diff options
| author | Vasily <JustAMan@users.noreply.github.com> | 2019-02-20 14:42:35 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-20 14:42:35 +0300 |
| commit | 60df855b263e691f946973a192621e7998db9cbb (patch) | |
| tree | 844929e363ba4a857271ee068efbce1af2ce2bf4 /MediaBrowser.Api | |
| parent | 44ed037e7361b15a13f40b81378d543d22157bce (diff) | |
| parent | 53beebc77415d9020bedb385483851e7bb96a929 (diff) | |
Merge pull request #930 from fruhnow/AuthorizationCheck
checking user-permission in GetQueryResult
Diffstat (limited to 'MediaBrowser.Api')
| -rw-r--r-- | MediaBrowser.Api/UserLibrary/ItemsService.cs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/MediaBrowser.Api/UserLibrary/ItemsService.cs b/MediaBrowser.Api/UserLibrary/ItemsService.cs index 96b0aa003..84475467f 100644 --- a/MediaBrowser.Api/UserLibrary/ItemsService.cs +++ b/MediaBrowser.Api/UserLibrary/ItemsService.cs @@ -12,6 +12,7 @@ using MediaBrowser.Model.Entities; using MediaBrowser.Model.Globalization; using MediaBrowser.Model.Querying; using MediaBrowser.Model.Services; +using Microsoft.Extensions.Logging; namespace MediaBrowser.Api.UserLibrary { @@ -224,6 +225,16 @@ namespace MediaBrowser.Api.UserLibrary request.IncludeItemTypes = "Playlist"; } + if (!user.Policy.EnableAllFolders && !user.Policy.EnabledFolders.Any(i => new Guid(i) == item.Id)) + { + Logger.LogWarning("{UserName} is not permitted to access Library {ItemName}.", user.Name, item.Name); + return new QueryResult<BaseItem> + { + Items = Array.Empty<BaseItem>(), + TotalRecordCount = 0 + }; + } + if (request.Recursive || !string.IsNullOrEmpty(request.Ids) || user == null) { return folder.GetItems(GetItemsQuery(request, dtoOptions, user)); |