Merge pull request #1043 from MediaBrowser/dev

3.0.5557.0
author: Luke <luke.pulverenti@gmail.com> 2015-03-19 13:21:35 -0400
committer: Luke <luke.pulverenti@gmail.com> 2015-03-19 13:21:35 -0400
commit: 9926be0d9de688c04065c916e44ada4177b38a80 (patch)
tree: 15338144a143948ffbee316641757e81489a7354 /MediaBrowser.Api/BaseApiService.cs
parent: b756e677d733992c2033bdd369980a37e17609e4 (diff)
parent: 0564d454e5ad4f59702aa9022af6bb8fd064a9ff (diff)
1 files changed, 27 insertions, 3 deletions
diff --git a/MediaBrowser.Api/BaseApiService.cs b/MediaBrowser.Api/BaseApiService.cs
index dff433c9d..4465be97a 100644
--- a/MediaBrowser.Api/BaseApiService.cs
+++ b/MediaBrowser.Api/BaseApiService.cs
@@ -1,4 +1,5 @@
-using MediaBrowser.Controller.Dto;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Entities.Audio;
 using MediaBrowser.Controller.Library;
@@ -72,6 +73,29 @@ namespace MediaBrowser.Api
             return ResultFactory.GetOptimizedResultUsingCache(Request, cacheKey, lastDateModified, cacheDuration, factoryFn);
         }
 
+        protected void AssertCanUpdateUser(IUserManager userManager, string userId)
+        {
+            var auth = AuthorizationContext.GetAuthorizationInfo(Request);
+
+            var authenticatedUser = userManager.GetUserById(auth.UserId);
+
+            // If they're going to update the record of another user, they must be an administrator
+            if (!string.Equals(userId, auth.UserId, StringComparison.OrdinalIgnoreCase))
+            {
+                if (!authenticatedUser.Policy.IsAdministrator)
+                {
+                    throw new SecurityException("Unauthorized access.");
+                }
+            }
+            else
+            {
+                if (!authenticatedUser.Policy.EnableUserPreferenceAccess)
+                {
+                    throw new SecurityException("Unauthorized access.");
+                }
+            }
+        }
+        
         /// <summary>
         /// To the optimized serialized result using cache.
         /// </summary>
@@ -88,9 +112,9 @@ namespace MediaBrowser.Api
         /// Gets the session.
         /// </summary>
         /// <returns>SessionInfo.</returns>
-        protected SessionInfo GetSession()
+        protected async Task<SessionInfo> GetSession()
         {
-            var session = SessionContext.GetSession(Request);
+            var session = await SessionContext.GetSession(Request).ConfigureAwait(false);
 
             if (session == null)
             {
author	Luke <luke.pulverenti@gmail.com>	2015-03-19 13:21:35 -0400
committer	Luke <luke.pulverenti@gmail.com>	2015-03-19 13:21:35 -0400
commit	9926be0d9de688c04065c916e44ada4177b38a80 (patch)
tree	15338144a143948ffbee316641757e81489a7354 /MediaBrowser.Api/BaseApiService.cs
parent	b756e677d733992c2033bdd369980a37e17609e4 (diff)
parent	0564d454e5ad4f59702aa9022af6bb8fd064a9ff (diff)