Merge remote-tracking branch 'upstream/api-migration' into api-environment

author: crobibero <cody@robibe.ro> 2020-06-25 16:22:04 -0600
committer: crobibero <cody@robibe.ro> 2020-06-25 16:22:04 -0600
commit: 18f7f5aec7eb303d7bcee8462166abbf52dc6325 (patch)
tree: e9e43b0438e25ed105bce21ba0735d7e337f6b7e /MediaBrowser.Api/BaseApiService.cs
parent: 6767c47ccdede27a374ea21b3013fe32ee356f01 (diff)
parent: 7bd91727791d5723e779e63b913e8650380048ce (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/MediaBrowser.Api/BaseApiService.cs b/MediaBrowser.Api/BaseApiService.cs
index 2cd68ac1b..2ece16ee1 100644
--- a/MediaBrowser.Api/BaseApiService.cs
+++ b/MediaBrowser.Api/BaseApiService.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using System.Linq;
+using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
@@ -94,8 +95,8 @@ namespace MediaBrowser.Api
             var authenticatedUser = auth.User;
 
             // If they're going to update the record of another user, they must be an administrator
-            if ((!userId.Equals(auth.UserId) && !authenticatedUser.Policy.IsAdministrator)
-                || (restrictUserPreferences && !authenticatedUser.Policy.EnableUserPreferenceAccess))
+            if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator))
+                || (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess))
             {
                 throw new SecurityException("Unauthorized access.");
             }
author	crobibero <cody@robibe.ro>	2020-06-25 16:22:04 -0600
committer	crobibero <cody@robibe.ro>	2020-06-25 16:22:04 -0600
commit	18f7f5aec7eb303d7bcee8462166abbf52dc6325 (patch)
tree	e9e43b0438e25ed105bce21ba0735d7e337f6b7e /MediaBrowser.Api/BaseApiService.cs
parent	6767c47ccdede27a374ea21b3013fe32ee356f01 (diff)
parent	7bd91727791d5723e779e63b913e8650380048ce (diff)