diff options
| author | David Ullmer <daullmer@gmail.com> | 2020-06-20 20:45:16 +0200 |
|---|---|---|
| committer | David Ullmer <daullmer@gmail.com> | 2020-06-20 20:45:16 +0200 |
| commit | d4c86b82e03352f7bab92f5fe05686891af1cd3e (patch) | |
| tree | 01217f621de90c0d95ae5b5dddfec0e32308ba2c /Jellyfin.Api/Helpers/RequestHelpers.cs | |
| parent | a5bd7f2d6ee0fef67c34f61db9be36167c30d890 (diff) | |
| parent | 804764e1fbf71e083479fc4069f90bab96faa84f (diff) | |
Merge remote-tracking branch 'remotes/upstream/api-migration' into api-sessionservice
# Conflicts:
# Jellyfin.Api/Helpers/RequestHelpers.cs
Diffstat (limited to 'Jellyfin.Api/Helpers/RequestHelpers.cs')
| -rw-r--r-- | Jellyfin.Api/Helpers/RequestHelpers.cs | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs index 2aa700de3..2ff40a8a5 100644 --- a/Jellyfin.Api/Helpers/RequestHelpers.cs +++ b/Jellyfin.Api/Helpers/RequestHelpers.cs @@ -1,4 +1,5 @@ using System; +using Jellyfin.Data.Enums; using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Session; using Microsoft.AspNetCore.Http; @@ -29,6 +30,30 @@ namespace Jellyfin.Api.Helpers : value.Split(separator); } + /// <summary> + /// Checks if the user can update an entry. + /// </summary> + /// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param> + /// <param name="requestContext">The <see cref="HttpRequest"/>.</param> + /// <param name="userId">The user id.</param> + /// <param name="restrictUserPreferences">Whether to restrict the user preferences.</param> + /// <returns>A <see cref="bool"/> whether the user can update the entry.</returns> + internal static bool AssertCanUpdateUser(IAuthorizationContext authContext, HttpRequest requestContext, Guid userId, bool restrictUserPreferences) + { + var auth = authContext.GetAuthorizationInfo(requestContext); + + var authenticatedUser = auth.User; + + // If they're going to update the record of another user, they must be an administrator + if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator)) + || (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess)) + { + return false; + } + + return true; + } + internal static SessionInfo GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request) { var authorization = authContext.GetAuthorizationInfo(request); |