Move request validation to auth policies

author: cvium <clausvium@gmail.com> 2020-12-03 10:43:44 +0100
committer: cvium <clausvium@gmail.com> 2020-12-03 10:43:44 +0100
commit: 7e0ea296c383b9b9cd778bb12834c2a73df3d1ea (patch)
tree: b0acc0b4b3743f134f1073fcb17e2a3eadac181f /Jellyfin.Api/Controllers/SyncPlayController.cs
parent: b57ace7888db78a655a00a277e7eb5c4a4eba294 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/Jellyfin.Api/Controllers/SyncPlayController.cs b/Jellyfin.Api/Controllers/SyncPlayController.cs
index ed5ea3c8a..763940c73 100644
--- a/Jellyfin.Api/Controllers/SyncPlayController.cs
+++ b/Jellyfin.Api/Controllers/SyncPlayController.cs
@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// The sync play controller.
     /// </summary>
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize(Policy = Policies.SyncPlayAccess)]
     public class SyncPlayController : BaseJellyfinApiController
     {
         private readonly ISessionManager _sessionManager;
@@ -51,6 +51,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("New")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [Authorize(Policy = Policies.SyncPlayCreateGroupAccess)]
         public ActionResult SyncPlayCreateGroup(
             [FromBody, Required] NewGroupRequestBody requestData)
         {
author	cvium <clausvium@gmail.com>	2020-12-03 10:43:44 +0100
committer	cvium <clausvium@gmail.com>	2020-12-03 10:43:44 +0100
commit	7e0ea296c383b9b9cd778bb12834c2a73df3d1ea (patch)
tree	b0acc0b4b3743f134f1073fcb17e2a3eadac181f /Jellyfin.Api/Controllers/SyncPlayController.cs
parent	b57ace7888db78a655a00a277e7eb5c4a4eba294 (diff)