fixes #1001 - Support downloading

author: Luke Pulverenti <luke.pulverenti@gmail.com> 2015-02-06 00:39:07 -0500
committer: Luke Pulverenti <luke.pulverenti@gmail.com> 2015-02-06 00:39:07 -0500
commit: b6d59c7688fc39d4689bc9070a7a99271d5b41ee (patch)
tree: 214166a434a1007cea7c7b4396a001ed9c1efddc /MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
parent: 4ae6b5f675ba922dadd532870ef97dfa28ff3db3 (diff)
1 files changed, 24 insertions, 2 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
index c374a31b3..77953ee43 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -74,7 +74,9 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
                 ValidateUserAccess(user, request, authAttribtues, auth);
             }
 
-            if (!IsExemptFromRoles(auth, authAttribtues))
+            var info = (AuthenticationInfo)request.Items["OriginalAuthenticationInfo"];
+
+            if (!IsExemptFromRoles(auth, authAttribtues, info))
             {
                 var roles = authAttribtues.GetRoles().ToList();
 
@@ -142,7 +144,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
                 StringComparer.OrdinalIgnoreCase);
         }
 
-        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
+        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo)
         {
             if (!_config.Configuration.IsStartupWizardCompleted &&
                 authAttribtues.AllowBeforeStartupWizard)
@@ -150,6 +152,16 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
                 return true;
             }
 
+            if (string.IsNullOrWhiteSpace(auth.Token))
+            {
+                return true;
+            }
+
+            if (tokenInfo != null && string.IsNullOrWhiteSpace(tokenInfo.UserId))
+            {
+                return true;
+            }
+
             return false;
         }
 
@@ -175,6 +187,16 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
                     };
                 }
             }
+            if (roles.Contains("download", StringComparer.OrdinalIgnoreCase))
+            {
+                if (user == null || !user.Policy.EnableContentDownloading)
+                {
+                    throw new SecurityException("User does not have download access.")
+                    {
+                        SecurityExceptionType = SecurityExceptionType.Unauthenticated
+                    };
+                }
+            }
         }
 
         private bool IsValidConnectKey(string token)
author	Luke Pulverenti <luke.pulverenti@gmail.com>	2015-02-06 00:39:07 -0500
committer	Luke Pulverenti <luke.pulverenti@gmail.com>	2015-02-06 00:39:07 -0500
commit	b6d59c7688fc39d4689bc9070a7a99271d5b41ee (patch)
tree	214166a434a1007cea7c7b4396a001ed9c1efddc /MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
parent	4ae6b5f675ba922dadd532870ef97dfa28ff3db3 (diff)