Merge remote-tracking branch 'upstream/api-migration' into api-filter

author: crobibero <cody@robibe.ro> 2020-06-17 10:43:04 -0600
committer: crobibero <cody@robibe.ro> 2020-06-17 10:43:04 -0600
commit: 444605703c91bafdcf1a01d864b7b71bd2a67ddb (patch)
tree: 1eea5b066befbb58eb9ac514bd2c358358fda71c /MediaBrowser.Api/BaseApiService.cs
parent: 8a834fb7285681e5a8f3df57e4aac36724c0bc1e (diff)
parent: cf9223b8cb2f1ebccf20cb1dcd99d19b78cf3e61 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/MediaBrowser.Api/BaseApiService.cs b/MediaBrowser.Api/BaseApiService.cs
index 2cd68ac1b..2ece16ee1 100644
--- a/MediaBrowser.Api/BaseApiService.cs
+++ b/MediaBrowser.Api/BaseApiService.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using System.Linq;
+using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
@@ -94,8 +95,8 @@ namespace MediaBrowser.Api
             var authenticatedUser = auth.User;
 
             // If they're going to update the record of another user, they must be an administrator
-            if ((!userId.Equals(auth.UserId) && !authenticatedUser.Policy.IsAdministrator)
-                || (restrictUserPreferences && !authenticatedUser.Policy.EnableUserPreferenceAccess))
+            if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator))
+                || (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess))
             {
                 throw new SecurityException("Unauthorized access.");
             }
author	crobibero <cody@robibe.ro>	2020-06-17 10:43:04 -0600
committer	crobibero <cody@robibe.ro>	2020-06-17 10:43:04 -0600
commit	444605703c91bafdcf1a01d864b7b71bd2a67ddb (patch)
tree	1eea5b066befbb58eb9ac514bd2c358358fda71c /MediaBrowser.Api/BaseApiService.cs
parent	8a834fb7285681e5a8f3df57e4aac36724c0bc1e (diff)
parent	cf9223b8cb2f1ebccf20cb1dcd99d19b78cf3e61 (diff)