Fix media folders endpoint access control

author: Bill Thornton <billt2006@gmail.com> 2022-11-09 18:31:30 -0500
committer: Bill Thornton <billt2006@gmail.com> 2022-11-09 18:31:30 -0500
commit: 9f352ccb5b5ab85eac064f70fc819f04984fa0d7 (patch)
tree: 99f0cfccbe530f0835507838fab7a32010c16416 /Jellyfin.Api/Controllers/LibraryController.cs
parent: fb9023f2d83c9e0947c63d4a0c27b35d6c711d9c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index e9492a6a4..b056215b9 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -491,6 +491,12 @@ namespace Jellyfin.Api.Controllers
         {
             var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
 
+            if (!User.GetIsApiKey() && !User.IsInRole(UserRoles.Administrator))
+            {
+                var user = _userManager.GetUserById(User.GetUserId());
+                items = items.Where(i => i.IsVisible(user)).ToList();
+            }
+
             if (isHidden.HasValue)
             {
                 var val = isHidden.Value;
author	Bill Thornton <billt2006@gmail.com>	2022-11-09 18:31:30 -0500
committer	Bill Thornton <billt2006@gmail.com>	2022-11-09 18:31:30 -0500
commit	9f352ccb5b5ab85eac064f70fc819f04984fa0d7 (patch)
tree	99f0cfccbe530f0835507838fab7a32010c16416 /Jellyfin.Api/Controllers/LibraryController.cs
parent	fb9023f2d83c9e0947c63d4a0c27b35d6c711d9c (diff)