Merge remote-tracking branch 'upstream/api-migration' into api-channel

author: crobibero <cody@robibe.ro> 2020-06-24 10:52:39 -0600
committer: crobibero <cody@robibe.ro> 2020-06-24 10:52:39 -0600
commit: cbcf3bfaffadf9d467b2bd0bb7f3e834d13d56d3 (patch)
tree: 60c33f03ed003794eb61058ff870dc4f2dbee64d /MediaBrowser.Api/BaseApiService.cs
parent: 8f1505cdf5bc964c294cf0575807233f0e7af7d7 (diff)
parent: 6ad50f2e023cdf8fedce8c828c507576d590858e (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/MediaBrowser.Api/BaseApiService.cs b/MediaBrowser.Api/BaseApiService.cs
index 2cd68ac1b..2ece16ee1 100644
--- a/MediaBrowser.Api/BaseApiService.cs
+++ b/MediaBrowser.Api/BaseApiService.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using System.Linq;
+using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
@@ -94,8 +95,8 @@ namespace MediaBrowser.Api
             var authenticatedUser = auth.User;
 
             // If they're going to update the record of another user, they must be an administrator
-            if ((!userId.Equals(auth.UserId) && !authenticatedUser.Policy.IsAdministrator)
-                || (restrictUserPreferences && !authenticatedUser.Policy.EnableUserPreferenceAccess))
+            if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator))
+                || (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess))
             {
                 throw new SecurityException("Unauthorized access.");
             }
author	crobibero <cody@robibe.ro>	2020-06-24 10:52:39 -0600
committer	crobibero <cody@robibe.ro>	2020-06-24 10:52:39 -0600
commit	cbcf3bfaffadf9d467b2bd0bb7f3e834d13d56d3 (patch)
tree	60c33f03ed003794eb61058ff870dc4f2dbee64d /MediaBrowser.Api/BaseApiService.cs
parent	8f1505cdf5bc964c294cf0575807233f0e7af7d7 (diff)
parent	6ad50f2e023cdf8fedce8c828c507576d590858e (diff)