enable user device access

author: Luke Pulverenti <luke.pulverenti@gmail.com> 2014-12-29 15:18:48 -0500
committer: Luke Pulverenti <luke.pulverenti@gmail.com> 2014-12-29 15:18:48 -0500
commit: 8a9f16ff6ae94fe1e86d93495b4908e253f7dba2 (patch)
tree: 8b6b2dd44cf00eecb42fc3401aec599ca82cd146 /MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
parent: 800a16a2130ed49204a8b1358e62901077285a82 (diff)
1 files changed, 41 insertions, 19 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
index 13563ce19..1d17c641d 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -1,5 +1,6 @@
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Connect;
+using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Net;
@@ -15,10 +16,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
     {
         private readonly IServerConfigurationManager _config;
 
-        public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager)
+        public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager, IDeviceManager deviceManager)
         {
             AuthorizationContext = authorizationContext;
             _config = config;
+            DeviceManager = deviceManager;
             SessionManager = sessionManager;
             ConnectManager = connectManager;
             UserManager = userManager;
@@ -28,6 +30,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
         public IAuthorizationContext AuthorizationContext { get; private set; }
         public IConnectManager ConnectManager { get; private set; }
         public ISessionManager SessionManager { get; private set; }
+        public IDeviceManager DeviceManager { get; private set; }
 
         /// <summary>
         /// Redirect the client to a specific URL if authentication failed.
@@ -68,24 +71,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
 
             if (user != null)
             {
-                if (user.Policy.IsDisabled)
-                {
-                    throw new SecurityException("User account has been disabled.")
-                    {
-                        SecurityExceptionType = SecurityExceptionType.Unauthenticated
-                    };
-                }
-
-                if (!user.Policy.IsAdministrator &&
-                    !authAttribtues.EscapeParentalControl &&
-                    !user.IsParentalScheduleAllowed())
-                {
-                    request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
-                    throw new SecurityException("This user account is not allowed access at this time.")
-                    {
-                        SecurityExceptionType = SecurityExceptionType.ParentalControl
-                    };
-                }
+                ValidateUserAccess(user, request, authAttribtues, auth);
             }
 
             if (!IsExemptFromRoles(auth, authAttribtues))
@@ -108,6 +94,42 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
             }
         }
 
+        private void ValidateUserAccess(User user, IServiceRequest request,
+            IAuthenticationAttributes authAttribtues,
+            AuthorizationInfo auth)
+        {
+            if (user.Policy.IsDisabled)
+            {
+                throw new SecurityException("User account has been disabled.")
+                {
+                    SecurityExceptionType = SecurityExceptionType.Unauthenticated
+                };
+            }
+
+            if (!user.Policy.IsAdministrator &&
+                !authAttribtues.EscapeParentalControl &&
+                !user.IsParentalScheduleAllowed())
+            {
+                request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
+
+                throw new SecurityException("This user account is not allowed access at this time.")
+                {
+                    SecurityExceptionType = SecurityExceptionType.ParentalControl
+                };
+            }
+
+            if (!string.IsNullOrWhiteSpace(auth.DeviceId))
+            {
+                if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId))
+                {
+                    throw new SecurityException("User is not allowed access from this device.")
+                    {
+                        SecurityExceptionType = SecurityExceptionType.ParentalControl
+                    };
+                }
+            }
+        }
+
         private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
         {
             if (!_config.Configuration.IsStartupWizardCompleted &&
author	Luke Pulverenti <luke.pulverenti@gmail.com>	2014-12-29 15:18:48 -0500
committer	Luke Pulverenti <luke.pulverenti@gmail.com>	2014-12-29 15:18:48 -0500
commit	8a9f16ff6ae94fe1e86d93495b4908e253f7dba2 (patch)
tree	8b6b2dd44cf00eecb42fc3401aec599ca82cd146 /MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
parent	800a16a2130ed49204a8b1358e62901077285a82 (diff)