diff options
| author | Luke Pulverenti <luke.pulverenti@gmail.com> | 2014-12-29 15:18:48 -0500 |
|---|---|---|
| committer | Luke Pulverenti <luke.pulverenti@gmail.com> | 2014-12-29 15:18:48 -0500 |
| commit | 8a9f16ff6ae94fe1e86d93495b4908e253f7dba2 (patch) | |
| tree | 8b6b2dd44cf00eecb42fc3401aec599ca82cd146 /MediaBrowser.Server.Implementations | |
| parent | 800a16a2130ed49204a8b1358e62901077285a82 (diff) | |
enable user device access
Diffstat (limited to 'MediaBrowser.Server.Implementations')
9 files changed, 109 insertions, 70 deletions
diff --git a/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs b/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs index 6cdc58118..3810fec66 100644 --- a/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs +++ b/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs @@ -5,6 +5,7 @@ using MediaBrowser.Controller.Devices; using MediaBrowser.Controller.Library; using MediaBrowser.Model.Devices; using MediaBrowser.Model.Events; +using MediaBrowser.Model.Extensions; using MediaBrowser.Model.Logging; using MediaBrowser.Model.Querying; using MediaBrowser.Model.Session; @@ -13,6 +14,7 @@ using System.Collections.Generic; using System.IO; using System.Linq; using System.Threading.Tasks; +using MediaBrowser.Model.Users; namespace MediaBrowser.Server.Implementations.Devices { @@ -188,6 +190,41 @@ namespace MediaBrowser.Server.Implementations.Devices EventHelper.FireEventIfNotNull(DeviceOptionsUpdated, this, new GenericEventArgs<DeviceInfo>(device), _logger); } + + public bool CanAccessDevice(string userId, string deviceId) + { + if (string.IsNullOrWhiteSpace(userId)) + { + throw new ArgumentNullException("userId"); + } + if (string.IsNullOrWhiteSpace(deviceId)) + { + throw new ArgumentNullException("deviceId"); + } + + var user = _userManager.GetUserById(userId); + if (!CanAccessDevice(user.Policy, deviceId)) + { + var capabilities = GetCapabilities(deviceId); + + if (capabilities.SupportsUniqueIdentifier) + { + return false; + } + } + + return true; + } + + private bool CanAccessDevice(UserPolicy policy, string id) + { + if (policy.EnableAllDevices) + { + return true; + } + + return ListHelper.ContainsIgnoreCase(policy.EnabledDevices, id); + } } public class DevicesConfigStore : IConfigurationFactory diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs index 13563ce19..1d17c641d 100644 --- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs @@ -1,5 +1,6 @@ using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Connect; +using MediaBrowser.Controller.Devices; using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Net; @@ -15,10 +16,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security { private readonly IServerConfigurationManager _config; - public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager) + public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager, IDeviceManager deviceManager) { AuthorizationContext = authorizationContext; _config = config; + DeviceManager = deviceManager; SessionManager = sessionManager; ConnectManager = connectManager; UserManager = userManager; @@ -28,6 +30,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security public IAuthorizationContext AuthorizationContext { get; private set; } public IConnectManager ConnectManager { get; private set; } public ISessionManager SessionManager { get; private set; } + public IDeviceManager DeviceManager { get; private set; } /// <summary> /// Redirect the client to a specific URL if authentication failed. @@ -68,24 +71,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security if (user != null) { - if (user.Policy.IsDisabled) - { - throw new SecurityException("User account has been disabled.") - { - SecurityExceptionType = SecurityExceptionType.Unauthenticated - }; - } - - if (!user.Policy.IsAdministrator && - !authAttribtues.EscapeParentalControl && - !user.IsParentalScheduleAllowed()) - { - request.AddResponseHeader("X-Application-Error-Code", "ParentalControl"); - throw new SecurityException("This user account is not allowed access at this time.") - { - SecurityExceptionType = SecurityExceptionType.ParentalControl - }; - } + ValidateUserAccess(user, request, authAttribtues, auth); } if (!IsExemptFromRoles(auth, authAttribtues)) @@ -108,6 +94,42 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security } } + private void ValidateUserAccess(User user, IServiceRequest request, + IAuthenticationAttributes authAttribtues, + AuthorizationInfo auth) + { + if (user.Policy.IsDisabled) + { + throw new SecurityException("User account has been disabled.") + { + SecurityExceptionType = SecurityExceptionType.Unauthenticated + }; + } + + if (!user.Policy.IsAdministrator && + !authAttribtues.EscapeParentalControl && + !user.IsParentalScheduleAllowed()) + { + request.AddResponseHeader("X-Application-Error-Code", "ParentalControl"); + + throw new SecurityException("This user account is not allowed access at this time.") + { + SecurityExceptionType = SecurityExceptionType.ParentalControl + }; + } + + if (!string.IsNullOrWhiteSpace(auth.DeviceId)) + { + if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId)) + { + throw new SecurityException("User is not allowed access from this device.") + { + SecurityExceptionType = SecurityExceptionType.ParentalControl + }; + } + } + } + private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues) { if (!_config.Configuration.IsStartupWizardCompleted && diff --git a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs index 390113cc8..67b9d546f 100644 --- a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs +++ b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs @@ -25,11 +25,6 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies // Contains [boxset] in the path if (args.IsDirectory) { - if (IsInvalid(args.GetCollectionType())) - { - return null; - } - var filename = Path.GetFileName(args.Path); if (string.IsNullOrEmpty(filename)) diff --git a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs index f7a82c5b8..587c6668c 100644 --- a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs +++ b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs @@ -1,12 +1,9 @@ -using MediaBrowser.Common.IO; -using MediaBrowser.Controller; -using MediaBrowser.Controller.Entities; +using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Entities.Movies; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Providers; using MediaBrowser.Controller.Resolvers; using MediaBrowser.Model.Entities; -using MediaBrowser.Model.Logging; using MediaBrowser.Naming.Common; using MediaBrowser.Naming.IO; using MediaBrowser.Naming.Video; @@ -22,16 +19,8 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies /// </summary> public class MovieResolver : BaseVideoResolver<Video>, IMultiItemResolver { - private readonly IServerApplicationPaths _applicationPaths; - private readonly ILogger _logger; - private readonly IFileSystem _fileSystem; - - public MovieResolver(ILibraryManager libraryManager, IServerApplicationPaths applicationPaths, ILogger logger, IFileSystem fileSystem) - : base(libraryManager) + public MovieResolver(ILibraryManager libraryManager) : base(libraryManager) { - _applicationPaths = applicationPaths; - _logger = logger; - _fileSystem = fileSystem; } /// <summary> @@ -62,12 +51,12 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies if (string.Equals(collectionType, CollectionType.MusicVideos, StringComparison.OrdinalIgnoreCase)) { - return ResolveVideos<MusicVideo>(parent, files, directoryService, collectionType); + return ResolveVideos<MusicVideo>(parent, files, directoryService, collectionType, false); } if (string.Equals(collectionType, CollectionType.HomeVideos, StringComparison.OrdinalIgnoreCase)) { - return ResolveVideos<Video>(parent, files, directoryService, collectionType); + return ResolveVideos<Video>(parent, files, directoryService, collectionType, false); } if (string.IsNullOrEmpty(collectionType)) @@ -75,21 +64,21 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies // Owned items should just use the plain video type if (parent == null) { - return ResolveVideos<Video>(parent, files, directoryService, collectionType); + return ResolveVideos<Video>(parent, files, directoryService, collectionType, false); } - return ResolveVideos<Video>(parent, files, directoryService, collectionType); + return ResolveVideos<Video>(parent, files, directoryService, collectionType, false); } if (string.Equals(collectionType, CollectionType.Movies, StringComparison.OrdinalIgnoreCase)) { - return ResolveVideos<Movie>(parent, files, directoryService, collectionType); + return ResolveVideos<Movie>(parent, files, directoryService, collectionType, false); } return null; } - private MultiItemResolverResult ResolveVideos<T>(Folder parent, IEnumerable<FileSystemInfo> fileSystemEntries, IDirectoryService directoryService, string collectionType) + private MultiItemResolverResult ResolveVideos<T>(Folder parent, IEnumerable<FileSystemInfo> fileSystemEntries, IDirectoryService directoryService, string collectionType, bool suppportMultiEditions) where T : Video, new() { var files = new List<FileSystemInfo>(); @@ -115,7 +104,7 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies FullName = i.FullName, Type = FileInfoType.File - }).ToList(), false).ToList(); + }).ToList(), suppportMultiEditions).ToList(); var result = new MultiItemResolverResult { @@ -135,7 +124,8 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies IsInMixedFolder = isInMixedFolder, ProductionYear = video.Year, Name = video.Name, - AdditionalParts = video.Files.Skip(1).Select(i => i.Path).ToList() + AdditionalParts = video.Files.Skip(1).Select(i => i.Path).ToList(), + LocalAlternateVersions = video.AlternateVersions.Select(i => i.Path).ToList() }; SetVideoType(videoItem, firstVideo); @@ -314,32 +304,11 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies return movie; } } - - var result = ResolveVideos<T>(parent, fileSystemEntries, directoryService, collectionType); var supportsMultiVersion = !string.Equals(collectionType, CollectionType.HomeVideos) && - !string.Equals(collectionType, CollectionType.MusicVideos); - - // Test for multi-editions - if (result.Items.Count > 1 && supportsMultiVersion) - { - var filenamePrefix = Path.GetFileName(path); - - if (!string.IsNullOrWhiteSpace(filenamePrefix)) - { - if (result.Items.All(i => _fileSystem.GetFileNameWithoutExtension(i.Path).StartsWith(filenamePrefix + " - ", StringComparison.OrdinalIgnoreCase))) - { - var movie = (T)result.Items[0]; - movie.Name = filenamePrefix; - movie.LocalAlternateVersions = result.Items.Skip(1).Select(i => i.Path).ToList(); - movie.IsInMixedFolder = false; - - _logger.Debug("Multi-version video found: " + movie.Path); + !string.Equals(collectionType, CollectionType.MusicVideos); - return movie; - } - } - } + var result = ResolveVideos<T>(parent, fileSystemEntries, directoryService, collectionType, supportsMultiVersion); if (result.Items.Count == 1) { diff --git a/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json b/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json index ef1c8ca6b..ca2a326ef 100644 --- a/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json +++ b/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json @@ -41,6 +41,10 @@ "LabelCancelled": "(cancelled)", "LabelFailed": "(failed)", "ButtonHelp": "Help", + "HeaderLibraryAccess": "Library Access", + "HeaderChannelAccess": "Channel Access", + "HeaderDeviceAccess": "Device Access", + "HeaderSelectDevices": "Select Devices", "LabelAbortedByServerShutdown": "(Aborted by server shutdown)", "LabelScheduledTaskLastRan": "Last ran {0}, taking {1}.", "HeaderDeleteTaskTrigger": "Delete Task Trigger", diff --git a/MediaBrowser.Server.Implementations/Localization/Server/server.json b/MediaBrowser.Server.Implementations/Localization/Server/server.json index 7f0809897..25d16f5a4 100644 --- a/MediaBrowser.Server.Implementations/Localization/Server/server.json +++ b/MediaBrowser.Server.Implementations/Localization/Server/server.json @@ -63,12 +63,16 @@ "TabPreferences": "Preferences", "TabPassword": "Password", "TabLibraryAccess": "Library Access", + "TabAccess": "Access", "TabImage": "Image", "TabProfile": "Profile", "TabMetadata": "Metadata", "TabImages": "Images", "TabNotifications": "Notifications", "TabCollectionTitles": "Titles", + "HeaderDeviceAccess": "Device Access", + "OptionEnableAccessFromAllDevices": "Enable access from all devices", + "DeviceAccessHelp": "This only applies to devices that can be uniquely identified and will not prevent browser access.", "LabelDisplayMissingEpisodesWithinSeasons": "Display missing episodes within seasons", "LabelUnairedMissingEpisodesWithinSeasons": "Display unaired episodes within seasons", "HeaderVideoPlaybackSettings": "Video Playback Settings", diff --git a/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj b/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj index 59196d0bb..f9f482b96 100644 --- a/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj +++ b/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj @@ -51,7 +51,7 @@ </Reference> <Reference Include="MediaBrowser.Naming, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL"> <SpecificVersion>False</SpecificVersion> - <HintPath>..\packages\MediaBrowser.Naming.1.0.0.23\lib\portable-net45+sl4+wp71+win8+wpa81\MediaBrowser.Naming.dll</HintPath> + <HintPath>..\packages\MediaBrowser.Naming.1.0.0.24\lib\portable-net45+sl4+wp71+win8+wpa81\MediaBrowser.Naming.dll</HintPath> </Reference> <Reference Include="Mono.Nat, Version=1.2.21.0, Culture=neutral, processorArchitecture=MSIL"> <SpecificVersion>False</SpecificVersion> diff --git a/MediaBrowser.Server.Implementations/Session/SessionManager.cs b/MediaBrowser.Server.Implementations/Session/SessionManager.cs index 4c587d1ab..d9ec9b7e4 100644 --- a/MediaBrowser.Server.Implementations/Session/SessionManager.cs +++ b/MediaBrowser.Server.Implementations/Session/SessionManager.cs @@ -1191,6 +1191,14 @@ namespace MediaBrowser.Server.Implementations.Session var user = _userManager.Users .FirstOrDefault(i => string.Equals(request.Username, i.Name, StringComparison.OrdinalIgnoreCase)); + if (user != null && !string.IsNullOrWhiteSpace(request.DeviceId)) + { + if (!_deviceManager.CanAccessDevice(user.Id.ToString("N"), request.DeviceId)) + { + throw new UnauthorizedAccessException("User is not allowed access from this device."); + } + } + var result = await _userManager.AuthenticateUser(request.Username, request.PasswordSha1, request.PasswordMd5, request.RemoteEndPoint).ConfigureAwait(false); if (!result) diff --git a/MediaBrowser.Server.Implementations/packages.config b/MediaBrowser.Server.Implementations/packages.config index f4406913b..239bca405 100644 --- a/MediaBrowser.Server.Implementations/packages.config +++ b/MediaBrowser.Server.Implementations/packages.config @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?>
<packages>
- <package id="MediaBrowser.Naming" version="1.0.0.23" targetFramework="net45" />
+ <package id="MediaBrowser.Naming" version="1.0.0.24" targetFramework="net45" />
<package id="Mono.Nat" version="1.2.21.0" targetFramework="net45" />
<package id="morelinq" version="1.1.0" targetFramework="net45" />
</packages>
\ No newline at end of file |