1 files changed, 10 insertions, 30 deletions

diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
index 965b7e7e6..e425000cd 100644
--- a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
+++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
@@ -1,10 +1,7 @@
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
-using Jellyfin.Extensions;
 using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Controller.Library;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
@@ -15,61 +12,44 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
     public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
     {
         private readonly IConfigurationManager _configurationManager;
-        private readonly IUserManager _userManager;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
         /// </summary>
         /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        public FirstTimeSetupHandler(
-            IConfigurationManager configurationManager,
-            IUserManager userManager)
+        public FirstTimeSetupHandler(IConfigurationManager configurationManager)
         {
             _configurationManager = configurationManager;
-            _userManager = userManager;
         }
 
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
         {
+            // Succeed if the startup wizard / first time setup is not complete
             if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
             {
                 context.Succeed(requirement);
-                return Task.CompletedTask;
             }
 
-            var contextUser = context.User;
-            if (requirement.RequireAdmin && !contextUser.IsInRole(UserRoles.Administrator))
-            {
-                context.Fail();
-                return Task.CompletedTask;
-            }
-
-            var userId = contextUser.GetUserId();
-            if (userId.IsEmpty())
-            {
-                context.Fail();
-                return Task.CompletedTask;
-            }
-
-            if (!requirement.ValidateParentalSchedule)
+            // Succeed if user is admin
+            else if (context.User.IsInRole(UserRoles.Administrator))
             {
                 context.Succeed(requirement);
-                return Task.CompletedTask;
             }
 
-            var user = _userManager.GetUserById(userId);
-            if (user is null)
+            // Fail if admin is required and user is not admin
+            else if (requirement.RequireAdmin)
             {
-                throw new ResourceNotFoundException();
+                context.Fail();
             }
 
-            if (user.IsParentalScheduleAllowed())
+            // Succeed if admin is not required and user is not guest
+            else if (context.User.IsInRole(UserRoles.User))
             {
                 context.Succeed(requirement);
             }
 
+            // Any user-specific checks are handled in the DefaultAuthorizationHandler.
             return Task.CompletedTask;
         }
     }