aboutsummaryrefslogtreecommitdiff
path: root/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
diff options
context:
space:
mode:
Diffstat (limited to 'Jellyfin.Api/Auth/BaseAuthorizationHandler.cs')
-rw-r--r--Jellyfin.Api/Auth/BaseAuthorizationHandler.cs11
1 files changed, 10 insertions, 1 deletions
diff --git a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
index b5b9d8904..c66b841fa 100644
--- a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
@@ -44,11 +44,13 @@ namespace Jellyfin.Api.Auth
/// <param name="claimsPrincipal">Request claims.</param>
/// <param name="ignoreSchedule">Whether to ignore parental control.</param>
/// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
+ /// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
/// <returns>Validated claim status.</returns>
protected bool ValidateClaims(
ClaimsPrincipal claimsPrincipal,
bool ignoreSchedule = false,
- bool localAccessOnly = false)
+ bool localAccessOnly = false,
+ bool requiredDownloadPermission = false)
{
// Ensure claim has userId.
var userId = ClaimHelpers.GetUserId(claimsPrincipal);
@@ -91,6 +93,13 @@ namespace Jellyfin.Api.Auth
return false;
}
+ // User attempting to download without permission.
+ if (requiredDownloadPermission
+ && !user.HasPermission(PermissionKind.EnableContentDownloading))
+ {
+ return false;
+ }
+
return true;
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-06 15:08:16 +0000