diff options
| author | Bond-009 <bond.009@outlook.com> | 2022-11-13 12:19:16 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-13 12:19:16 +0100 |
| commit | 1b7500c5557996e2ab91377e5783a3802f9029a9 (patch) | |
| tree | 8f849b6c852e182ba61411e8cf3ae66ca30ca271 /Jellyfin.Api/Controllers/ItemsController.cs | |
| parent | a9e2acc9e45525a9d5b7ba39f0e68f2d00e5c8c4 (diff) | |
| parent | c6dbcb661bec6fc02347cd0bdce2e5e6e4ee0dbe (diff) | |
Merge pull request #8732 from thornbill/fix-items-access
Diffstat (limited to 'Jellyfin.Api/Controllers/ItemsController.cs')
| -rw-r--r-- | Jellyfin.Api/Controllers/ItemsController.cs | 36 |
1 files changed, 5 insertions, 31 deletions
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs index 80ae5abcb..33b67b389 100644 --- a/Jellyfin.Api/Controllers/ItemsController.cs +++ b/Jellyfin.Api/Controllers/ItemsController.cs @@ -282,39 +282,13 @@ namespace Jellyfin.Api.Controllers includeItemTypes = new[] { BaseItemKind.Playlist }; } - var enabledChannels = isApiKey - ? Array.Empty<Guid>() - : user!.GetPreferenceValues<Guid>(PreferenceKind.EnabledChannels); - - // api keys are always enabled for all folders - bool isInEnabledFolder = isApiKey - || Array.IndexOf(user!.GetPreferenceValues<Guid>(PreferenceKind.EnabledFolders), item.Id) != -1 - // Assume all folders inside an EnabledChannel are enabled - || Array.IndexOf(enabledChannels, item.Id) != -1 - // Assume all items inside an EnabledChannel are enabled - || Array.IndexOf(enabledChannels, item.ChannelId) != -1; - - if (!isInEnabledFolder) - { - var collectionFolders = _libraryManager.GetCollectionFolders(item); - foreach (var collectionFolder in collectionFolders) - { - // api keys never enter this block, so user is never null - if (user!.GetPreferenceValues<Guid>(PreferenceKind.EnabledFolders).Contains(collectionFolder.Id)) - { - isInEnabledFolder = true; - } - } - } - - // api keys are always enabled for all folders, so user is never null if (item is not UserRootFolder - && !isInEnabledFolder - && !user!.HasPermission(PermissionKind.EnableAllFolders) - && !user.HasPermission(PermissionKind.EnableAllChannels) - && !string.Equals(collectionType, CollectionType.Folders, StringComparison.OrdinalIgnoreCase)) + // api keys can always access all folders + && !isApiKey + // check the item is visible for the user + && !item.IsVisible(user)) { - _logger.LogWarning("{UserName} is not permitted to access Library {ItemName}", user.Username, item.Name); + _logger.LogWarning("{UserName} is not permitted to access Library {ItemName}", user!.Username, item.Name); return Unauthorized($"{user.Username} is not permitted to access Library {item.Name}."); } |