Library;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 
 namespace Jellyfin.Api.Auth.RequiresElevationPolicy
 {
     /// <summary>
     /// Authorization handler for requiring elevated privileges.
     /// </summary>
-    public class RequiresElevationHandler : AuthorizationHandler<RequiresElevationRequirement>
+    public class RequiresElevationHandler : BaseAuthorizationHandler<RequiresElevationRequirement>
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RequiresElevationHandler"/> class.
+        /// </summary>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
+        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
+        public RequiresElevationHandler(
+            IUserManager userManager,
+            INetworkManager networkManager,
+            IHttpContextAccessor httpContextAccessor)
+            : base(userManager, networkManager, httpContextAccessor)
+        {
+        }
+
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement)
         {
-            if (context.User.IsInRole(UserRoles.Administrator))
+            var validated = ValidateClaims(context.User);
+            if (validated && context.User.IsInRole(UserRoles.Administrator))
             {
                 context.Succeed(requirement);
             }
+            else
+            {
+                context.Fail();
+            }
 
             return Task.CompletedTask;
         }
author	David <daullmer@gmail.com>	2020-06-18 18:37:08 +0200
committer	GitHub <noreply@github.com>	2020-06-18 18:37:08 +0200
commit	522e44de59a8661a859f6a373e495a9e0e8d13ff (patch)
tree	c5d6db8a9ef69b345a439e3a45ee5eeec0e1e588 /Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
parent	1da044e0eb6cd4a96f4c554a0348663380868f80 (diff)
parent	0c01b6817b9e14661fd1ebea05590b60278e735c (diff)