aboutsummaryrefslogtreecommitdiff
path: root/MediaBrowser.Api/UserService.cs
diff options
context:
space:
mode:
Diffstat (limited to 'MediaBrowser.Api/UserService.cs')
-rw-r--r--MediaBrowser.Api/UserService.cs116
1 files changed, 110 insertions, 6 deletions
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
index 51a7584b8..c34924f3c 100644
--- a/MediaBrowser.Api/UserService.cs
+++ b/MediaBrowser.Api/UserService.cs
@@ -11,7 +11,6 @@ using MediaBrowser.Model.Connect;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Users;
using ServiceStack;
-using ServiceStack.Text.Controller;
using System;
using System.Collections.Generic;
using System.Linq;
@@ -57,6 +56,21 @@ namespace MediaBrowser.Api
}
/// <summary>
+ /// Class GetUser
+ /// </summary>
+ [Route("/Users/{Id}/Offline", "GET", Summary = "Gets an offline user record by Id")]
+ [Authenticated]
+ public class GetOfflineUser : IReturn<UserDto>
+ {
+ /// <summary>
+ /// Gets or sets the id.
+ /// </summary>
+ /// <value>The id.</value>
+ [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
+ public string Id { get; set; }
+ }
+
+ /// <summary>
/// Class DeleteUser
/// </summary>
[Route("/Users/{Id}", "DELETE", Summary = "Deletes a user")]
@@ -149,6 +163,32 @@ namespace MediaBrowser.Api
}
/// <summary>
+ /// Class UpdateUserEasyPassword
+ /// </summary>
+ [Route("/Users/{Id}/EasyPassword", "POST", Summary = "Updates a user's easy password")]
+ [Authenticated]
+ public class UpdateUserEasyPassword : IReturnVoid
+ {
+ /// <summary>
+ /// Gets or sets the id.
+ /// </summary>
+ /// <value>The id.</value>
+ public string Id { get; set; }
+
+ /// <summary>
+ /// Gets or sets the new password.
+ /// </summary>
+ /// <value>The new password.</value>
+ public string NewPassword { get; set; }
+
+ /// <summary>
+ /// Gets or sets a value indicating whether [reset password].
+ /// </summary>
+ /// <value><c>true</c> if [reset password]; otherwise, <c>false</c>.</value>
+ public bool ResetPassword { get; set; }
+ }
+
+ /// <summary>
/// Class UpdateUser
/// </summary>
[Route("/Users/{Id}", "POST", Summary = "Updates a user")]
@@ -294,7 +334,7 @@ namespace MediaBrowser.Api
.Select(i => _userManager.GetUserDto(i, Request.RemoteIp))
.ToList();
- return ToOptimizedSerializedResultUsingCache(result);
+ return ToOptimizedResult(result);
}
/// <summary>
@@ -313,7 +353,23 @@ namespace MediaBrowser.Api
var result = _userManager.GetUserDto(user, Request.RemoteIp);
- return ToOptimizedSerializedResultUsingCache(result);
+ return ToOptimizedResult(result);
+ }
+
+ public object Get(GetOfflineUser request)
+ {
+ var user = _userManager.GetUserById(request.Id);
+
+ if (user == null)
+ {
+ throw new ResourceNotFoundException("User not found");
+ }
+
+ var auth = AuthorizationContext.GetAuthorizationInfo(Request);
+
+ var result = _userManager.GetOfflineUserDto(user, auth.DeviceId);
+
+ return ToOptimizedResult(result);
}
/// <summary>
@@ -410,6 +466,8 @@ namespace MediaBrowser.Api
public async Task PostAsync(UpdateUserPassword request)
{
+ AssertCanUpdateUser(request.Id);
+
var user = _userManager.GetUserById(request.Id);
if (user == null)
@@ -434,6 +492,33 @@ namespace MediaBrowser.Api
}
}
+ public void Post(UpdateUserEasyPassword request)
+ {
+ var task = PostAsync(request);
+ Task.WaitAll(task);
+ }
+
+ public async Task PostAsync(UpdateUserEasyPassword request)
+ {
+ AssertCanUpdateUser(request.Id);
+
+ var user = _userManager.GetUserById(request.Id);
+
+ if (user == null)
+ {
+ throw new ResourceNotFoundException("User not found");
+ }
+
+ if (request.ResetPassword)
+ {
+ await _userManager.ResetEasyPassword(user).ConfigureAwait(false);
+ }
+ else
+ {
+ await _userManager.ChangeEasyPassword(user, request.NewPassword).ConfigureAwait(false);
+ }
+ }
+
/// <summary>
/// Posts the specified request.
/// </summary>
@@ -449,14 +534,15 @@ namespace MediaBrowser.Api
{
// We need to parse this manually because we told service stack not to with IRequiresRequestStream
// https://code.google.com/p/servicestack/source/browse/trunk/Common/ServiceStack.Text/ServiceStack.Text/Controller/PathInfo.cs
- var pathInfo = PathInfo.Parse(Request.PathInfo);
- var id = new Guid(pathInfo.GetArgumentValue<string>(1));
+ var id = GetPathValue(1);
+
+ AssertCanUpdateUser(id);
var dtoUser = request;
var user = _userManager.GetUserById(id);
- var task = user.Name.Equals(dtoUser.Name, StringComparison.Ordinal) ?
+ var task = string.Equals(user.Name, dtoUser.Name, StringComparison.Ordinal) ?
_userManager.UpdateUser(user) :
_userManager.RenameUser(user, dtoUser.Name);
@@ -500,11 +586,29 @@ namespace MediaBrowser.Api
public void Post(UpdateUserConfiguration request)
{
+ AssertCanUpdateUser(request.Id);
+
var task = _userManager.UpdateConfiguration(request.Id, request);
Task.WaitAll(task);
}
+ private void AssertCanUpdateUser(string userId)
+ {
+ var auth = AuthorizationContext.GetAuthorizationInfo(Request);
+
+ // If they're going to update the record of another user, they must be an administrator
+ if (!string.Equals(userId, auth.UserId, StringComparison.OrdinalIgnoreCase))
+ {
+ var authenticatedUser = _userManager.GetUserById(auth.UserId);
+
+ if (!authenticatedUser.Policy.IsAdministrator)
+ {
+ throw new SecurityException("Unauthorized access.");
+ }
+ }
+ }
+
public void Post(UpdateUserPolicy request)
{
var task = UpdateUserPolicy(request);
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-08 23:16:12 +0000