From f5f890e68562e55d4bed16c454c4b4305152b296 Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Tue, 31 Jan 2023 12:18:10 +0100
Subject: Migrate to file-scoped namespaces

---
 Jellyfin.Api/Controllers/LibraryController.cs | 1561 ++++++++++++-------------
 1 file changed, 780 insertions(+), 781 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 196d509fb..916aaf6ba 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -37,936 +37,935 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Jellyfin.Api.Controllers
+namespace Jellyfin.Api.Controllers;
+
+/// <summary>
+/// Library Controller.
+/// </summary>
+[Route("")]
+public class LibraryController : BaseJellyfinApiController
 {
+    private readonly IProviderManager _providerManager;
+    private readonly ILibraryManager _libraryManager;
+    private readonly IUserManager _userManager;
+    private readonly IDtoService _dtoService;
+    private readonly IActivityManager _activityManager;
+    private readonly ILocalizationManager _localization;
+    private readonly ILibraryMonitor _libraryMonitor;
+    private readonly ILogger<LibraryController> _logger;
+    private readonly IServerConfigurationManager _serverConfigurationManager;
+
     /// <summary>
-    /// Library Controller.
+    /// Initializes a new instance of the <see cref="LibraryController"/> class.
     /// </summary>
-    [Route("")]
-    public class LibraryController : BaseJellyfinApiController
+    /// <param name="providerManager">Instance of the <see cref="IProviderManager"/> interface.</param>
+    /// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
+    /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+    /// <param name="dtoService">Instance of the <see cref="IDtoService"/> interface.</param>
+    /// <param name="activityManager">Instance of the <see cref="IActivityManager"/> interface.</param>
+    /// <param name="localization">Instance of the <see cref="ILocalizationManager"/> interface.</param>
+    /// <param name="libraryMonitor">Instance of the <see cref="ILibraryMonitor"/> interface.</param>
+    /// <param name="logger">Instance of the <see cref="ILogger{LibraryController}"/> interface.</param>
+    /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
+    public LibraryController(
+        IProviderManager providerManager,
+        ILibraryManager libraryManager,
+        IUserManager userManager,
+        IDtoService dtoService,
+        IActivityManager activityManager,
+        ILocalizationManager localization,
+        ILibraryMonitor libraryMonitor,
+        ILogger<LibraryController> logger,
+        IServerConfigurationManager serverConfigurationManager)
     {
-        private readonly IProviderManager _providerManager;
-        private readonly ILibraryManager _libraryManager;
-        private readonly IUserManager _userManager;
-        private readonly IDtoService _dtoService;
-        private readonly IActivityManager _activityManager;
-        private readonly ILocalizationManager _localization;
-        private readonly ILibraryMonitor _libraryMonitor;
-        private readonly ILogger<LibraryController> _logger;
-        private readonly IServerConfigurationManager _serverConfigurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="LibraryController"/> class.
-        /// </summary>
-        /// <param name="providerManager">Instance of the <see cref="IProviderManager"/> interface.</param>
-        /// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="dtoService">Instance of the <see cref="IDtoService"/> interface.</param>
-        /// <param name="activityManager">Instance of the <see cref="IActivityManager"/> interface.</param>
-        /// <param name="localization">Instance of the <see cref="ILocalizationManager"/> interface.</param>
-        /// <param name="libraryMonitor">Instance of the <see cref="ILibraryMonitor"/> interface.</param>
-        /// <param name="logger">Instance of the <see cref="ILogger{LibraryController}"/> interface.</param>
-        /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
-        public LibraryController(
-            IProviderManager providerManager,
-            ILibraryManager libraryManager,
-            IUserManager userManager,
-            IDtoService dtoService,
-            IActivityManager activityManager,
-            ILocalizationManager localization,
-            ILibraryMonitor libraryMonitor,
-            ILogger<LibraryController> logger,
-            IServerConfigurationManager serverConfigurationManager)
-        {
-            _providerManager = providerManager;
-            _libraryManager = libraryManager;
-            _userManager = userManager;
-            _dtoService = dtoService;
-            _activityManager = activityManager;
-            _localization = localization;
-            _libraryMonitor = libraryMonitor;
-            _logger = logger;
-            _serverConfigurationManager = serverConfigurationManager;
-        }
-
-        /// <summary>
-        /// Get the original file of an item.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <response code="200">File stream returned.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>A <see cref="FileStreamResult"/> with the original file.</returns>
-        [HttpGet("Items/{itemId}/File")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesFile("video/*", "audio/*")]
-        public ActionResult GetFile([FromRoute, Required] Guid itemId)
-        {
-            var item = _libraryManager.GetItemById(itemId);
-            if (item is null)
-            {
-                return NotFound();
-            }
-
-            return PhysicalFile(item.Path, MimeTypes.GetMimeType(item.Path), true);
-        }
+        _providerManager = providerManager;
+        _libraryManager = libraryManager;
+        _userManager = userManager;
+        _dtoService = dtoService;
+        _activityManager = activityManager;
+        _localization = localization;
+        _libraryMonitor = libraryMonitor;
+        _logger = logger;
+        _serverConfigurationManager = serverConfigurationManager;
+    }
 
-        /// <summary>
-        /// Gets critic review for an item.
-        /// </summary>
-        /// <response code="200">Critic reviews returned.</response>
-        /// <returns>The list of critic reviews.</returns>
-        [HttpGet("Items/{itemId}/CriticReviews")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [Obsolete("This endpoint is obsolete.")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<BaseItemDto>> GetCriticReviews()
+    /// <summary>
+    /// Get the original file of an item.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <response code="200">File stream returned.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>A <see cref="FileStreamResult"/> with the original file.</returns>
+    [HttpGet("Items/{itemId}/File")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [ProducesFile("video/*", "audio/*")]
+    public ActionResult GetFile([FromRoute, Required] Guid itemId)
+    {
+        var item = _libraryManager.GetItemById(itemId);
+        if (item is null)
         {
-            return new QueryResult<BaseItemDto>();
+            return NotFound();
         }
 
-        /// <summary>
-        /// Get theme songs for an item.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
-        /// <param name="inheritFromParent">Optional. Determines whether or not parent items should be searched for theme media.</param>
-        /// <response code="200">Theme songs returned.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>The item theme songs.</returns>
-        [HttpGet("Items/{itemId}/ThemeSongs")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<ThemeMediaResult> GetThemeSongs(
-            [FromRoute, Required] Guid itemId,
-            [FromQuery] Guid? userId,
-            [FromQuery] bool inheritFromParent = false)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-
-            var item = itemId.Equals(default)
-                ? (userId is null || userId.Value.Equals(default)
-                    ? _libraryManager.RootFolder
-                    : _libraryManager.GetUserRootFolder())
-                : _libraryManager.GetItemById(itemId);
-
-            if (item is null)
-            {
-                return NotFound("Item not found.");
-            }
+        return PhysicalFile(item.Path, MimeTypes.GetMimeType(item.Path), true);
+    }
 
-            IEnumerable<BaseItem> themeItems;
+    /// <summary>
+    /// Gets critic review for an item.
+    /// </summary>
+    /// <response code="200">Critic reviews returned.</response>
+    /// <returns>The list of critic reviews.</returns>
+    [HttpGet("Items/{itemId}/CriticReviews")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Obsolete("This endpoint is obsolete.")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<QueryResult<BaseItemDto>> GetCriticReviews()
+    {
+        return new QueryResult<BaseItemDto>();
+    }
 
-            while (true)
-            {
-                themeItems = item.GetThemeSongs();
+    /// <summary>
+    /// Get theme songs for an item.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
+    /// <param name="inheritFromParent">Optional. Determines whether or not parent items should be searched for theme media.</param>
+    /// <response code="200">Theme songs returned.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>The item theme songs.</returns>
+    [HttpGet("Items/{itemId}/ThemeSongs")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public ActionResult<ThemeMediaResult> GetThemeSongs(
+        [FromRoute, Required] Guid itemId,
+        [FromQuery] Guid? userId,
+        [FromQuery] bool inheritFromParent = false)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
 
-                if (themeItems.Any() || !inheritFromParent)
-                {
-                    break;
-                }
+        var item = itemId.Equals(default)
+            ? (userId is null || userId.Value.Equals(default)
+                ? _libraryManager.RootFolder
+                : _libraryManager.GetUserRootFolder())
+            : _libraryManager.GetItemById(itemId);
 
-                var parent = item.GetParent();
-                if (parent is null)
-                {
-                    break;
-                }
+        if (item is null)
+        {
+            return NotFound("Item not found.");
+        }
 
-                item = parent;
-            }
+        IEnumerable<BaseItem> themeItems;
 
-            var dtoOptions = new DtoOptions().AddClientFields(User);
-            var items = themeItems
-                .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item))
-                .ToArray();
+        while (true)
+        {
+            themeItems = item.GetThemeSongs();
 
-            return new ThemeMediaResult
+            if (themeItems.Any() || !inheritFromParent)
             {
-                Items = items,
-                TotalRecordCount = items.Length,
-                OwnerId = item.Id
-            };
-        }
-
-        /// <summary>
-        /// Get theme videos for an item.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
-        /// <param name="inheritFromParent">Optional. Determines whether or not parent items should be searched for theme media.</param>
-        /// <response code="200">Theme videos returned.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>The item theme videos.</returns>
-        [HttpGet("Items/{itemId}/ThemeVideos")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<ThemeMediaResult> GetThemeVideos(
-            [FromRoute, Required] Guid itemId,
-            [FromQuery] Guid? userId,
-            [FromQuery] bool inheritFromParent = false)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-
-            var item = itemId.Equals(default)
-                ? (userId is null || userId.Value.Equals(default)
-                    ? _libraryManager.RootFolder
-                    : _libraryManager.GetUserRootFolder())
-                : _libraryManager.GetItemById(itemId);
-
-            if (item is null)
+                break;
+            }
+
+            var parent = item.GetParent();
+            if (parent is null)
             {
-                return NotFound("Item not found.");
+                break;
             }
 
-            IEnumerable<BaseItem> themeItems;
+            item = parent;
+        }
 
-            while (true)
-            {
-                themeItems = item.GetThemeVideos();
+        var dtoOptions = new DtoOptions().AddClientFields(User);
+        var items = themeItems
+            .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item))
+            .ToArray();
 
-                if (themeItems.Any() || !inheritFromParent)
-                {
-                    break;
-                }
+        return new ThemeMediaResult
+        {
+            Items = items,
+            TotalRecordCount = items.Length,
+            OwnerId = item.Id
+        };
+    }
 
-                var parent = item.GetParent();
-                if (parent is null)
-                {
-                    break;
-                }
+    /// <summary>
+    /// Get theme videos for an item.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
+    /// <param name="inheritFromParent">Optional. Determines whether or not parent items should be searched for theme media.</param>
+    /// <response code="200">Theme videos returned.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>The item theme videos.</returns>
+    [HttpGet("Items/{itemId}/ThemeVideos")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public ActionResult<ThemeMediaResult> GetThemeVideos(
+        [FromRoute, Required] Guid itemId,
+        [FromQuery] Guid? userId,
+        [FromQuery] bool inheritFromParent = false)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
 
-                item = parent;
-            }
+        var item = itemId.Equals(default)
+            ? (userId is null || userId.Value.Equals(default)
+                ? _libraryManager.RootFolder
+                : _libraryManager.GetUserRootFolder())
+            : _libraryManager.GetItemById(itemId);
 
-            var dtoOptions = new DtoOptions().AddClientFields(User);
-            var items = themeItems
-                .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item))
-                .ToArray();
+        if (item is null)
+        {
+            return NotFound("Item not found.");
+        }
 
-            return new ThemeMediaResult
-            {
-                Items = items,
-                TotalRecordCount = items.Length,
-                OwnerId = item.Id
-            };
-        }
-
-        /// <summary>
-        /// Get theme songs and videos for an item.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
-        /// <param name="inheritFromParent">Optional. Determines whether or not parent items should be searched for theme media.</param>
-        /// <response code="200">Theme songs and videos returned.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>The item theme videos.</returns>
-        [HttpGet("Items/{itemId}/ThemeMedia")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<AllThemeMediaResult> GetThemeMedia(
-            [FromRoute, Required] Guid itemId,
-            [FromQuery] Guid? userId,
-            [FromQuery] bool inheritFromParent = false)
-        {
-            var themeSongs = GetThemeSongs(
-                itemId,
-                userId,
-                inheritFromParent);
-
-            var themeVideos = GetThemeVideos(
-                itemId,
-                userId,
-                inheritFromParent);
-
-            return new AllThemeMediaResult
-            {
-                ThemeSongsResult = themeSongs?.Value,
-                ThemeVideosResult = themeVideos?.Value,
-                SoundtrackSongsResult = new ThemeMediaResult()
-            };
-        }
-
-        /// <summary>
-        /// Starts a library scan.
-        /// </summary>
-        /// <response code="204">Library scan started.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Library/Refresh")]
-        [Authorize(Policy = Policies.RequiresElevation)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> RefreshLibrary()
-        {
-            try
+        IEnumerable<BaseItem> themeItems;
+
+        while (true)
+        {
+            themeItems = item.GetThemeVideos();
+
+            if (themeItems.Any() || !inheritFromParent)
             {
-                await _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None).ConfigureAwait(false);
+                break;
             }
-            catch (Exception ex)
+
+            var parent = item.GetParent();
+            if (parent is null)
             {
-                 _logger.LogError(ex, "Error refreshing library");
+                break;
             }
 
+            item = parent;
+        }
+
+        var dtoOptions = new DtoOptions().AddClientFields(User);
+        var items = themeItems
+            .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item))
+            .ToArray();
+
+        return new ThemeMediaResult
+        {
+            Items = items,
+            TotalRecordCount = items.Length,
+            OwnerId = item.Id
+        };
+    }
+
+    /// <summary>
+    /// Get theme songs and videos for an item.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
+    /// <param name="inheritFromParent">Optional. Determines whether or not parent items should be searched for theme media.</param>
+    /// <response code="200">Theme songs and videos returned.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>The item theme videos.</returns>
+    [HttpGet("Items/{itemId}/ThemeMedia")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<AllThemeMediaResult> GetThemeMedia(
+        [FromRoute, Required] Guid itemId,
+        [FromQuery] Guid? userId,
+        [FromQuery] bool inheritFromParent = false)
+    {
+        var themeSongs = GetThemeSongs(
+            itemId,
+            userId,
+            inheritFromParent);
+
+        var themeVideos = GetThemeVideos(
+            itemId,
+            userId,
+            inheritFromParent);
+
+        return new AllThemeMediaResult
+        {
+            ThemeSongsResult = themeSongs?.Value,
+            ThemeVideosResult = themeVideos?.Value,
+            SoundtrackSongsResult = new ThemeMediaResult()
+        };
+    }
+
+    /// <summary>
+    /// Starts a library scan.
+    /// </summary>
+    /// <response code="204">Library scan started.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Library/Refresh")]
+    [Authorize(Policy = Policies.RequiresElevation)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public async Task<ActionResult> RefreshLibrary()
+    {
+        try
+        {
+            await _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None).ConfigureAwait(false);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "Error refreshing library");
+        }
+
+        return NoContent();
+    }
+
+    /// <summary>
+    /// Deletes an item from the library and filesystem.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <response code="204">Item deleted.</response>
+    /// <response code="401">Unauthorized access.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpDelete("Items/{itemId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    public ActionResult DeleteItem(Guid itemId)
+    {
+        var item = _libraryManager.GetItemById(itemId);
+        var user = _userManager.GetUserById(User.GetUserId());
+
+        if (!item.CanDelete(user))
+        {
+            return Unauthorized("Unauthorized access");
+        }
+
+        _libraryManager.DeleteItem(
+            item,
+            new DeleteOptions { DeleteFileLocation = true },
+            true);
+
+        return NoContent();
+    }
+
+    /// <summary>
+    /// Deletes items from the library and filesystem.
+    /// </summary>
+    /// <param name="ids">The item ids.</param>
+    /// <response code="204">Items deleted.</response>
+    /// <response code="401">Unauthorized access.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpDelete("Items")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
+    {
+        if (ids.Length == 0)
+        {
             return NoContent();
         }
 
-        /// <summary>
-        /// Deletes an item from the library and filesystem.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <response code="204">Item deleted.</response>
-        /// <response code="401">Unauthorized access.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("Items/{itemId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
-        public ActionResult DeleteItem(Guid itemId)
-        {
-            var item = _libraryManager.GetItemById(itemId);
+        foreach (var i in ids)
+        {
+            var item = _libraryManager.GetItemById(i);
             var user = _userManager.GetUserById(User.GetUserId());
 
             if (!item.CanDelete(user))
             {
-                return Unauthorized("Unauthorized access");
+                if (ids.Length > 1)
+                {
+                    return Unauthorized("Unauthorized access");
+                }
+
+                continue;
             }
 
             _libraryManager.DeleteItem(
                 item,
                 new DeleteOptions { DeleteFileLocation = true },
                 true);
-
-            return NoContent();
         }
 
-        /// <summary>
-        /// Deletes items from the library and filesystem.
-        /// </summary>
-        /// <param name="ids">The item ids.</param>
-        /// <response code="204">Items deleted.</response>
-        /// <response code="401">Unauthorized access.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("Items")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
-        public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
-        {
-            if (ids.Length == 0)
-            {
-                return NoContent();
-            }
-
-            foreach (var i in ids)
-            {
-                var item = _libraryManager.GetItemById(i);
-                var user = _userManager.GetUserById(User.GetUserId());
+        return NoContent();
+    }
 
-                if (!item.CanDelete(user))
-                {
-                    if (ids.Length > 1)
-                    {
-                        return Unauthorized("Unauthorized access");
-                    }
+    /// <summary>
+    /// Get item counts.
+    /// </summary>
+    /// <param name="userId">Optional. Get counts from a specific user's library.</param>
+    /// <param name="isFavorite">Optional. Get counts of favorite items.</param>
+    /// <response code="200">Item counts returned.</response>
+    /// <returns>Item counts.</returns>
+    [HttpGet("Items/Counts")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<ItemCounts> GetItemCounts(
+        [FromQuery] Guid? userId,
+        [FromQuery] bool? isFavorite)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
 
-                    continue;
-                }
+        var counts = new ItemCounts
+        {
+            AlbumCount = GetCount(BaseItemKind.MusicAlbum, user, isFavorite),
+            EpisodeCount = GetCount(BaseItemKind.Episode, user, isFavorite),
+            MovieCount = GetCount(BaseItemKind.Movie, user, isFavorite),
+            SeriesCount = GetCount(BaseItemKind.Series, user, isFavorite),
+            SongCount = GetCount(BaseItemKind.Audio, user, isFavorite),
+            MusicVideoCount = GetCount(BaseItemKind.MusicVideo, user, isFavorite),
+            BoxSetCount = GetCount(BaseItemKind.BoxSet, user, isFavorite),
+            BookCount = GetCount(BaseItemKind.Book, user, isFavorite)
+        };
+
+        return counts;
+    }
 
-                _libraryManager.DeleteItem(
-                    item,
-                    new DeleteOptions { DeleteFileLocation = true },
-                    true);
-            }
+    /// <summary>
+    /// Gets all parents of an item.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
+    /// <response code="200">Item parents returned.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>Item parents.</returns>
+    [HttpGet("Items/{itemId}/Ancestors")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
+    {
+        var item = _libraryManager.GetItemById(itemId);
 
-            return NoContent();
+        if (item is null)
+        {
+            return NotFound("Item not found");
         }
 
-        /// <summary>
-        /// Get item counts.
-        /// </summary>
-        /// <param name="userId">Optional. Get counts from a specific user's library.</param>
-        /// <param name="isFavorite">Optional. Get counts of favorite items.</param>
-        /// <response code="200">Item counts returned.</response>
-        /// <returns>Item counts.</returns>
-        [HttpGet("Items/Counts")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<ItemCounts> GetItemCounts(
-            [FromQuery] Guid? userId,
-            [FromQuery] bool? isFavorite)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-
-            var counts = new ItemCounts
-            {
-                AlbumCount = GetCount(BaseItemKind.MusicAlbum, user, isFavorite),
-                EpisodeCount = GetCount(BaseItemKind.Episode, user, isFavorite),
-                MovieCount = GetCount(BaseItemKind.Movie, user, isFavorite),
-                SeriesCount = GetCount(BaseItemKind.Series, user, isFavorite),
-                SongCount = GetCount(BaseItemKind.Audio, user, isFavorite),
-                MusicVideoCount = GetCount(BaseItemKind.MusicVideo, user, isFavorite),
-                BoxSetCount = GetCount(BaseItemKind.BoxSet, user, isFavorite),
-                BookCount = GetCount(BaseItemKind.Book, user, isFavorite)
-            };
-
-            return counts;
-        }
-
-        /// <summary>
-        /// Gets all parents of an item.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
-        /// <response code="200">Item parents returned.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>Item parents.</returns>
-        [HttpGet("Items/{itemId}/Ancestors")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
-        {
-            var item = _libraryManager.GetItemById(itemId);
-
-            if (item is null)
+        var baseItemDtos = new List<BaseItemDto>();
+
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
+
+        var dtoOptions = new DtoOptions().AddClientFields(User);
+        BaseItem? parent = item.GetParent();
+
+        while (parent is not null)
+        {
+            if (user is not null)
             {
-                return NotFound("Item not found");
+                parent = TranslateParentItem(parent, user);
             }
 
-            var baseItemDtos = new List<BaseItemDto>();
+            baseItemDtos.Add(_dtoService.GetBaseItemDto(parent, dtoOptions, user));
 
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
+            parent = parent?.GetParent();
+        }
 
-            var dtoOptions = new DtoOptions().AddClientFields(User);
-            BaseItem? parent = item.GetParent();
+        return baseItemDtos;
+    }
 
-            while (parent is not null)
-            {
-                if (user is not null)
-                {
-                    parent = TranslateParentItem(parent, user);
-                }
+    /// <summary>
+    /// Gets a list of physical paths from virtual folders.
+    /// </summary>
+    /// <response code="200">Physical paths returned.</response>
+    /// <returns>List of physical paths.</returns>
+    [HttpGet("Library/PhysicalPaths")]
+    [Authorize(Policy = Policies.RequiresElevation)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<IEnumerable<string>> GetPhysicalPaths()
+    {
+        return Ok(_libraryManager.RootFolder.Children
+            .SelectMany(c => c.PhysicalLocations));
+    }
 
-                baseItemDtos.Add(_dtoService.GetBaseItemDto(parent, dtoOptions, user));
+    /// <summary>
+    /// Gets all user media folders.
+    /// </summary>
+    /// <param name="isHidden">Optional. Filter by folders that are marked hidden, or not.</param>
+    /// <response code="200">Media folders returned.</response>
+    /// <returns>List of user media folders.</returns>
+    [HttpGet("Library/MediaFolders")]
+    [Authorize(Policy = Policies.RequiresElevation)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden)
+    {
+        var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
 
-                parent = parent?.GetParent();
-            }
+        if (isHidden.HasValue)
+        {
+            var val = isHidden.Value;
 
-            return baseItemDtos;
+            items = items.Where(i => i.IsHidden == val).ToList();
         }
 
-        /// <summary>
-        /// Gets a list of physical paths from virtual folders.
-        /// </summary>
-        /// <response code="200">Physical paths returned.</response>
-        /// <returns>List of physical paths.</returns>
-        [HttpGet("Library/PhysicalPaths")]
-        [Authorize(Policy = Policies.RequiresElevation)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<IEnumerable<string>> GetPhysicalPaths()
+        var dtoOptions = new DtoOptions().AddClientFields(User);
+        var resultArray = _dtoService.GetBaseItemDtos(items, dtoOptions);
+        return new QueryResult<BaseItemDto>(resultArray);
+    }
+
+    /// <summary>
+    /// Reports that new episodes of a series have been added by an external source.
+    /// </summary>
+    /// <param name="tvdbId">The tvdbId.</param>
+    /// <response code="204">Report success.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Library/Series/Added", Name = "PostAddedSeries")]
+    [HttpPost("Library/Series/Updated")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId)
+    {
+        var series = _libraryManager.GetItemList(new InternalItemsQuery
         {
-            return Ok(_libraryManager.RootFolder.Children
-                .SelectMany(c => c.PhysicalLocations));
-        }
+            IncludeItemTypes = new[] { BaseItemKind.Series },
+            DtoOptions = new DtoOptions(false)
+            {
+                EnableImages = false
+            }
+        }).Where(i => string.Equals(tvdbId, i.GetProviderId(MediaBrowser.Model.Entities.MetadataProvider.Tvdb), StringComparison.OrdinalIgnoreCase)).ToArray();
 
-        /// <summary>
-        /// Gets all user media folders.
-        /// </summary>
-        /// <param name="isHidden">Optional. Filter by folders that are marked hidden, or not.</param>
-        /// <response code="200">Media folders returned.</response>
-        /// <returns>List of user media folders.</returns>
-        [HttpGet("Library/MediaFolders")]
-        [Authorize(Policy = Policies.RequiresElevation)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden)
+        foreach (var item in series)
         {
-            var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
+            _libraryMonitor.ReportFileSystemChanged(item.Path);
+        }
 
-            if (isHidden.HasValue)
-            {
-                var val = isHidden.Value;
+        return NoContent();
+    }
 
-                items = items.Where(i => i.IsHidden == val).ToList();
+    /// <summary>
+    /// Reports that new movies have been added by an external source.
+    /// </summary>
+    /// <param name="tmdbId">The tmdbId.</param>
+    /// <param name="imdbId">The imdbId.</param>
+    /// <response code="204">Report success.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Library/Movies/Added", Name = "PostAddedMovies")]
+    [HttpPost("Library/Movies/Updated")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public ActionResult PostUpdatedMovies([FromQuery] string? tmdbId, [FromQuery] string? imdbId)
+    {
+        var movies = _libraryManager.GetItemList(new InternalItemsQuery
+        {
+            IncludeItemTypes = new[] { BaseItemKind.Movie },
+            DtoOptions = new DtoOptions(false)
+            {
+                EnableImages = false
             }
+        });
+
+        if (!string.IsNullOrWhiteSpace(imdbId))
+        {
+            movies = movies.Where(i => string.Equals(imdbId, i.GetProviderId(MediaBrowser.Model.Entities.MetadataProvider.Imdb), StringComparison.OrdinalIgnoreCase)).ToList();
+        }
+        else if (!string.IsNullOrWhiteSpace(tmdbId))
+        {
+            movies = movies.Where(i => string.Equals(tmdbId, i.GetProviderId(MediaBrowser.Model.Entities.MetadataProvider.Tmdb), StringComparison.OrdinalIgnoreCase)).ToList();
+        }
+        else
+        {
+            movies = new List<BaseItem>();
+        }
 
-            var dtoOptions = new DtoOptions().AddClientFields(User);
-            var resultArray = _dtoService.GetBaseItemDtos(items, dtoOptions);
-            return new QueryResult<BaseItemDto>(resultArray);
+        foreach (var item in movies)
+        {
+            _libraryMonitor.ReportFileSystemChanged(item.Path);
         }
 
-        /// <summary>
-        /// Reports that new episodes of a series have been added by an external source.
-        /// </summary>
-        /// <param name="tvdbId">The tvdbId.</param>
-        /// <response code="204">Report success.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Library/Series/Added", Name = "PostAddedSeries")]
-        [HttpPost("Library/Series/Updated")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId)
+        return NoContent();
+    }
+
+    /// <summary>
+    /// Reports that new movies have been added by an external source.
+    /// </summary>
+    /// <param name="dto">The update paths.</param>
+    /// <response code="204">Report success.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Library/Media/Updated")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto dto)
+    {
+        foreach (var item in dto.Updates)
         {
-            var series = _libraryManager.GetItemList(new InternalItemsQuery
-            {
-                IncludeItemTypes = new[] { BaseItemKind.Series },
-                DtoOptions = new DtoOptions(false)
-                {
-                    EnableImages = false
-                }
-            }).Where(i => string.Equals(tvdbId, i.GetProviderId(MediaBrowser.Model.Entities.MetadataProvider.Tvdb), StringComparison.OrdinalIgnoreCase)).ToArray();
+            _libraryMonitor.ReportFileSystemChanged(item.Path ?? throw new ArgumentException("Item path can't be null."));
+        }
 
-            foreach (var item in series)
-            {
-                _libraryMonitor.ReportFileSystemChanged(item.Path);
-            }
+        return NoContent();
+    }
 
-            return NoContent();
+    /// <summary>
+    /// Downloads item media.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <response code="200">Media downloaded.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>A <see cref="FileResult"/> containing the media stream.</returns>
+    /// <exception cref="ArgumentException">User can't download or item can't be downloaded.</exception>
+    [HttpGet("Items/{itemId}/Download")]
+    [Authorize(Policy = Policies.Download)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [ProducesFile("video/*", "audio/*")]
+    public async Task<ActionResult> GetDownload([FromRoute, Required] Guid itemId)
+    {
+        var item = _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
         }
 
-        /// <summary>
-        /// Reports that new movies have been added by an external source.
-        /// </summary>
-        /// <param name="tmdbId">The tmdbId.</param>
-        /// <param name="imdbId">The imdbId.</param>
-        /// <response code="204">Report success.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Library/Movies/Added", Name = "PostAddedMovies")]
-        [HttpPost("Library/Movies/Updated")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostUpdatedMovies([FromQuery] string? tmdbId, [FromQuery] string? imdbId)
-        {
-            var movies = _libraryManager.GetItemList(new InternalItemsQuery
-            {
-                IncludeItemTypes = new[] { BaseItemKind.Movie },
-                DtoOptions = new DtoOptions(false)
-                {
-                    EnableImages = false
-                }
-            });
+        var user = _userManager.GetUserById(User.GetUserId());
 
-            if (!string.IsNullOrWhiteSpace(imdbId))
-            {
-                movies = movies.Where(i => string.Equals(imdbId, i.GetProviderId(MediaBrowser.Model.Entities.MetadataProvider.Imdb), StringComparison.OrdinalIgnoreCase)).ToList();
-            }
-            else if (!string.IsNullOrWhiteSpace(tmdbId))
+        if (user is not null)
+        {
+            if (!item.CanDownload(user))
             {
-                movies = movies.Where(i => string.Equals(tmdbId, i.GetProviderId(MediaBrowser.Model.Entities.MetadataProvider.Tmdb), StringComparison.OrdinalIgnoreCase)).ToList();
+                throw new ArgumentException("Item does not support downloading");
             }
-            else
+        }
+        else
+        {
+            if (!item.CanDownload())
             {
-                movies = new List<BaseItem>();
+                throw new ArgumentException("Item does not support downloading");
             }
+        }
 
-            foreach (var item in movies)
-            {
-                _libraryMonitor.ReportFileSystemChanged(item.Path);
-            }
+        if (user is not null)
+        {
+            await LogDownloadAsync(item, user).ConfigureAwait(false);
+        }
 
-            return NoContent();
+        // Quotes are valid in linux. They'll possibly cause issues here.
+        var filename = Path.GetFileName(item.Path)?.Replace("\"", string.Empty, StringComparison.Ordinal);
+
+        return PhysicalFile(item.Path, MimeTypes.GetMimeType(item.Path), filename, true);
+    }
+
+    /// <summary>
+    /// Gets similar items.
+    /// </summary>
+    /// <param name="itemId">The item id.</param>
+    /// <param name="excludeArtistIds">Exclude artist ids.</param>
+    /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
+    /// <param name="limit">Optional. The maximum number of records to return.</param>
+    /// <param name="fields">Optional. Specify additional fields of information to return in the output. This allows multiple, comma delimited. Options: Budget, Chapters, DateCreated, Genres, HomePageUrl, IndexOptions, MediaStreams, Overview, ParentId, Path, People, ProviderIds, PrimaryImageAspectRatio, Revenue, SortName, Studios, Taglines, TrailerUrls.</param>
+    /// <response code="200">Similar items returned.</response>
+    /// <returns>A <see cref="QueryResult{BaseItemDto}"/> containing the similar items.</returns>
+    [HttpGet("Artists/{itemId}/Similar", Name = "GetSimilarArtists")]
+    [HttpGet("Items/{itemId}/Similar")]
+    [HttpGet("Albums/{itemId}/Similar", Name = "GetSimilarAlbums")]
+    [HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows")]
+    [HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies")]
+    [HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
+        [FromRoute, Required] Guid itemId,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] excludeArtistIds,
+        [FromQuery] Guid? userId,
+        [FromQuery] int? limit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields)
+    {
+        var item = itemId.Equals(default)
+            ? (userId is null || userId.Value.Equals(default)
+                ? _libraryManager.RootFolder
+                : _libraryManager.GetUserRootFolder())
+            : _libraryManager.GetItemById(itemId);
+
+        if (item is Episode || (item is IItemByName && item is not MusicArtist))
+        {
+            return new QueryResult<BaseItemDto>();
         }
 
-        /// <summary>
-        /// Reports that new movies have been added by an external source.
-        /// </summary>
-        /// <param name="dto">The update paths.</param>
-        /// <response code="204">Report success.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Library/Media/Updated")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto dto)
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
+        var dtoOptions = new DtoOptions { Fields = fields }
+            .AddClientFields(User);
+
+        var program = item as IHasProgramAttributes;
+        bool? isMovie = item is Movie || (program is not null && program.IsMovie) || item is Trailer;
+        bool? isSeries = item is Series || (program is not null && program.IsSeries);
+
+        var includeItemTypes = new List<BaseItemKind>();
+        if (isMovie.Value)
         {
-            foreach (var item in dto.Updates)
+            includeItemTypes.Add(BaseItemKind.Movie);
+            if (_serverConfigurationManager.Configuration.EnableExternalContentInSuggestions)
             {
-                _libraryMonitor.ReportFileSystemChanged(item.Path ?? throw new ArgumentException("Item path can't be null."));
+                includeItemTypes.Add(BaseItemKind.Trailer);
+                includeItemTypes.Add(BaseItemKind.LiveTvProgram);
             }
-
-            return NoContent();
+        }
+        else if (isSeries.Value)
+        {
+            includeItemTypes.Add(BaseItemKind.Series);
+        }
+        else
+        {
+            // For non series and movie types these columns are typically null
+            // isSeries = null;
+            isMovie = null;
+            includeItemTypes.Add(item.GetBaseItemKind());
         }
 
-        /// <summary>
-        /// Downloads item media.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <response code="200">Media downloaded.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>A <see cref="FileResult"/> containing the media stream.</returns>
-        /// <exception cref="ArgumentException">User can't download or item can't be downloaded.</exception>
-        [HttpGet("Items/{itemId}/Download")]
-        [Authorize(Policy = Policies.Download)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesFile("video/*", "audio/*")]
-        public async Task<ActionResult> GetDownload([FromRoute, Required] Guid itemId)
-        {
-            var item = _libraryManager.GetItemById(itemId);
-            if (item is null)
-            {
-                return NotFound();
-            }
+        var query = new InternalItemsQuery(user)
+        {
+            Genres = item.Genres,
+            Limit = limit,
+            IncludeItemTypes = includeItemTypes.ToArray(),
+            SimilarTo = item,
+            DtoOptions = dtoOptions,
+            EnableTotalRecordCount = !isMovie ?? true,
+            EnableGroupByMetadataKey = isMovie ?? false,
+            MinSimilarityScore = 2 // A remnant from album/artist scoring
+        };
+
+        // ExcludeArtistIds
+        if (excludeArtistIds.Length != 0)
+        {
+            query.ExcludeArtistIds = excludeArtistIds;
+        }
 
-            var user = _userManager.GetUserById(User.GetUserId());
+        List<BaseItem> itemsResult = _libraryManager.GetItemList(query);
 
-            if (user is not null)
-            {
-                if (!item.CanDownload(user))
-                {
-                    throw new ArgumentException("Item does not support downloading");
-                }
-            }
-            else
-            {
-                if (!item.CanDownload())
-                {
-                    throw new ArgumentException("Item does not support downloading");
-                }
-            }
+        var returnList = _dtoService.GetBaseItemDtos(itemsResult, dtoOptions, user);
 
-            if (user is not null)
-            {
-                await LogDownloadAsync(item, user).ConfigureAwait(false);
-            }
+        return new QueryResult<BaseItemDto>(
+            query.StartIndex,
+            itemsResult.Count,
+            returnList);
+    }
 
-            // Quotes are valid in linux. They'll possibly cause issues here.
-            var filename = Path.GetFileName(item.Path)?.Replace("\"", string.Empty, StringComparison.Ordinal);
-
-            return PhysicalFile(item.Path, MimeTypes.GetMimeType(item.Path), filename, true);
-        }
-
-        /// <summary>
-        /// Gets similar items.
-        /// </summary>
-        /// <param name="itemId">The item id.</param>
-        /// <param name="excludeArtistIds">Exclude artist ids.</param>
-        /// <param name="userId">Optional. Filter by user id, and attach user data.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="fields">Optional. Specify additional fields of information to return in the output. This allows multiple, comma delimited. Options: Budget, Chapters, DateCreated, Genres, HomePageUrl, IndexOptions, MediaStreams, Overview, ParentId, Path, People, ProviderIds, PrimaryImageAspectRatio, Revenue, SortName, Studios, Taglines, TrailerUrls.</param>
-        /// <response code="200">Similar items returned.</response>
-        /// <returns>A <see cref="QueryResult{BaseItemDto}"/> containing the similar items.</returns>
-        [HttpGet("Artists/{itemId}/Similar", Name = "GetSimilarArtists")]
-        [HttpGet("Items/{itemId}/Similar")]
-        [HttpGet("Albums/{itemId}/Similar", Name = "GetSimilarAlbums")]
-        [HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows")]
-        [HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies")]
-        [HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
-            [FromRoute, Required] Guid itemId,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] excludeArtistIds,
-            [FromQuery] Guid? userId,
-            [FromQuery] int? limit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields)
-        {
-            var item = itemId.Equals(default)
-                ? (userId is null || userId.Value.Equals(default)
-                    ? _libraryManager.RootFolder
-                    : _libraryManager.GetUserRootFolder())
-                : _libraryManager.GetItemById(itemId);
-
-            if (item is Episode || (item is IItemByName && item is not MusicArtist))
-            {
-                return new QueryResult<BaseItemDto>();
-            }
+    /// <summary>
+    /// Gets the library options info.
+    /// </summary>
+    /// <param name="libraryContentType">Library content type.</param>
+    /// <param name="isNewLibrary">Whether this is a new library.</param>
+    /// <response code="200">Library options info returned.</response>
+    /// <returns>Library options info.</returns>
+    [HttpGet("Libraries/AvailableOptions")]
+    [Authorize(Policy = Policies.FirstTimeSetupOrDefault)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<LibraryOptionsResultDto> GetLibraryOptionsInfo(
+        [FromQuery] string? libraryContentType,
+        [FromQuery] bool isNewLibrary = false)
+    {
+        var result = new LibraryOptionsResultDto();
 
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-            var dtoOptions = new DtoOptions { Fields = fields }
-                .AddClientFields(User);
+        var types = GetRepresentativeItemTypes(libraryContentType);
+        var typesList = types.ToList();
 
-            var program = item as IHasProgramAttributes;
-            bool? isMovie = item is Movie || (program is not null && program.IsMovie) || item is Trailer;
-            bool? isSeries = item is Series || (program is not null && program.IsSeries);
+        var plugins = _providerManager.GetAllMetadataPlugins()
+            .Where(i => types.Contains(i.ItemType, StringComparison.OrdinalIgnoreCase))
+            .OrderBy(i => typesList.IndexOf(i.ItemType))
+            .ToList();
 
-            var includeItemTypes = new List<BaseItemKind>();
-            if (isMovie.Value)
+        result.MetadataSavers = plugins
+            .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataSaver))
+            .Select(i => new LibraryOptionInfoDto
             {
-                includeItemTypes.Add(BaseItemKind.Movie);
-                if (_serverConfigurationManager.Configuration.EnableExternalContentInSuggestions)
-                {
-                    includeItemTypes.Add(BaseItemKind.Trailer);
-                    includeItemTypes.Add(BaseItemKind.LiveTvProgram);
-                }
-            }
-            else if (isSeries.Value)
-            {
-                includeItemTypes.Add(BaseItemKind.Series);
-            }
-            else
-            {
-                // For non series and movie types these columns are typically null
-                // isSeries = null;
-                isMovie = null;
-                includeItemTypes.Add(item.GetBaseItemKind());
-            }
+                Name = i.Name,
+                DefaultEnabled = IsSaverEnabledByDefault(i.Name, types, isNewLibrary)
+            })
+            .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
 
-            var query = new InternalItemsQuery(user)
-            {
-                Genres = item.Genres,
-                Limit = limit,
-                IncludeItemTypes = includeItemTypes.ToArray(),
-                SimilarTo = item,
-                DtoOptions = dtoOptions,
-                EnableTotalRecordCount = !isMovie ?? true,
-                EnableGroupByMetadataKey = isMovie ?? false,
-                MinSimilarityScore = 2 // A remnant from album/artist scoring
-            };
-
-            // ExcludeArtistIds
-            if (excludeArtistIds.Length != 0)
+        result.MetadataReaders = plugins
+            .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.LocalMetadataProvider))
+            .Select(i => new LibraryOptionInfoDto
             {
-                query.ExcludeArtistIds = excludeArtistIds;
-            }
-
-            List<BaseItem> itemsResult = _libraryManager.GetItemList(query);
+                Name = i.Name,
+                DefaultEnabled = true
+            })
+            .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
 
-            var returnList = _dtoService.GetBaseItemDtos(itemsResult, dtoOptions, user);
+        result.SubtitleFetchers = plugins
+            .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.SubtitleFetcher))
+            .Select(i => new LibraryOptionInfoDto
+            {
+                Name = i.Name,
+                DefaultEnabled = true
+            })
+            .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
 
-            return new QueryResult<BaseItemDto>(
-                query.StartIndex,
-                itemsResult.Count,
-                returnList);
-        }
+        var typeOptions = new List<LibraryTypeOptionsDto>();
 
-        /// <summary>
-        /// Gets the library options info.
-        /// </summary>
-        /// <param name="libraryContentType">Library content type.</param>
-        /// <param name="isNewLibrary">Whether this is a new library.</param>
-        /// <response code="200">Library options info returned.</response>
-        /// <returns>Library options info.</returns>
-        [HttpGet("Libraries/AvailableOptions")]
-        [Authorize(Policy = Policies.FirstTimeSetupOrDefault)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<LibraryOptionsResultDto> GetLibraryOptionsInfo(
-            [FromQuery] string? libraryContentType,
-            [FromQuery] bool isNewLibrary = false)
+        foreach (var type in types)
         {
-            var result = new LibraryOptionsResultDto();
-
-            var types = GetRepresentativeItemTypes(libraryContentType);
-            var typesList = types.ToList();
+            TypeOptions.DefaultImageOptions.TryGetValue(type, out var defaultImageOptions);
 
-            var plugins = _providerManager.GetAllMetadataPlugins()
-                .Where(i => types.Contains(i.ItemType, StringComparison.OrdinalIgnoreCase))
-                .OrderBy(i => typesList.IndexOf(i.ItemType))
-                .ToList();
+            typeOptions.Add(new LibraryTypeOptionsDto
+            {
+                Type = type,
 
-            result.MetadataSavers = plugins
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataSaver))
+                MetadataFetchers = plugins
+                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
                 .Select(i => new LibraryOptionInfoDto
                 {
                     Name = i.Name,
-                    DefaultEnabled = IsSaverEnabledByDefault(i.Name, types, isNewLibrary)
+                    DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
                 })
                 .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray();
+                .ToArray(),
 
-            result.MetadataReaders = plugins
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.LocalMetadataProvider))
+                ImageFetchers = plugins
+                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
                 .Select(i => new LibraryOptionInfoDto
                 {
                     Name = i.Name,
-                    DefaultEnabled = true
+                    DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
                 })
                 .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray();
+                .ToArray(),
 
-            result.SubtitleFetchers = plugins
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.SubtitleFetcher))
-                .Select(i => new LibraryOptionInfoDto
-                {
-                    Name = i.Name,
-                    DefaultEnabled = true
-                })
-                .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray();
+                SupportedImageTypes = plugins
+                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
+                .Distinct()
+                .ToArray(),
 
-            var typeOptions = new List<LibraryTypeOptionsDto>();
+                DefaultImageOptions = defaultImageOptions ?? Array.Empty<ImageOption>()
+            });
+        }
 
-            foreach (var type in types)
-            {
-                TypeOptions.DefaultImageOptions.TryGetValue(type, out var defaultImageOptions);
+        result.TypeOptions = typeOptions.ToArray();
 
-                typeOptions.Add(new LibraryTypeOptionsDto
-                {
-                    Type = type,
-
-                    MetadataFetchers = plugins
-                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                    .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
-                    .Select(i => new LibraryOptionInfoDto
-                    {
-                        Name = i.Name,
-                        DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
-                    })
-                    .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                    .ToArray(),
-
-                    ImageFetchers = plugins
-                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                    .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
-                    .Select(i => new LibraryOptionInfoDto
-                    {
-                        Name = i.Name,
-                        DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
-                    })
-                    .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                    .ToArray(),
-
-                    SupportedImageTypes = plugins
-                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                    .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
-                    .Distinct()
-                    .ToArray(),
-
-                    DefaultImageOptions = defaultImageOptions ?? Array.Empty<ImageOption>()
-                });
+        return result;
+    }
+
+    private int GetCount(BaseItemKind itemKind, User? user, bool? isFavorite)
+    {
+        var query = new InternalItemsQuery(user)
+        {
+            IncludeItemTypes = new[] { itemKind },
+            Limit = 0,
+            Recursive = true,
+            IsVirtualItem = false,
+            IsFavorite = isFavorite,
+            DtoOptions = new DtoOptions(false)
+            {
+                EnableImages = false
             }
+        };
 
-            result.TypeOptions = typeOptions.ToArray();
+        return _libraryManager.GetItemsResult(query).TotalRecordCount;
+    }
 
-            return result;
-        }
+    private BaseItem? TranslateParentItem(BaseItem item, User user)
+    {
+        return item.GetParent() is AggregateFolder
+            ? _libraryManager.GetUserRootFolder().GetChildren(user, true)
+                .FirstOrDefault(i => i.PhysicalLocations.Contains(item.Path))
+            : item;
+    }
 
-        private int GetCount(BaseItemKind itemKind, User? user, bool? isFavorite)
+    private async Task LogDownloadAsync(BaseItem item, User user)
+    {
+        try
         {
-            var query = new InternalItemsQuery(user)
+            await _activityManager.CreateAsync(new ActivityLog(
+                string.Format(CultureInfo.InvariantCulture, _localization.GetLocalizedString("UserDownloadingItemWithValues"), user.Username, item.Name),
+                "UserDownloadingContent",
+                User.GetUserId())
             {
-                IncludeItemTypes = new[] { itemKind },
-                Limit = 0,
-                Recursive = true,
-                IsVirtualItem = false,
-                IsFavorite = isFavorite,
-                DtoOptions = new DtoOptions(false)
-                {
-                    EnableImages = false
-                }
-            };
-
-            return _libraryManager.GetItemsResult(query).TotalRecordCount;
+                ShortOverview = string.Format(CultureInfo.InvariantCulture, _localization.GetLocalizedString("AppDeviceValues"), User.GetClient(), User.GetDevice()),
+            }).ConfigureAwait(false);
         }
-
-        private BaseItem? TranslateParentItem(BaseItem item, User user)
+        catch
         {
-            return item.GetParent() is AggregateFolder
-                ? _libraryManager.GetUserRootFolder().GetChildren(user, true)
-                    .FirstOrDefault(i => i.PhysicalLocations.Contains(item.Path))
-                : item;
+            // Logged at lower levels
         }
+    }
 
-        private async Task LogDownloadAsync(BaseItem item, User user)
+    private static string[] GetRepresentativeItemTypes(string? contentType)
+    {
+        return contentType switch
         {
-            try
-            {
-                await _activityManager.CreateAsync(new ActivityLog(
-                    string.Format(CultureInfo.InvariantCulture, _localization.GetLocalizedString("UserDownloadingItemWithValues"), user.Username, item.Name),
-                    "UserDownloadingContent",
-                    User.GetUserId())
-                {
-                    ShortOverview = string.Format(CultureInfo.InvariantCulture, _localization.GetLocalizedString("AppDeviceValues"), User.GetClient(), User.GetDevice()),
-                }).ConfigureAwait(false);
-            }
-            catch
-            {
-                // Logged at lower levels
-            }
-        }
+            CollectionType.BoxSets => new[] { "BoxSet" },
+            CollectionType.Playlists => new[] { "Playlist" },
+            CollectionType.Movies => new[] { "Movie" },
+            CollectionType.TvShows => new[] { "Series", "Season", "Episode" },
+            CollectionType.Books => new[] { "Book" },
+            CollectionType.Music => new[] { "MusicArtist", "MusicAlbum", "Audio", "MusicVideo" },
+            CollectionType.HomeVideos => new[] { "Video", "Photo" },
+            CollectionType.Photos => new[] { "Video", "Photo" },
+            CollectionType.MusicVideos => new[] { "MusicVideo" },
+            _ => new[] { "Series", "Season", "Episode", "Movie" }
+        };
+    }
 
-        private static string[] GetRepresentativeItemTypes(string? contentType)
+    private bool IsSaverEnabledByDefault(string name, string[] itemTypes, bool isNewLibrary)
+    {
+        if (isNewLibrary)
         {
-            return contentType switch
-            {
-                CollectionType.BoxSets => new[] { "BoxSet" },
-                CollectionType.Playlists => new[] { "Playlist" },
-                CollectionType.Movies => new[] { "Movie" },
-                CollectionType.TvShows => new[] { "Series", "Season", "Episode" },
-                CollectionType.Books => new[] { "Book" },
-                CollectionType.Music => new[] { "MusicArtist", "MusicAlbum", "Audio", "MusicVideo" },
-                CollectionType.HomeVideos => new[] { "Video", "Photo" },
-                CollectionType.Photos => new[] { "Video", "Photo" },
-                CollectionType.MusicVideos => new[] { "MusicVideo" },
-                _ => new[] { "Series", "Season", "Episode", "Movie" }
-            };
-        }
-
-        private bool IsSaverEnabledByDefault(string name, string[] itemTypes, bool isNewLibrary)
-        {
-            if (isNewLibrary)
-            {
-                return false;
-            }
+            return false;
+        }
 
-            var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
-                .Where(i => itemTypes.Contains(i.ItemType ?? string.Empty, StringComparison.OrdinalIgnoreCase))
-                .ToArray();
+        var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
+            .Where(i => itemTypes.Contains(i.ItemType ?? string.Empty, StringComparison.OrdinalIgnoreCase))
+            .ToArray();
 
-            return metadataOptions.Length == 0 || metadataOptions.Any(i => !i.DisabledMetadataSavers.Contains(name, StringComparison.OrdinalIgnoreCase));
-        }
+        return metadataOptions.Length == 0 || metadataOptions.Any(i => !i.DisabledMetadataSavers.Contains(name, StringComparison.OrdinalIgnoreCase));
+    }
 
-        private bool IsMetadataFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
+    private bool IsMetadataFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
+    {
+        if (isNewLibrary)
         {
-            if (isNewLibrary)
+            if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
             {
-                if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
-                {
-                    return !(string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
-                         || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
-                         || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
-                }
-
-                return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
-                   || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
-                   || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
+                return !(string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
+                     || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
+                     || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
             }
 
-            var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .ToArray();
-
-            return metadataOptions.Length == 0
-               || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+            return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
+               || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
+               || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
         }
 
-        private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
+        var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
+            .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+            .ToArray();
+
+        return metadataOptions.Length == 0
+           || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+    }
+
+    private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
+    {
+        if (isNewLibrary)
         {
-            if (isNewLibrary)
+            if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
             {
-                if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
-                {
-                    return !string.Equals(type, "Series", StringComparison.OrdinalIgnoreCase)
-                           && !string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
-                           && !string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
-                           && !string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase);
-                }
-
-                return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
-                       || string.Equals(name, "Screen Grabber", StringComparison.OrdinalIgnoreCase)
-                       || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
-                       || string.Equals(name, "Image Extractor", StringComparison.OrdinalIgnoreCase);
+                return !string.Equals(type, "Series", StringComparison.OrdinalIgnoreCase)
+                       && !string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
+                       && !string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
+                       && !string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase);
             }
 
-            var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .ToArray();
+            return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
+                   || string.Equals(name, "Screen Grabber", StringComparison.OrdinalIgnoreCase)
+                   || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
+                   || string.Equals(name, "Image Extractor", StringComparison.OrdinalIgnoreCase);
+        }
 
-            if (metadataOptions.Length == 0)
-            {
-                return true;
-            }
+        var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
+            .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+            .ToArray();
 
-            return metadataOptions.Any(i => !i.DisabledImageFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+        if (metadataOptions.Length == 0)
+        {
+            return true;
         }
+
+        return metadataOptions.Any(i => !i.DisabledImageFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
     }
 }
-- 
cgit v1.2.3


From dfea1229e12764a77f5d392194b1848f80b87042 Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Tue, 31 Jan 2023 12:30:35 +0100
Subject: Cleanup imports

---
 Jellyfin.Api/Controllers/ClientLogController.cs            | 1 -
 Jellyfin.Api/Controllers/ItemLookupController.cs           | 1 -
 Jellyfin.Api/Controllers/ItemsController.cs                | 1 -
 Jellyfin.Api/Controllers/LibraryController.cs              | 2 --
 Jellyfin.Api/Controllers/PluginsController.cs              | 1 -
 Jellyfin.Api/Controllers/QuickConnectController.cs         | 1 -
 Jellyfin.Api/Controllers/TrailersController.cs             | 1 -
 Jellyfin.Api/Controllers/UserLibraryController.cs          | 1 -
 Jellyfin.Api/Controllers/VideosController.cs               | 1 -
 Jellyfin.Api/Extensions/DtoExtensions.cs                   | 1 -
 Jellyfin.Api/Models/LiveTvDtos/ChannelMappingOptionsDto.cs | 1 -
 11 files changed, 12 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Controllers/ClientLogController.cs b/Jellyfin.Api/Controllers/ClientLogController.cs
index 57c2071b8..21c31bc93 100644
--- a/Jellyfin.Api/Controllers/ClientLogController.cs
+++ b/Jellyfin.Api/Controllers/ClientLogController.cs
@@ -3,7 +3,6 @@ using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
-using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.ClientLogDtos;
 using MediaBrowser.Controller.ClientEvent;
 using MediaBrowser.Controller.Configuration;
diff --git a/Jellyfin.Api/Controllers/ItemLookupController.cs b/Jellyfin.Api/Controllers/ItemLookupController.cs
index c8468e9f2..c2ce4e67e 100644
--- a/Jellyfin.Api/Controllers/ItemLookupController.cs
+++ b/Jellyfin.Api/Controllers/ItemLookupController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 44080353d..134974dbe 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 916aaf6ba..830f84849 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -4,8 +4,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.IO;
 using System.Linq;
-using System.Net;
-using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index 53f5991ad..5a037d7a6 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Linq;
 using System.Text.Json;
diff --git a/Jellyfin.Api/Controllers/QuickConnectController.cs b/Jellyfin.Api/Controllers/QuickConnectController.cs
index ce58725c3..a58e85b2b 100644
--- a/Jellyfin.Api/Controllers/QuickConnectController.cs
+++ b/Jellyfin.Api/Controllers/QuickConnectController.cs
@@ -3,7 +3,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
-using Jellyfin.Api.Helpers;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
diff --git a/Jellyfin.Api/Controllers/TrailersController.cs b/Jellyfin.Api/Controllers/TrailersController.cs
index 761f6edbc..115efcd8f 100644
--- a/Jellyfin.Api/Controllers/TrailersController.cs
+++ b/Jellyfin.Api/Controllers/TrailersController.cs
@@ -1,5 +1,4 @@
 using System;
-using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 0727f36d7..556cf3894 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -7,7 +7,6 @@ using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
-using Jellyfin.Api.Models.UserDtos;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 36bfc0dd1..01a319879 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -21,7 +21,6 @@ using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.MediaEncoding;
-using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.Dlna;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
diff --git a/Jellyfin.Api/Extensions/DtoExtensions.cs b/Jellyfin.Api/Extensions/DtoExtensions.cs
index 3cd3be111..2d7a56d91 100644
--- a/Jellyfin.Api/Extensions/DtoExtensions.cs
+++ b/Jellyfin.Api/Extensions/DtoExtensions.cs
@@ -5,7 +5,6 @@ using Jellyfin.Extensions;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Model.Entities;
 using MediaBrowser.Model.Querying;
-using Microsoft.AspNetCore.Http;
 
 namespace Jellyfin.Api.Extensions;
 
diff --git a/Jellyfin.Api/Models/LiveTvDtos/ChannelMappingOptionsDto.cs b/Jellyfin.Api/Models/LiveTvDtos/ChannelMappingOptionsDto.cs
index a2a4d375c..75222ed01 100644
--- a/Jellyfin.Api/Models/LiveTvDtos/ChannelMappingOptionsDto.cs
+++ b/Jellyfin.Api/Models/LiveTvDtos/ChannelMappingOptionsDto.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
 using MediaBrowser.Controller.LiveTv;
 using MediaBrowser.Model.Dto;
 
-- 
cgit v1.2.3


From 52230d1c30b76f34132c8c3ad21a09deea72d9d8 Mon Sep 17 00:00:00 2001
From: Bond_009 <bond.009@outlook.com>
Date: Sat, 4 Feb 2023 17:56:12 +0100
Subject: Return NotFound when itemId isn't found

---
 .../SyncPlayAccessPolicy/SyncPlayAccessHandler.cs  |   5 +
 Jellyfin.Api/Controllers/ImageController.cs        |  14 ++-
 Jellyfin.Api/Controllers/ItemsController.cs        |   5 +
 Jellyfin.Api/Controllers/LibraryController.cs      |   4 +
 Jellyfin.Api/Controllers/LiveTvController.cs       |   2 +-
 Jellyfin.Api/Controllers/MusicGenresController.cs  |   5 +
 Jellyfin.Api/Controllers/PlaystateController.cs    |  20 ++++
 Jellyfin.Api/Controllers/SessionController.cs      |   4 +
 Jellyfin.Api/Controllers/UserController.cs         |  25 +++-
 Jellyfin.Api/Controllers/UserLibraryController.cs  |  41 +++++++
 Jellyfin.Api/Controllers/VideosController.cs       |   7 +-
 Jellyfin.Api/Helpers/MediaInfoHelper.cs            |   2 +-
 Jellyfin.Api/Helpers/RequestHelpers.cs             |   7 +-
 Jellyfin.Api/Models/UserDtos/CreateUserByName.cs   |   7 +-
 Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs  |   2 +-
 .../Models/UserDtos/ForgotPasswordPinDto.cs        |   2 +-
 .../Devices/DeviceManager.cs                       |   5 +
 MediaBrowser.Controller/Dto/IDtoService.cs         |   7 +-
 MediaBrowser.Controller/Library/IUserManager.cs    |  10 +-
 .../Library/LibraryManagerExtensions.cs            |   4 +-
 .../AuthHelper.cs                                  |  28 +++++
 .../Controllers/MusicGenreControllerTests.cs       |  26 +++++
 .../Controllers/UserControllerTests.cs             |  12 +-
 .../Controllers/UserLibraryControllerTests.cs      | 129 +++++++++++++++++++++
 .../Controllers/VideosControllerTests.cs           |  27 +++++
 25 files changed, 370 insertions(+), 30 deletions(-)
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
index cdd7d8a52..2ef244a0a 100644
--- a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
+++ b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
@@ -2,6 +2,7 @@
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.SyncPlay;
@@ -47,6 +48,10 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
 
             var userId = context.User.GetUserId();
             var user = _userManager.GetUserById(userId);
+            if (user is null)
+            {
+                throw new ResourceNotFoundException();
+            }
 
             if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
             {
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index cc824c65a..7261c47e9 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -99,12 +99,17 @@ public class ImageController : BaseJellyfinApiController
         [FromRoute, Required] ImageType imageType,
         [FromQuery] int? index = null)
     {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
         }
 
-        var user = _userManager.GetUserById(userId);
         var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
         await using (memoryStream.ConfigureAwait(false))
         {
@@ -148,12 +153,17 @@ public class ImageController : BaseJellyfinApiController
         [FromRoute, Required] ImageType imageType,
         [FromRoute] int index)
     {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
         }
 
-        var user = _userManager.GetUserById(userId);
         var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
         await using (memoryStream.ConfigureAwait(false))
         {
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 134974dbe..1bfc111af 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -815,6 +815,11 @@ public class ItemsController : BaseJellyfinApiController
         [FromQuery] bool excludeActiveSessions = false)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var parentIdGuid = parentId ?? Guid.Empty;
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 830f84849..a311554b4 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -452,6 +452,10 @@ public class LibraryController : BaseJellyfinApiController
             if (user is not null)
             {
                 parent = TranslateParentItem(parent, user);
+                if (parent is null)
+                {
+                    break;
+                }
             }
 
             baseItemDtos.Add(_dtoService.GetBaseItemDto(parent, dtoOptions, user));
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 21b424346..1aa1d8a10 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -1211,7 +1211,7 @@ public class LiveTvController : BaseJellyfinApiController
 
     private async Task AssertUserCanManageLiveTv()
     {
-        var user = _userManager.GetUserById(User.GetUserId());
+        var user = _userManager.GetUserById(User.GetUserId()) ?? throw new ResourceNotFoundException();
         var session = await _sessionManager.LogSessionActivity(
             User.GetClient(),
             User.GetVersion(),
diff --git a/Jellyfin.Api/Controllers/MusicGenresController.cs b/Jellyfin.Api/Controllers/MusicGenresController.cs
index 302f138eb..b08c8c447 100644
--- a/Jellyfin.Api/Controllers/MusicGenresController.cs
+++ b/Jellyfin.Api/Controllers/MusicGenresController.cs
@@ -158,6 +158,11 @@ public class MusicGenresController : BaseJellyfinApiController
             item = _libraryManager.GetMusicGenre(genreName);
         }
 
+        if (item is null)
+        {
+            return NotFound();
+        }
+
         if (userId.HasValue && !userId.Value.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index 18d6ebf1e..ea8a59cfd 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -77,6 +77,11 @@ public class PlaystateController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(LegacyDateTimeModelBinder))] DateTime? datePlayed)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var session = await RequestHelpers.GetSession(_sessionManager, _userManager, HttpContext).ConfigureAwait(false);
 
         var item = _libraryManager.GetItemById(itemId);
@@ -89,6 +94,11 @@ public class PlaystateController : BaseJellyfinApiController
         foreach (var additionalUserInfo in session.AdditionalUsers)
         {
             var additionalUser = _userManager.GetUserById(additionalUserInfo.UserId);
+            if (additionalUser is null)
+            {
+                return NotFound();
+            }
+
             UpdatePlayedStatus(additionalUser, item, true, datePlayed);
         }
 
@@ -109,6 +119,11 @@ public class PlaystateController : BaseJellyfinApiController
     public async Task<ActionResult<UserItemDataDto>> MarkUnplayedItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var session = await RequestHelpers.GetSession(_sessionManager, _userManager, HttpContext).ConfigureAwait(false);
         var item = _libraryManager.GetItemById(itemId);
 
@@ -121,6 +136,11 @@ public class PlaystateController : BaseJellyfinApiController
         foreach (var additionalUserInfo in session.AdditionalUsers)
         {
             var additionalUser = _userManager.GetUserById(additionalUserInfo.UserId);
+            if (additionalUser is null)
+            {
+                return NotFound();
+            }
+
             UpdatePlayedStatus(additionalUser, item, false, null);
         }
 
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index ef3364478..782fcadbb 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -75,6 +75,10 @@ public class SessionController : BaseJellyfinApiController
             result = result.Where(i => i.SupportsRemoteControl);
 
             var user = _userManager.GetUserById(controllableByUserId.Value);
+            if (user is null)
+            {
+                return NotFound();
+            }
 
             if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
             {
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 7f184f31e..911e50132 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -147,6 +147,11 @@ public class UserController : BaseJellyfinApiController
     public async Task<ActionResult> DeleteUser([FromRoute, Required] Guid userId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         await _sessionManager.RevokeUserTokens(user.Id, null).ConfigureAwait(false);
         await _userManager.DeleteUserAsync(userId).ConfigureAwait(false);
         return NoContent();
@@ -281,8 +286,8 @@ public class UserController : BaseJellyfinApiController
             {
                 var success = await _userManager.AuthenticateUser(
                     user.Username,
-                    request.CurrentPw,
-                    request.CurrentPw,
+                    request.CurrentPw ?? string.Empty,
+                    request.CurrentPw ?? string.Empty,
                     HttpContext.GetNormalizedRemoteIp().ToString(),
                     false).ConfigureAwait(false);
 
@@ -292,7 +297,7 @@ public class UserController : BaseJellyfinApiController
                 }
             }
 
-            await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
+            await _userManager.ChangePassword(user, request.NewPw ?? string.Empty).ConfigureAwait(false);
 
             var currentToken = User.GetToken();
 
@@ -338,7 +343,7 @@ public class UserController : BaseJellyfinApiController
         }
         else
         {
-            await _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword).ConfigureAwait(false);
+            await _userManager.ChangeEasyPassword(user, request.NewPw ?? string.Empty, request.NewPassword ?? string.Empty).ConfigureAwait(false);
         }
 
         return NoContent();
@@ -362,13 +367,17 @@ public class UserController : BaseJellyfinApiController
         [FromRoute, Required] Guid userId,
         [FromBody, Required] UserDto updateUser)
     {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
         }
 
-        var user = _userManager.GetUserById(userId);
-
         if (!string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
         {
             await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
@@ -398,6 +407,10 @@ public class UserController : BaseJellyfinApiController
         [FromBody, Required] UserPolicy newPolicy)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         // If removing admin access
         if (!newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator))
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 556cf3894..1e54a9781 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -79,10 +79,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public async Task<ActionResult<BaseItemDto>> GetItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         await RefreshItemOnDemandIfNeeded(item).ConfigureAwait(false);
 
@@ -102,6 +110,11 @@ public class UserLibraryController : BaseJellyfinApiController
     public ActionResult<BaseItemDto> GetRootFolder([FromRoute, Required] Guid userId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var item = _libraryManager.GetUserRootFolder();
         var dtoOptions = new DtoOptions().AddClientFields(User);
         return _dtoService.GetBaseItemDto(item, dtoOptions, user);
@@ -119,10 +132,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetIntros([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         var items = await _libraryManager.GetIntros(item, user).ConfigureAwait(false);
         var dtoOptions = new DtoOptions().AddClientFields(User);
@@ -200,10 +221,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public ActionResult<IEnumerable<BaseItemDto>> GetLocalTrailers([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
@@ -230,10 +259,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public ActionResult<IEnumerable<BaseItemDto>> GetSpecialFeatures([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
@@ -275,6 +312,10 @@ public class UserLibraryController : BaseJellyfinApiController
         [FromQuery] bool groupItems = true)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         if (!isPlayed.HasValue)
         {
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 01a319879..12aa47ead 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -155,7 +155,12 @@ public class VideosController : BaseJellyfinApiController
 
         if (video.LinkedAlternateVersions.Length == 0)
         {
-            video = (Video)_libraryManager.GetItemById(video.PrimaryVersionId);
+            video = (Video?)_libraryManager.GetItemById(video.PrimaryVersionId);
+        }
+
+        if (video is null)
+        {
+            return NotFound();
         }
 
         foreach (var link in video.GetLinkedAlternateVersions())
diff --git a/Jellyfin.Api/Helpers/MediaInfoHelper.cs b/Jellyfin.Api/Helpers/MediaInfoHelper.cs
index df37d96c6..5910d8073 100644
--- a/Jellyfin.Api/Helpers/MediaInfoHelper.cs
+++ b/Jellyfin.Api/Helpers/MediaInfoHelper.cs
@@ -200,7 +200,7 @@ public class MediaInfoHelper
             options.SubtitleStreamIndex = subtitleStreamIndex;
         }
 
-        var user = _userManager.GetUserById(userId);
+        var user = _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException();
 
         if (!enableDirectPlay)
         {
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 3ce2b834d..0b7a4fa1a 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -81,6 +81,11 @@ public static class RequestHelpers
         }
 
         var user = userManager.GetUserById(userId);
+        if (user is null)
+        {
+            throw new ResourceNotFoundException();
+        }
+
         return user.EnableUserPreferenceAccess;
     }
 
@@ -98,7 +103,7 @@ public static class RequestHelpers
 
         if (session is null)
         {
-            throw new ArgumentException("Session not found.");
+            throw new ResourceNotFoundException("Session not found.");
         }
 
         return session;
diff --git a/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
index 0503c5d57..6b6d9682b 100644
--- a/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
+++ b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
@@ -1,4 +1,6 @@
-namespace Jellyfin.Api.Models.UserDtos;
+using System.ComponentModel.DataAnnotations;
+
+namespace Jellyfin.Api.Models.UserDtos;
 
 /// <summary>
 /// The create user by name request body.
@@ -8,7 +10,8 @@ public class CreateUserByName
     /// <summary>
     /// Gets or sets the username.
     /// </summary>
-    public string? Name { get; set; }
+    [Required]
+    required public string Name { get; set; }
 
     /// <summary>
     /// Gets or sets the password.
diff --git a/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs b/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs
index ebe9297ea..a0631fd07 100644
--- a/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs
+++ b/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs
@@ -11,5 +11,5 @@ public class ForgotPasswordDto
     /// Gets or sets the entered username to have its password reset.
     /// </summary>
     [Required]
-    public string? EnteredUsername { get; set; }
+    required public string EnteredUsername { get; set; }
 }
diff --git a/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs b/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs
index 2949efe29..79b8a5d63 100644
--- a/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs
+++ b/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs
@@ -11,5 +11,5 @@ public class ForgotPasswordPinDto
     /// Gets or sets the entered pin to have the password reset.
     /// </summary>
     [Required]
-    public string? Pin { get; set; }
+    required public string Pin { get; set; }
 }
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index 8b15d6823..a4b4c1959 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -9,6 +9,7 @@ using Jellyfin.Data.Enums;
 using Jellyfin.Data.Events;
 using Jellyfin.Data.Queries;
 using Jellyfin.Extensions;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Devices;
@@ -185,6 +186,10 @@ namespace Jellyfin.Server.Implementations.Devices
                 if (userId.HasValue)
                 {
                     var user = _userManager.GetUserById(userId.Value);
+                    if (user is null)
+                    {
+                        throw new ResourceNotFoundException();
+                    }
 
                     sessions = sessions.Where(i => CanAccessDevice(user, i.DeviceId));
                 }
diff --git a/MediaBrowser.Controller/Dto/IDtoService.cs b/MediaBrowser.Controller/Dto/IDtoService.cs
index 89aafc84f..22453f0f7 100644
--- a/MediaBrowser.Controller/Dto/IDtoService.cs
+++ b/MediaBrowser.Controller/Dto/IDtoService.cs
@@ -1,4 +1,3 @@
-#nullable disable
 #pragma warning disable CA1002
 
 using System.Collections.Generic;
@@ -28,7 +27,7 @@ namespace MediaBrowser.Controller.Dto
         /// <param name="user">The user.</param>
         /// <param name="owner">The owner.</param>
         /// <returns>BaseItemDto.</returns>
-        BaseItemDto GetBaseItemDto(BaseItem item, DtoOptions options, User user = null, BaseItem owner = null);
+        BaseItemDto GetBaseItemDto(BaseItem item, DtoOptions options, User? user = null, BaseItem? owner = null);
 
         /// <summary>
         /// Gets the base item dtos.
@@ -38,7 +37,7 @@ namespace MediaBrowser.Controller.Dto
         /// <param name="user">The user.</param>
         /// <param name="owner">The owner.</param>
         /// <returns>The <see cref="IReadOnlyList{T}"/> of <see cref="BaseItemDto"/>.</returns>
-        IReadOnlyList<BaseItemDto> GetBaseItemDtos(IReadOnlyList<BaseItem> items, DtoOptions options, User user = null, BaseItem owner = null);
+        IReadOnlyList<BaseItemDto> GetBaseItemDtos(IReadOnlyList<BaseItem> items, DtoOptions options, User? user = null, BaseItem? owner = null);
 
         /// <summary>
         /// Gets the item by name dto.
@@ -48,6 +47,6 @@ namespace MediaBrowser.Controller.Dto
         /// <param name="taggedItems">The list of tagged items.</param>
         /// <param name="user">The user.</param>
         /// <returns>The item dto.</returns>
-        BaseItemDto GetItemByNameDto(BaseItem item, DtoOptions options, List<BaseItem> taggedItems, User user = null);
+        BaseItemDto GetItemByNameDto(BaseItem item, DtoOptions options, List<BaseItem>? taggedItems, User? user = null);
     }
 }
diff --git a/MediaBrowser.Controller/Library/IUserManager.cs b/MediaBrowser.Controller/Library/IUserManager.cs
index 993e3e18f..37b4afcf3 100644
--- a/MediaBrowser.Controller/Library/IUserManager.cs
+++ b/MediaBrowser.Controller/Library/IUserManager.cs
@@ -1,5 +1,3 @@
-#nullable disable
-
 #pragma warning disable CS1591
 
 using System;
@@ -47,14 +45,14 @@ namespace MediaBrowser.Controller.Library
         /// <param name="id">The id.</param>
         /// <returns>The user with the specified Id, or <c>null</c> if the user doesn't exist.</returns>
         /// <exception cref="ArgumentException"><c>id</c> is an empty Guid.</exception>
-        User GetUserById(Guid id);
+        User? GetUserById(Guid id);
 
         /// <summary>
         /// Gets the name of the user by.
         /// </summary>
         /// <param name="name">The name.</param>
         /// <returns>User.</returns>
-        User GetUserByName(string name);
+        User? GetUserByName(string name);
 
         /// <summary>
         /// Renames the user.
@@ -128,7 +126,7 @@ namespace MediaBrowser.Controller.Library
         /// <param name="user">The user.</param>
         /// <param name="remoteEndPoint">The remote end point.</param>
         /// <returns>UserDto.</returns>
-        UserDto GetUserDto(User user, string remoteEndPoint = null);
+        UserDto GetUserDto(User user, string? remoteEndPoint = null);
 
         /// <summary>
         /// Authenticates the user.
@@ -139,7 +137,7 @@ namespace MediaBrowser.Controller.Library
         /// <param name="remoteEndPoint">Remove endpoint to use.</param>
         /// <param name="isUserSession">Specifies if a user session.</param>
         /// <returns>User wrapped in awaitable task.</returns>
-        Task<User> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession);
+        Task<User?> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession);
 
         /// <summary>
         /// Starts the forgot password process.
diff --git a/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs b/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs
index 7bc8fa5ab..6d2c3c3d2 100644
--- a/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs
+++ b/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs
@@ -1,5 +1,3 @@
-#nullable disable
-
 #pragma warning disable CS1591
 
 using System;
@@ -9,7 +7,7 @@ namespace MediaBrowser.Controller.Library
 {
     public static class LibraryManagerExtensions
     {
-        public static BaseItem GetItemById(this ILibraryManager manager, string id)
+        public static BaseItem? GetItemById(this ILibraryManager manager, string id)
         {
             return manager.GetItemById(new Guid(id));
         }
diff --git a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
index 9eb0beda4..3737fee0a 100644
--- a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
@@ -8,6 +8,7 @@ using System.Threading.Tasks;
 using Jellyfin.Api.Models.StartupDtos;
 using Jellyfin.Api.Models.UserDtos;
 using Jellyfin.Extensions.Json;
+using MediaBrowser.Model.Dto;
 using Xunit;
 
 namespace Jellyfin.Server.Integration.Tests
@@ -43,6 +44,33 @@ namespace Jellyfin.Server.Integration.Tests
             return auth!.AccessToken;
         }
 
+        public static async Task<UserDto> GetUserDtoAsync(HttpClient client)
+        {
+            using var response = await client.GetAsync("Users/Me").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var userDto = await JsonSerializer.DeserializeAsync<UserDto>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false), JsonDefaults.Options).ConfigureAwait(false);
+            Assert.NotNull(userDto);
+            return userDto;
+        }
+
+        public static async Task<BaseItemDto> GetRootFolderDtoAsync(HttpClient client, Guid userId = default)
+        {
+            if (userId.Equals(default))
+            {
+                var userDto = await GetUserDtoAsync(client).ConfigureAwait(false);
+                userId = userDto.Id;
+            }
+
+            var response = await client.GetAsync($"Users/{userId}/Items/Root").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var rootDto = await JsonSerializer.DeserializeAsync<BaseItemDto>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    JsonDefaults.Options).ConfigureAwait(false);
+            Assert.NotNull(rootDto);
+            return rootDto;
+        }
+
         public static void AddAuthHeader(this HttpHeaders headers, string accessToken)
         {
             headers.Add(AuthHeaderName, DummyAuthHeader + $", Token={accessToken}");
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs
new file mode 100644
index 000000000..17f3dc99f
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs
@@ -0,0 +1,26 @@
+using System.Net;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class MusicGenreControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private static string? _accessToken;
+
+    public MusicGenreControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task MusicGenres_FakeMusicGenre_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync("MusicGenres/Fake-MusicGenre").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
index 2b825a93a..e5cde6676 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
@@ -66,6 +66,16 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
             Assert.False(users![0].HasConfiguredPassword);
         }
 
+        [Fact]
+        [Priority(-1)]
+        public async Task Me_Valid_Success()
+        {
+            var client = _factory.CreateClient();
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+            _ = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        }
+
         [Fact]
         [Priority(0)]
         public async Task New_Valid_Success()
@@ -108,7 +118,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
 
             var createRequest = new CreateUserByName()
             {
-                Name = username
+                Name = username!
             };
 
             using var response = await CreateUserByName(client, createRequest).ConfigureAwait(false);
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs
new file mode 100644
index 000000000..69f2ccf33
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs
@@ -0,0 +1,129 @@
+using System;
+using System.Globalization;
+using System.Net;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Jellyfin.Extensions.Json;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Querying;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class UserLibraryControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private readonly JsonSerializerOptions _jsonOptions = JsonDefaults.Options;
+    private static string? _accessToken;
+
+    public UserLibraryControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task GetRootFolder_NonExistenUserId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync($"Users/{Guid.NewGuid()}/Items/Root").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Fact]
+    public async Task GetRootFolder_UserId_Valid()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        _ = await AuthHelper.GetRootFolderDtoAsync(client).ConfigureAwait(false);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items/{1}")]
+    [InlineData("Users/{0}/Items/{1}/Intros")]
+    [InlineData("Users/{0}/Items/{1}/LocalTrailers")]
+    [InlineData("Users/{0}/Items/{1}/SpecialFeatures")]
+    [InlineData("Users/{0}/Items/{1}/Lyrics")]
+    public async Task GetItem_NonExistenUserId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid(), rootFolderDto.Id)).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items/{1}")]
+    [InlineData("Users/{0}/Items/{1}/Intros")]
+    [InlineData("Users/{0}/Items/{1}/LocalTrailers")]
+    [InlineData("Users/{0}/Items/{1}/SpecialFeatures")]
+    [InlineData("Users/{0}/Items/{1}/Lyrics")]
+    public async Task GetItem_NonExistentItemId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, userDto.Id, Guid.NewGuid())).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Fact]
+    public async Task GetItem_UserIdAndItemId_Valid()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client, userDto.Id).ConfigureAwait(false);
+
+        var response = await client.GetAsync($"Users/{userDto.Id}/Items/{rootFolderDto.Id}").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var rootDto = await JsonSerializer.DeserializeAsync<BaseItemDto>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(rootDto);
+    }
+
+    [Fact]
+    public async Task GetIntros_UserIdAndItemId_Valid()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client, userDto.Id).ConfigureAwait(false);
+
+        var response = await client.GetAsync($"Users/{userDto.Id}/Items/{rootFolderDto.Id}/Intros").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var rootDto = await JsonSerializer.DeserializeAsync<QueryResult<BaseItemDto>>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(rootDto);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items/{1}/LocalTrailers")]
+    [InlineData("Users/{0}/Items/{1}/SpecialFeatures")]
+    public async Task LocalTrailersAndSpecialFeatures_UserIdAndItemId_Valid(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client, userDto.Id).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, userDto.Id, rootFolderDto.Id)).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var rootDto = await JsonSerializer.DeserializeAsync<BaseItemDto[]>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(rootDto);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs
new file mode 100644
index 000000000..0f9a2e90a
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs
@@ -0,0 +1,27 @@
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class VideosControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private static string? _accessToken;
+
+    public VideosControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task DeleteAlternateSources_NonExistentItemId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.DeleteAsync($"Videos/{Guid.NewGuid()}").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+}
-- 
cgit v1.2.3


From eb7fee95906f1c9d8d104777e0214de9115ca82f Mon Sep 17 00:00:00 2001
From: Bond_009 <bond.009@outlook.com>
Date: Sat, 4 Feb 2023 21:08:21 +0100
Subject: Add more tests

---
 Jellyfin.Api/Controllers/ItemsController.cs        |  3 +-
 Jellyfin.Api/Controllers/LibraryController.cs      | 10 ++++
 .../Controllers/ItemsControllerTests.cs            | 64 ++++++++++++++++++++++
 .../Controllers/LibraryControllerTests.cs          | 40 ++++++++++++++
 .../Controllers/PlaystateControllerTests.cs        | 41 +++++++++-----
 .../Controllers/SessionControllerTests.cs          | 27 +++++++++
 .../Controllers/UserControllerTests.cs             | 13 +++++
 7 files changed, 182 insertions(+), 16 deletions(-)
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/SessionControllerTests.cs

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 1bfc111af..c937176cd 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -6,6 +6,7 @@ using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
@@ -241,7 +242,7 @@ public class ItemsController : BaseJellyfinApiController
         var isApiKey = User.GetIsApiKey();
         // if api key is used (auth.IsApiKey == true), then `user` will be null throughout this method
         var user = !isApiKey && userId.HasValue && !userId.Value.Equals(default)
-            ? _userManager.GetUserById(userId.Value)
+            ? _userManager.GetUserById(userId.Value) ?? throw new ResourceNotFoundException()
             : null;
 
         // beyond this point, we're either using an api key or we have a valid user
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index a311554b4..c4309412c 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -283,6 +283,11 @@ public class LibraryController : BaseJellyfinApiController
             userId,
             inheritFromParent);
 
+        if (themeSongs.Result is NotFoundObjectResult || themeVideos.Result is NotFoundObjectResult)
+        {
+            return NotFound();
+        }
+
         return new AllThemeMediaResult
         {
             ThemeSongsResult = themeSongs?.Value,
@@ -676,6 +681,11 @@ public class LibraryController : BaseJellyfinApiController
                 : _libraryManager.GetUserRootFolder())
             : _libraryManager.GetItemById(itemId);
 
+        if (item is null)
+        {
+            return NotFound();
+        }
+
         if (item is Episode || (item is IItemByName && item is not MusicArtist))
         {
             return new QueryResult<BaseItemDto>();
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs
new file mode 100644
index 000000000..62b32b92e
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs
@@ -0,0 +1,64 @@
+using System;
+using System.Globalization;
+using System.Net;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Jellyfin.Extensions.Json;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Querying;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class ItemsControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private readonly JsonSerializerOptions _jsonOptions = JsonDefaults.Options;
+    private static string? _accessToken;
+
+    public ItemsControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task GetItems_NoApiKeyOrUserId_BadRequest()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync("Items").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items")]
+    [InlineData("Users/{0}/Items/Resume")]
+    public async Task GetUserItems_NonExistentUserId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid())).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Theory]
+    [InlineData("Items?userId={0}")]
+    [InlineData("Users/{0}/Items")]
+    [InlineData("Users/{0}/Items/Resume")]
+    public async Task GetItems_UserId_Ok(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, userDto.Id)).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var items = await JsonSerializer.DeserializeAsync<QueryResult<BaseItemDto>>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(items);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs
new file mode 100644
index 000000000..013d19a9f
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs
@@ -0,0 +1,40 @@
+using System;
+using System.Globalization;
+using System.Net;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class LibraryControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private static string? _accessToken;
+
+    public LibraryControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Theory]
+    [InlineData("Items/{0}/File")]
+    [InlineData("Items/{0}/ThemeSongs")]
+    [InlineData("Items/{0}/ThemeVideos")]
+    [InlineData("Items/{0}/ThemeMedia")]
+    [InlineData("Items/{0}/Ancestors")]
+    [InlineData("Items/{0}/Download")]
+    [InlineData("Artists/{0}/Similar")]
+    [InlineData("Items/{0}/Similar")]
+    [InlineData("Albums/{0}/Similar")]
+    [InlineData("Shows/{0}/Similar")]
+    [InlineData("Movies/{0}/Similar")]
+    [InlineData("Trailers/{0}/Similar")]
+    public async Task Get_NonExistentItemId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid())).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/PlaystateControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/PlaystateControllerTests.cs
index f8f5fecec..868ecd53f 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/PlaystateControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/PlaystateControllerTests.cs
@@ -1,18 +1,13 @@
 using System;
 using System.Net;
-using System.Net.Http;
 using System.Threading.Tasks;
 using Xunit;
-using Xunit.Priority;
 
 namespace Jellyfin.Server.Integration.Tests.Controllers;
 
-[TestCaseOrderer(PriorityOrderer.Name, PriorityOrderer.Assembly)]
 public class PlaystateControllerTests : IClassFixture<JellyfinApplicationFactory>
 {
     private readonly JellyfinApplicationFactory _factory;
-    private static readonly Guid _testUserId = Guid.NewGuid();
-    private static readonly Guid _testItemId = Guid.NewGuid();
     private static string? _accessToken;
 
     public PlaystateControllerTests(JellyfinApplicationFactory factory)
@@ -20,31 +15,47 @@ public class PlaystateControllerTests : IClassFixture<JellyfinApplicationFactory
         _factory = factory;
     }
 
-    private Task<HttpResponseMessage> DeleteUserPlayedItems(HttpClient httpClient, Guid userId, Guid itemId)
-        => httpClient.DeleteAsync($"Users/{userId}/PlayedItems/{itemId}");
+    [Fact]
+    public async Task DeleteMarkUnplayedItem_NonExistentUserId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        using var response = await client.DeleteAsync($"Users/{Guid.NewGuid()}/PlayedItems/{Guid.NewGuid()}").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Fact]
+    public async Task PostMarkPlayedItem_NonExistentUserId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
 
-    private Task<HttpResponseMessage> PostUserPlayedItems(HttpClient httpClient, Guid userId, Guid itemId)
-        => httpClient.PostAsync($"Users/{userId}/PlayedItems/{itemId}", null);
+        using var response = await client.PostAsync($"Users/{Guid.NewGuid()}/PlayedItems/{Guid.NewGuid()}", null).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
 
     [Fact]
-    [Priority(0)]
-    public async Task DeleteMarkUnplayedItem_DoesNotExist_NotFound()
+    public async Task DeleteMarkUnplayedItem_NonExistentItemId_NotFound()
     {
         var client = _factory.CreateClient();
         client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
 
-        using var response = await DeleteUserPlayedItems(client, _testUserId, _testItemId).ConfigureAwait(false);
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+
+        using var response = await client.DeleteAsync($"Users/{userDto.Id}/PlayedItems/{Guid.NewGuid()}").ConfigureAwait(false);
         Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
     }
 
     [Fact]
-    [Priority(0)]
-    public async Task PostMarkPlayedItem_DoesNotExist_NotFound()
+    public async Task PostMarkPlayedItem_NonExistentItemId_NotFound()
     {
         var client = _factory.CreateClient();
         client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
 
-        using var response = await PostUserPlayedItems(client, _testUserId, _testItemId).ConfigureAwait(false);
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+
+        using var response = await client.PostAsync($"Users/{userDto.Id}/PlayedItems/{Guid.NewGuid()}", null).ConfigureAwait(false);
         Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
     }
 }
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/SessionControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/SessionControllerTests.cs
new file mode 100644
index 000000000..cb0a829e8
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/SessionControllerTests.cs
@@ -0,0 +1,27 @@
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public class SessionControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private static string? _accessToken;
+
+    public SessionControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task GetSessions_NonExistentUserId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        using var response = await client.GetAsync($"Session/Sessions?userId={Guid.NewGuid()}").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
index e5cde6676..2a3c53dbe 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
@@ -125,6 +125,19 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
             Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
         }
 
+        [Fact]
+        [Priority(0)]
+        public async Task Delete_DoesntExist_NotFound()
+        {
+            var client = _factory.CreateClient();
+
+            // access token can't be null here as the previous test populated it
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken!);
+
+            using var response = await client.DeleteAsync($"User/{Guid.NewGuid()}").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+        }
+
         [Fact]
         [Priority(1)]
         public async Task UpdateUserPassword_Valid_Success()
-- 
cgit v1.2.3


From 209edd38a4163a8cf4abd5e47bfe0ea1a100f351 Mon Sep 17 00:00:00 2001
From: cvium <clausvium@gmail.com>
Date: Wed, 8 Feb 2023 23:55:26 +0100
Subject: refactor: simplify authz

---
 .../AnonymousLanAccessHandler.cs                   |   3 +-
 Jellyfin.Api/Auth/BaseAuthorizationHandler.cs      | 113 ----------------
 .../DefaultAuthorizationHandler.cs                 |  47 ++++++-
 .../DefaultAuthorizationRequirement.cs             |  13 ++
 .../Auth/DownloadPolicy/DownloadHandler.cs         |  44 -------
 .../Auth/DownloadPolicy/DownloadRequirement.cs     |  11 --
 ...FirstTimeOrIgnoreParentalControlSetupHandler.cs |  56 --------
 ...tTimeOrIgnoreParentalControlSetupRequirement.cs |  11 --
 .../FirstTimeSetupOrDefaultHandler.cs              |  56 --------
 .../FirstTimeSetupOrDefaultRequirement.cs          |  11 --
 .../FirstTimeSetupOrElevatedHandler.cs             |  57 --------
 .../FirstTimeSetupOrElevatedRequirement.cs         |  11 --
 .../FirstTimeSetupPolicy/FirstTimeSetupHandler.cs  |  61 +++++++++
 .../FirstTimeSetupRequirement.cs                   |  26 ++++
 .../IgnoreParentalControlHandler.cs                |  44 -------
 .../IgnoreParentalControlRequirement.cs            |  11 --
 .../LocalAccessOrRequiresElevationHandler.cs       |  45 -------
 .../LocalAccessOrRequiresElevationRequirement.cs   |  11 --
 .../Auth/LocalAccessPolicy/LocalAccessHandler.cs   |  44 -------
 .../LocalAccessPolicy/LocalAccessRequirement.cs    |  11 --
 .../RequiresElevationHandler.cs                    |  45 -------
 .../RequiresElevationRequirement.cs                |  11 --
 .../SyncPlayAccessPolicy/SyncPlayAccessHandler.cs  |  41 +-----
 .../SyncPlayAccessRequirement.cs                   |   6 +-
 .../UserPermissionPolicy/UserPermissionHandler.cs  |  37 ++++++
 .../UserPermissionRequirement.cs                   |  26 ++++
 Jellyfin.Api/Constants/Policies.cs                 |   5 -
 Jellyfin.Api/Controllers/ArtistsController.cs      |   3 +-
 Jellyfin.Api/Controllers/ChannelsController.cs     |   3 +-
 Jellyfin.Api/Controllers/ClientLogController.cs    |   3 +-
 Jellyfin.Api/Controllers/CollectionController.cs   |   3 +-
 .../Controllers/ConfigurationController.cs         |   2 +-
 Jellyfin.Api/Controllers/DashboardController.cs    |   3 +-
 .../Controllers/DisplayPreferencesController.cs    |   3 +-
 Jellyfin.Api/Controllers/DynamicHlsController.cs   |   3 +-
 Jellyfin.Api/Controllers/FilterController.cs       |   3 +-
 Jellyfin.Api/Controllers/GenresController.cs       |   5 +-
 Jellyfin.Api/Controllers/HlsSegmentController.cs   |   5 +-
 Jellyfin.Api/Controllers/ImageController.cs        |  18 +--
 Jellyfin.Api/Controllers/InstantMixController.cs   |   3 +-
 Jellyfin.Api/Controllers/ItemLookupController.cs   |   2 +-
 Jellyfin.Api/Controllers/ItemsController.cs        |   3 +-
 Jellyfin.Api/Controllers/LibraryController.cs      |  80 ++++++------
 Jellyfin.Api/Controllers/LiveTvController.cs       |  77 ++++++-----
 Jellyfin.Api/Controllers/MediaInfoController.cs    |   3 +-
 Jellyfin.Api/Controllers/MoviesController.cs       |   3 +-
 Jellyfin.Api/Controllers/MusicGenresController.cs  |   3 +-
 Jellyfin.Api/Controllers/PackageController.cs      |   2 +-
 Jellyfin.Api/Controllers/PersonsController.cs      |   3 +-
 Jellyfin.Api/Controllers/PlaylistsController.cs    |   3 +-
 Jellyfin.Api/Controllers/PlaystateController.cs    |   3 +-
 Jellyfin.Api/Controllers/PluginsController.cs      |   2 +-
 Jellyfin.Api/Controllers/QuickConnectController.cs |   2 +-
 Jellyfin.Api/Controllers/RemoteImageController.cs  |   4 +-
 Jellyfin.Api/Controllers/SearchController.cs       |   3 +-
 Jellyfin.Api/Controllers/SessionController.cs      |  28 ++--
 Jellyfin.Api/Controllers/StudiosController.cs      |   3 +-
 Jellyfin.Api/Controllers/SubtitleController.cs     |  12 +-
 Jellyfin.Api/Controllers/SuggestionsController.cs  |   3 +-
 Jellyfin.Api/Controllers/SystemController.cs       |   4 +-
 Jellyfin.Api/Controllers/TrailersController.cs     |   3 +-
 Jellyfin.Api/Controllers/TvShowsController.cs      |   3 +-
 .../Controllers/UniversalAudioController.cs        |   3 +-
 Jellyfin.Api/Controllers/UserController.cs         |  12 +-
 Jellyfin.Api/Controllers/UserLibraryController.cs  |   3 +-
 Jellyfin.Api/Controllers/UserViewsController.cs    |   3 +-
 Jellyfin.Api/Controllers/VideosController.cs       |   2 +-
 Jellyfin.Api/Controllers/YearsController.cs        |   3 +-
 Jellyfin.Api/Middleware/LanFilteringMiddleware.cs  |  11 +-
 Jellyfin.Data/DayOfWeekHelper.cs                   |  11 ++
 Jellyfin.Data/Entities/User.cs                     |   3 +-
 .../Extensions/ApiServiceCollectionExtensions.cs   | 143 +++++----------------
 .../FirstTimeSetupOrElevatedHandlerTests.cs        |  71 ----------
 .../FirstTimeSetupHandlerTests.cs                  |  72 +++++++++++
 .../IgnoreScheduleHandlerTests.cs                  |   8 +-
 .../LocalAccessPolicy/LocalAccessHandlerTests.cs   |  59 ---------
 .../RequiresElevationHandlerTests.cs               |  53 --------
 77 files changed, 494 insertions(+), 1126 deletions(-)
 delete mode 100644 Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
 create mode 100644 Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs
 create mode 100644 Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs
 delete mode 100644 tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs
 create mode 100644 tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
 delete mode 100644 tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs
 delete mode 100644 tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
index d4b1ffb06..741b88ea9 100644
--- a/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
+++ b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -29,7 +30,7 @@ namespace Jellyfin.Api.Auth.AnonymousLanAccessPolicy
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement)
         {
-            var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress;
+            var ip = _httpContextAccessor.HttpContext?.GetNormalizedRemoteIp();
 
             // Loopback will be on LAN, so we can accept null.
             if (ip is null || _networkManager.IsInLocalNetwork(ip))
diff --git a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
deleted file mode 100644
index 8e5e66d64..000000000
--- a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-using System.Security.Claims;
-using Jellyfin.Api.Extensions;
-using Jellyfin.Api.Helpers;
-using Jellyfin.Data.Enums;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth
-{
-    /// <summary>
-    /// Base authorization handler.
-    /// </summary>
-    /// <typeparam name="T">Type of Authorization Requirement.</typeparam>
-    public abstract class BaseAuthorizationHandler<T> : AuthorizationHandler<T>
-        where T : IAuthorizationRequirement
-    {
-        private readonly IUserManager _userManager;
-        private readonly INetworkManager _networkManager;
-        private readonly IHttpContextAccessor _httpContextAccessor;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="BaseAuthorizationHandler{T}"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        protected BaseAuthorizationHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-        {
-            _userManager = userManager;
-            _networkManager = networkManager;
-            _httpContextAccessor = httpContextAccessor;
-        }
-
-        /// <summary>
-        /// Validate authenticated claims.
-        /// </summary>
-        /// <param name="claimsPrincipal">Request claims.</param>
-        /// <param name="ignoreSchedule">Whether to ignore parental control.</param>
-        /// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
-        /// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
-        /// <returns>Validated claim status.</returns>
-        protected bool ValidateClaims(
-            ClaimsPrincipal claimsPrincipal,
-            bool ignoreSchedule = false,
-            bool localAccessOnly = false,
-            bool requiredDownloadPermission = false)
-        {
-            // ApiKey is currently global admin, always allow.
-            var isApiKey = claimsPrincipal.GetIsApiKey();
-            if (isApiKey)
-            {
-                return true;
-            }
-
-            // Ensure claim has userId.
-            var userId = claimsPrincipal.GetUserId();
-            if (userId.Equals(default))
-            {
-                return false;
-            }
-
-            // Ensure userId links to a valid user.
-            var user = _userManager.GetUserById(userId);
-            if (user is null)
-            {
-                return false;
-            }
-
-            // Ensure user is not disabled.
-            if (user.HasPermission(PermissionKind.IsDisabled))
-            {
-                return false;
-            }
-
-            var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
-                && _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
-
-            // User cannot access remotely and user is remote
-            if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork)
-            {
-                return false;
-            }
-
-            if (localAccessOnly && !isInLocalNetwork)
-            {
-                return false;
-            }
-
-            // User attempting to access out of parental control hours.
-            if (!ignoreSchedule
-                && !user.HasPermission(PermissionKind.IsAdministrator)
-                && !user.IsParentalScheduleAllowed())
-            {
-                return false;
-            }
-
-            // User attempting to download without permission.
-            if (requiredDownloadPermission
-                && !user.HasPermission(PermissionKind.EnableContentDownloading))
-            {
-                return false;
-            }
-
-            return true;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
index be77b7a4e..7489e2a35 100644
--- a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
@@ -1,4 +1,8 @@
 using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Extensions;
+using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Library;
 using Microsoft.AspNetCore.Authorization;
@@ -9,8 +13,12 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
     /// <summary>
     /// Default authorization handler.
     /// </summary>
-    public class DefaultAuthorizationHandler : BaseAuthorizationHandler<DefaultAuthorizationRequirement>
+    public class DefaultAuthorizationHandler : AuthorizationHandler<DefaultAuthorizationRequirement>
     {
+        private readonly IUserManager _userManager;
+        private readonly INetworkManager _networkManager;
+        private readonly IHttpContextAccessor _httpContextAccessor;
+
         /// <summary>
         /// Initializes a new instance of the <see cref="DefaultAuthorizationHandler"/> class.
         /// </summary>
@@ -21,21 +29,50 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
             IUserManager userManager,
             INetworkManager networkManager,
             IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
         {
+            _userManager = userManager;
+            _networkManager = networkManager;
+            _httpContextAccessor = httpContextAccessor;
         }
 
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirement requirement)
         {
-            var validated = ValidateClaims(context.User);
-            if (validated)
+            // Admins can do everything
+            if (context.User.GetIsApiKey() || context.User.IsInRole(UserRoles.Administrator))
             {
                 context.Succeed(requirement);
+                return Task.CompletedTask;
             }
-            else
+
+            var userId = context.User.GetUserId();
+            // This likely only happens during the wizard, so skip the default checks and let any other handlers do it
+            if (userId.Equals(default))
+            {
+                return Task.CompletedTask;
+            }
+
+            var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
+                                   && _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
+            var user = _userManager.GetUserById(userId);
+            // User cannot access remotely and user is remote
+            if (!isInLocalNetwork && !user.HasPermission(PermissionKind.EnableRemoteAccess))
             {
                 context.Fail();
+                return Task.CompletedTask;
+            }
+
+            // It's not great to have this check, but parental schedule must usually be honored except in a few rare cases
+            if (requirement.ValidateParentalSchedule && !user.IsParentalScheduleAllowed())
+            {
+                context.Fail();
+                return Task.CompletedTask;
+            }
+
+            // Only succeed if the requirement isn't a subclass as any subclassed requirement will handle success in its own handler
+            if (requirement.GetType() == typeof(DefaultAuthorizationRequirement))
+            {
+                context.Succeed(requirement);
             }
 
             return Task.CompletedTask;
diff --git a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs
index 7cea00b69..0846e7515 100644
--- a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs
+++ b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs
@@ -7,5 +7,18 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
     /// </summary>
     public class DefaultAuthorizationRequirement : IAuthorizationRequirement
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DefaultAuthorizationRequirement"/> class.
+        /// </summary>
+        /// <param name="validateParentalSchedule">A value indicating whether to validate parental schedule.</param>
+        public DefaultAuthorizationRequirement(bool validateParentalSchedule = true)
+        {
+            ValidateParentalSchedule = validateParentalSchedule;
+        }
+
+        /// <summary>
+        /// Gets a value indicating whether to ignore parental schedule.
+        /// </summary>
+        public bool ValidateParentalSchedule { get; init; }
     }
 }
diff --git a/Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs b/Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs
deleted file mode 100644
index b61680ab1..000000000
--- a/Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs
+++ /dev/null
@@ -1,44 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.DownloadPolicy
-{
-    /// <summary>
-    /// Download authorization handler.
-    /// </summary>
-    public class DownloadHandler : BaseAuthorizationHandler<DownloadRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="DownloadHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public DownloadHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DownloadRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs b/Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs
deleted file mode 100644
index b0a72a9de..000000000
--- a/Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.DownloadPolicy
-{
-    /// <summary>
-    /// The download permission requirement.
-    /// </summary>
-    public class DownloadRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs
deleted file mode 100644
index 31482a930..000000000
--- a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs
+++ /dev/null
@@ -1,56 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
-{
-    /// <summary>
-    /// Ignore parental control schedule and allow before startup wizard has been completed.
-    /// </summary>
-    public class FirstTimeOrIgnoreParentalControlSetupHandler : BaseAuthorizationHandler<FirstTimeOrIgnoreParentalControlSetupRequirement>
-    {
-        private readonly IConfigurationManager _configurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="FirstTimeOrIgnoreParentalControlSetupHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        public FirstTimeOrIgnoreParentalControlSetupHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor,
-            IConfigurationManager configurationManager)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-            _configurationManager = configurationManager;
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeOrIgnoreParentalControlSetupRequirement requirement)
-        {
-            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var validated = ValidateClaims(context.User, ignoreSchedule: true);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs b/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs
deleted file mode 100644
index 00aaec334..000000000
--- a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
-{
-    /// <summary>
-    /// First time setup or ignore parental controls requirement.
-    /// </summary>
-    public class FirstTimeOrIgnoreParentalControlSetupRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
deleted file mode 100644
index dd0bd4ec2..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
+++ /dev/null
@@ -1,56 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
-{
-    /// <summary>
-    /// Authorization handler for requiring first time setup or default privileges.
-    /// </summary>
-    public class FirstTimeSetupOrDefaultHandler : BaseAuthorizationHandler<FirstTimeSetupOrDefaultRequirement>
-    {
-        private readonly IConfigurationManager _configurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="FirstTimeSetupOrDefaultHandler" /> class.
-        /// </summary>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public FirstTimeSetupOrDefaultHandler(
-            IConfigurationManager configurationManager,
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-            _configurationManager = configurationManager;
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrDefaultRequirement requirement)
-        {
-            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var validated = ValidateClaims(context.User);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
deleted file mode 100644
index f7366bd7a..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
-{
-    /// <summary>
-    /// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
-    /// </summary>
-    public class FirstTimeSetupOrDefaultRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
deleted file mode 100644
index 90b76ee99..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
+++ /dev/null
@@ -1,57 +0,0 @@
-using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
-{
-    /// <summary>
-    /// Authorization handler for requiring first time setup or elevated privileges.
-    /// </summary>
-    public class FirstTimeSetupOrElevatedHandler : BaseAuthorizationHandler<FirstTimeSetupOrElevatedRequirement>
-    {
-        private readonly IConfigurationManager _configurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="FirstTimeSetupOrElevatedHandler" /> class.
-        /// </summary>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public FirstTimeSetupOrElevatedHandler(
-            IConfigurationManager configurationManager,
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-            _configurationManager = configurationManager;
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement requirement)
-        {
-            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var validated = ValidateClaims(context.User);
-            if (validated && context.User.IsInRole(UserRoles.Administrator))
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
deleted file mode 100644
index 51ba637b6..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
-{
-    /// <summary>
-    /// The authorization requirement, requiring incomplete first time setup or elevated privileges, for the authorization handler.
-    /// </summary>
-    public class FirstTimeSetupOrElevatedRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
new file mode 100644
index 000000000..302e052a7
--- /dev/null
+++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
@@ -0,0 +1,61 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Extensions;
+using MediaBrowser.Common.Configuration;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
+{
+    /// <summary>
+    /// Authorization handler for requiring first time setup or default privileges.
+    /// </summary>
+    public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
+    {
+        private readonly IConfigurationManager _configurationManager;
+        private readonly IUserManager _userManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
+        /// </summary>
+        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        public FirstTimeSetupHandler(
+            IConfigurationManager configurationManager,
+            IUserManager userManager)
+        {
+            _configurationManager = configurationManager;
+            _userManager = userManager;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
+        {
+            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
+            {
+                context.Succeed(requirement);
+                return Task.CompletedTask;
+            }
+
+            if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
+            {
+                context.Fail();
+                return Task.CompletedTask;
+            }
+
+            if (!requirement.ValidateParentalSchedule)
+            {
+                context.Succeed(requirement);
+                return Task.CompletedTask;
+            }
+
+            var user = _userManager.GetUserById(context.User.GetUserId());
+            if (user.IsParentalScheduleAllowed())
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs
new file mode 100644
index 000000000..8b7a94954
--- /dev/null
+++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs
@@ -0,0 +1,26 @@
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+
+namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
+{
+    /// <summary>
+    /// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
+    /// </summary>
+    public class FirstTimeSetupRequirement : DefaultAuthorizationRequirement
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="FirstTimeSetupRequirement"/> class.
+        /// </summary>
+        /// <param name="validateParentalSchedule">A value indicating whether to ignore parental schedule.</param>
+        /// <param name="requireAdmin">A value indicating whether administrator role is required.</param>
+        public FirstTimeSetupRequirement(bool validateParentalSchedule = false, bool requireAdmin = true)
+        {
+            ValidateParentalSchedule = validateParentalSchedule;
+            RequireAdmin = requireAdmin;
+        }
+
+        /// <summary>
+        /// Gets a value indicating whether administrator role is required.
+        /// </summary>
+        public bool RequireAdmin { get; }
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
deleted file mode 100644
index a7623556a..000000000
--- a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
+++ /dev/null
@@ -1,44 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
-{
-    /// <summary>
-    /// Escape schedule controls handler.
-    /// </summary>
-    public class IgnoreParentalControlHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="IgnoreParentalControlHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public IgnoreParentalControlHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreParentalControlRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, ignoreSchedule: true);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
deleted file mode 100644
index cdad74270..000000000
--- a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
-{
-    /// <summary>
-    /// Escape schedule controls requirement.
-    /// </summary>
-    public class IgnoreParentalControlRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
deleted file mode 100644
index 14722aa57..000000000
--- a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
-{
-    /// <summary>
-    /// Local access or require elevated privileges handler.
-    /// </summary>
-    public class LocalAccessOrRequiresElevationHandler : BaseAuthorizationHandler<LocalAccessOrRequiresElevationRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="LocalAccessOrRequiresElevationHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public LocalAccessOrRequiresElevationHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, localAccessOnly: true);
-            if (validated || context.User.IsInRole(UserRoles.Administrator))
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
deleted file mode 100644
index d9c64d01c..000000000
--- a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
-{
-    /// <summary>
-    /// The local access or elevated privileges authorization requirement.
-    /// </summary>
-    public class LocalAccessOrRequiresElevationRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs b/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs
deleted file mode 100644
index d772ec554..000000000
--- a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs
+++ /dev/null
@@ -1,44 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.LocalAccessPolicy
-{
-    /// <summary>
-    /// Local access handler.
-    /// </summary>
-    public class LocalAccessHandler : BaseAuthorizationHandler<LocalAccessRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="LocalAccessHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public LocalAccessHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, localAccessOnly: true);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs b/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs
deleted file mode 100644
index 761127fa4..000000000
--- a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.LocalAccessPolicy
-{
-    /// <summary>
-    /// The local access authorization requirement.
-    /// </summary>
-    public class LocalAccessRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
deleted file mode 100644
index b235c4b63..000000000
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.RequiresElevationPolicy
-{
-    /// <summary>
-    /// Authorization handler for requiring elevated privileges.
-    /// </summary>
-    public class RequiresElevationHandler : BaseAuthorizationHandler<RequiresElevationRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="RequiresElevationHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public RequiresElevationHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User);
-            if (validated && context.User.IsInRole(UserRoles.Administrator))
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
deleted file mode 100644
index cfff1cc0c..000000000
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.RequiresElevationPolicy
-{
-    /// <summary>
-    /// The authorization requirement for requiring elevated privileges in the authorization handler.
-    /// </summary>
-    public class RequiresElevationRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
index cdd7d8a52..5c1029b38 100644
--- a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
+++ b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
@@ -1,19 +1,16 @@
 using System.Threading.Tasks;
 using Jellyfin.Api.Extensions;
-using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
-using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.SyncPlay;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 
 namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
 {
     /// <summary>
     /// Default authorization handler.
     /// </summary>
-    public class SyncPlayAccessHandler : BaseAuthorizationHandler<SyncPlayAccessRequirement>
+    public class SyncPlayAccessHandler : AuthorizationHandler<SyncPlayAccessRequirement>
     {
         private readonly ISyncPlayManager _syncPlayManager;
         private readonly IUserManager _userManager;
@@ -23,14 +20,9 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
         /// </summary>
         /// <param name="syncPlayManager">Instance of the <see cref="ISyncPlayManager"/> interface.</param>
         /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
         public SyncPlayAccessHandler(
             ISyncPlayManager syncPlayManager,
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
+            IUserManager userManager)
         {
             _syncPlayManager = syncPlayManager;
             _userManager = userManager;
@@ -39,27 +31,16 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
         {
-            if (!ValidateClaims(context.User))
-            {
-                context.Fail();
-                return Task.CompletedTask;
-            }
-
             var userId = context.User.GetUserId();
             var user = _userManager.GetUserById(userId);
 
             if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
             {
-                if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups
-                    || user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups
+                if (user.SyncPlayAccess is SyncPlayUserAccessType.CreateAndJoinGroups or SyncPlayUserAccessType.JoinGroups
                     || _syncPlayManager.IsUserActive(userId))
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
             }
             else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup)
             {
@@ -67,10 +48,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
             }
             else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup)
             {
@@ -79,10 +56,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
             }
             else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup)
             {
@@ -90,14 +63,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
-            }
-            else
-            {
-                context.Fail();
             }
 
             return Task.CompletedTask;
diff --git a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs
index 6fab4c0ad..220b223b3 100644
--- a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs
+++ b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs
@@ -1,12 +1,12 @@
-using Jellyfin.Data.Enums;
-using Microsoft.AspNetCore.Authorization;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+using Jellyfin.Data.Enums;
 
 namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
 {
     /// <summary>
     /// The default authorization requirement.
     /// </summary>
-    public class SyncPlayAccessRequirement : IAuthorizationRequirement
+    public class SyncPlayAccessRequirement : DefaultAuthorizationRequirement
     {
         /// <summary>
         /// Initializes a new instance of the <see cref="SyncPlayAccessRequirement"/> class.
diff --git a/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs
new file mode 100644
index 000000000..c3de7be32
--- /dev/null
+++ b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs
@@ -0,0 +1,37 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Auth.DownloadPolicy;
+using Jellyfin.Api.Extensions;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.UserPermissionPolicy
+{
+    /// <summary>
+    /// Download authorization handler.
+    /// </summary>
+    public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
+    {
+        private readonly IUserManager _userManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UserPermissionHandler"/> class.
+        /// </summary>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        public UserPermissionHandler(IUserManager userManager)
+        {
+            _userManager = userManager;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserPermissionRequirement requirement)
+        {
+            var user = _userManager.GetUserById(context.User.GetUserId());
+            if (user.HasPermission(requirement.RequiredPermission))
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs
new file mode 100644
index 000000000..195a61199
--- /dev/null
+++ b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs
@@ -0,0 +1,26 @@
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+using Jellyfin.Data.Enums;
+
+namespace Jellyfin.Api.Auth.DownloadPolicy
+{
+    /// <summary>
+    /// The user permission requirement.
+    /// </summary>
+    public class UserPermissionRequirement : DefaultAuthorizationRequirement
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UserPermissionRequirement"/> class.
+        /// </summary>
+        /// <param name="requiredPermission">The required <see cref="PermissionKind"/>.</param>
+        /// <param name="validateParentalSchedule">Whether to validate the user's parental schedule.</param>
+        public UserPermissionRequirement(PermissionKind requiredPermission, bool validateParentalSchedule = true) : base(validateParentalSchedule)
+        {
+            RequiredPermission = requiredPermission;
+        }
+
+        /// <summary>
+        /// Gets the required user permission.
+        /// </summary>
+        public PermissionKind RequiredPermission { get; }
+    }
+}
diff --git a/Jellyfin.Api/Constants/Policies.cs b/Jellyfin.Api/Constants/Policies.cs
index 5a5a2bf46..adc95e57b 100644
--- a/Jellyfin.Api/Constants/Policies.cs
+++ b/Jellyfin.Api/Constants/Policies.cs
@@ -5,11 +5,6 @@ namespace Jellyfin.Api.Constants;
 /// </summary>
 public static class Policies
 {
-    /// <summary>
-    /// Policy name for default authorization.
-    /// </summary>
-    public const string DefaultAuthorization = "DefaultAuthorization";
-
     /// <summary>
     /// Policy name for requiring first time setup or elevated privileges.
     /// </summary>
diff --git a/Jellyfin.Api/Controllers/ArtistsController.cs b/Jellyfin.Api/Controllers/ArtistsController.cs
index 069e7311b..11933fd97 100644
--- a/Jellyfin.Api/Controllers/ArtistsController.cs
+++ b/Jellyfin.Api/Controllers/ArtistsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// The artists controller.
 /// </summary>
 [Route("Artists")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ArtistsController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/ChannelsController.cs b/Jellyfin.Api/Controllers/ChannelsController.cs
index 573b7069c..42f072f66 100644
--- a/Jellyfin.Api/Controllers/ChannelsController.cs
+++ b/Jellyfin.Api/Controllers/ChannelsController.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Threading;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Channels Controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ChannelsController : BaseJellyfinApiController
 {
     private readonly IChannelManager _channelManager;
diff --git a/Jellyfin.Api/Controllers/ClientLogController.cs b/Jellyfin.Api/Controllers/ClientLogController.cs
index 21c31bc93..2c5dbacbb 100644
--- a/Jellyfin.Api/Controllers/ClientLogController.cs
+++ b/Jellyfin.Api/Controllers/ClientLogController.cs
@@ -1,7 +1,6 @@
 using System.Net.Mime;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Models.ClientLogDtos;
 using MediaBrowser.Controller.ClientEvent;
@@ -15,7 +14,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Client log controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ClientLogController : BaseJellyfinApiController
 {
     private const int MaxDocumentSize = 1_000_000;
diff --git a/Jellyfin.Api/Controllers/CollectionController.cs b/Jellyfin.Api/Controllers/CollectionController.cs
index 5a4a9bf07..f9f9be7ce 100644
--- a/Jellyfin.Api/Controllers/CollectionController.cs
+++ b/Jellyfin.Api/Controllers/CollectionController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using MediaBrowser.Controller.Collections;
@@ -17,7 +16,7 @@ namespace Jellyfin.Api.Controllers;
 /// The collection controller.
 /// </summary>
 [Route("Collections")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class CollectionController : BaseJellyfinApiController
 {
     private readonly ICollectionManager _collectionManager;
diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index d53d7cefd..9007dfc41 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -19,7 +19,7 @@ namespace Jellyfin.Api.Controllers;
 /// Configuration Controller.
 /// </summary>
 [Route("System")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ConfigurationController : BaseJellyfinApiController
 {
     private readonly IServerConfigurationManager _configurationManager;
diff --git a/Jellyfin.Api/Controllers/DashboardController.cs b/Jellyfin.Api/Controllers/DashboardController.cs
index f7e978bad..076084c7a 100644
--- a/Jellyfin.Api/Controllers/DashboardController.cs
+++ b/Jellyfin.Api/Controllers/DashboardController.cs
@@ -4,7 +4,6 @@ using System.IO;
 using System.Linq;
 using System.Net.Mime;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Models;
 using MediaBrowser.Common.Plugins;
 using MediaBrowser.Model.Net;
@@ -48,7 +47,7 @@ public class DashboardController : BaseJellyfinApiController
     [HttpGet("web/ConfigurationPages")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<IEnumerable<ConfigurationPageInfo>> GetConfigurationPages(
         [FromQuery] bool? enableInMainMenu)
     {
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 49d87a362..6f0006832 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -3,7 +3,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Common.Extensions;
@@ -19,7 +18,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Display Preferences Controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class DisplayPreferencesController : BaseJellyfinApiController
 {
     private readonly IDisplayPreferencesManager _displayPreferencesManager;
diff --git a/Jellyfin.Api/Controllers/DynamicHlsController.cs b/Jellyfin.Api/Controllers/DynamicHlsController.cs
index b68849171..4d8b4de24 100644
--- a/Jellyfin.Api/Controllers/DynamicHlsController.cs
+++ b/Jellyfin.Api/Controllers/DynamicHlsController.cs
@@ -9,7 +9,6 @@ using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.PlaybackDtos;
 using Jellyfin.Api.Models.StreamingDtos;
@@ -36,7 +35,7 @@ namespace Jellyfin.Api.Controllers;
 /// Dynamic hls controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class DynamicHlsController : BaseJellyfinApiController
 {
     private const string DefaultVodEncoderPreset = "veryfast";
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index 2378aada5..dd64ff903 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Dto;
@@ -18,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
 /// Filters controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class FilterController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/GenresController.cs b/Jellyfin.Api/Controllers/GenresController.cs
index 28ebe2047..711fb4aef 100644
--- a/Jellyfin.Api/Controllers/GenresController.cs
+++ b/Jellyfin.Api/Controllers/GenresController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// The genres controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class GenresController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
@@ -132,7 +131,7 @@ public class GenresController : BaseJellyfinApiController
         QueryResult<(BaseItem, ItemCounts)> result;
         if (parentItem is ICollectionFolder parentCollectionFolder
             && (string.Equals(parentCollectionFolder.CollectionType, CollectionType.Music, StringComparison.Ordinal)
-            || string.Equals(parentCollectionFolder.CollectionType, CollectionType.MusicVideos, StringComparison.Ordinal)))
+                || string.Equals(parentCollectionFolder.CollectionType, CollectionType.MusicVideos, StringComparison.Ordinal)))
         {
             result = _libraryManager.GetMusicGenres(query);
         }
diff --git a/Jellyfin.Api/Controllers/HlsSegmentController.cs b/Jellyfin.Api/Controllers/HlsSegmentController.cs
index 085115e1c..d7cec865e 100644
--- a/Jellyfin.Api/Controllers/HlsSegmentController.cs
+++ b/Jellyfin.Api/Controllers/HlsSegmentController.cs
@@ -4,7 +4,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using MediaBrowser.Common.Configuration;
 using MediaBrowser.Controller.Configuration;
@@ -80,7 +79,7 @@ public class HlsSegmentController : BaseJellyfinApiController
     /// <response code="200">Hls video playlist returned.</response>
     /// <returns>A <see cref="FileStreamResult"/> containing the playlist.</returns>
     [HttpGet("Videos/{itemId}/hls/{playlistId}/stream.m3u8")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesPlaylistFile]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "itemId", Justification = "Required for ServiceStack")]
@@ -106,7 +105,7 @@ public class HlsSegmentController : BaseJellyfinApiController
     /// <response code="204">Encoding stopped successfully.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
     [HttpDelete("Videos/ActiveEncodings")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult StopEncodingProcess(
         [FromQuery, Required] string deviceId,
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index cc824c65a..b2adb6a2d 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -88,7 +88,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Users/{userId}/Images/{imageType}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [AcceptsImageFile]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -137,7 +137,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Users/{userId}/Images/{imageType}/{index}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [AcceptsImageFile]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -186,7 +186,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Users/{userId}/Images/{imageType}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
@@ -230,7 +230,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Users/{userId}/Images/{imageType}/{index}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
@@ -432,7 +432,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The list of image infos on success, or <see cref="NotFoundResult"/> if item not found.</returns>
     [HttpGet("Items/{itemId}/Images")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<IEnumerable<ImageInfo>>> GetItemImageInfos([FromRoute, Required] Guid itemId)
@@ -1930,10 +1930,10 @@ public class ImageController : BaseJellyfinApiController
         }
 
         var responseHeaders = new Dictionary<string, string>
-            {
-                { "transferMode.dlna.org", "Interactive" },
-                { "realTimeInfo.dlna.org", "DLNA.ORG_TLAG=*" }
-            };
+        {
+            { "transferMode.dlna.org", "Interactive" },
+            { "realTimeInfo.dlna.org", "DLNA.ORG_TLAG=*" }
+        };
 
         if (!imageInfo.IsLocalFile && item is not null)
         {
diff --git a/Jellyfin.Api/Controllers/InstantMixController.cs b/Jellyfin.Api/Controllers/InstantMixController.cs
index 89592bade..43f09b49a 100644
--- a/Jellyfin.Api/Controllers/InstantMixController.cs
+++ b/Jellyfin.Api/Controllers/InstantMixController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
@@ -22,7 +21,7 @@ namespace Jellyfin.Api.Controllers;
 /// The instant mix controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class InstantMixController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/ItemLookupController.cs b/Jellyfin.Api/Controllers/ItemLookupController.cs
index c2ce4e67e..b030e74dd 100644
--- a/Jellyfin.Api/Controllers/ItemLookupController.cs
+++ b/Jellyfin.Api/Controllers/ItemLookupController.cs
@@ -23,7 +23,7 @@ namespace Jellyfin.Api.Controllers;
 /// Item lookup controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ItemLookupController : BaseJellyfinApiController
 {
     private readonly IProviderManager _providerManager;
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 134974dbe..97922d5db 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// The items controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ItemsController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 830f84849..e1ad87412 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -95,7 +95,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>A <see cref="FileStreamResult"/> with the original file.</returns>
     [HttpGet("Items/{itemId}/File")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     [ProducesFile("video/*", "audio/*")]
@@ -116,7 +116,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="200">Critic reviews returned.</response>
     /// <returns>The list of critic reviews.</returns>
     [HttpGet("Items/{itemId}/CriticReviews")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetCriticReviews()
@@ -134,7 +134,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The item theme songs.</returns>
     [HttpGet("Items/{itemId}/ThemeSongs")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<ThemeMediaResult> GetThemeSongs(
@@ -200,7 +200,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The item theme videos.</returns>
     [HttpGet("Items/{itemId}/ThemeVideos")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<ThemeMediaResult> GetThemeVideos(
@@ -266,7 +266,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The item theme videos.</returns>
     [HttpGet("Items/{itemId}/ThemeMedia")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<AllThemeMediaResult> GetThemeMedia(
         [FromRoute, Required] Guid itemId,
@@ -321,7 +321,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="401">Unauthorized access.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Items/{itemId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
     public ActionResult DeleteItem(Guid itemId)
@@ -350,7 +350,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="401">Unauthorized access.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Items")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
     public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
@@ -392,7 +392,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="200">Item counts returned.</response>
     /// <returns>Item counts.</returns>
     [HttpGet("Items/Counts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<ItemCounts> GetItemCounts(
         [FromQuery] Guid? userId,
@@ -426,7 +426,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>Item parents.</returns>
     [HttpGet("Items/{itemId}/Ancestors")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
@@ -509,7 +509,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Library/Series/Added", Name = "PostAddedSeries")]
     [HttpPost("Library/Series/Updated")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId)
     {
@@ -539,7 +539,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Library/Movies/Added", Name = "PostAddedMovies")]
     [HttpPost("Library/Movies/Updated")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult PostUpdatedMovies([FromQuery] string? tmdbId, [FromQuery] string? imdbId)
     {
@@ -580,7 +580,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="204">Report success.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Library/Media/Updated")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto dto)
     {
@@ -657,7 +657,7 @@ public class LibraryController : BaseJellyfinApiController
     [HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows")]
     [HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies")]
     [HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
         [FromRoute, Required] Guid itemId,
@@ -802,32 +802,32 @@ public class LibraryController : BaseJellyfinApiController
                 Type = type,
 
                 MetadataFetchers = plugins
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
-                .Select(i => new LibraryOptionInfoDto
-                {
-                    Name = i.Name,
-                    DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
-                })
-                .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray(),
+                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                    .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
+                    .Select(i => new LibraryOptionInfoDto
+                    {
+                        Name = i.Name,
+                        DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
+                    })
+                    .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray(),
 
                 ImageFetchers = plugins
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
-                .Select(i => new LibraryOptionInfoDto
-                {
-                    Name = i.Name,
-                    DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
-                })
-                .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray(),
+                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                    .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
+                    .Select(i => new LibraryOptionInfoDto
+                    {
+                        Name = i.Name,
+                        DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
+                    })
+                    .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray(),
 
                 SupportedImageTypes = plugins
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
-                .Distinct()
-                .ToArray(),
+                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                    .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
+                    .Distinct()
+                    .ToArray(),
 
                 DefaultImageOptions = defaultImageOptions ?? Array.Empty<ImageOption>()
             });
@@ -920,13 +920,13 @@ public class LibraryController : BaseJellyfinApiController
             if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
             {
                 return !(string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
-                     || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
-                     || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
+                         || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
+                         || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
             }
 
             return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
-               || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
-               || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
+                   || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
+                   || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
         }
 
         var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
@@ -934,7 +934,7 @@ public class LibraryController : BaseJellyfinApiController
             .ToArray();
 
         return metadataOptions.Length == 0
-           || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+               || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
     }
 
     private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 21b424346..c1f5d74cd 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -10,7 +10,6 @@ using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -95,7 +94,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Info")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<LiveTvInfo> GetLiveTvInfo()
     {
         return _liveTvManager.GetLiveTvInfo(CancellationToken.None);
@@ -131,7 +130,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Channels")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels(
         [FromQuery] ChannelType? type,
         [FromQuery] Guid? userId,
@@ -210,7 +209,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns>
     [HttpGet("Channels/{channelId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -251,7 +250,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
     [HttpGet("Recordings")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordings(
         [FromQuery] string? channelId,
         [FromQuery] Guid? userId,
@@ -322,7 +321,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
     [HttpGet("Recordings/Series")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
@@ -365,7 +364,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the recording groups.</returns>
     [HttpGet("Recordings/Groups")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId)
@@ -381,7 +380,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the recording folders.</returns>
     [HttpGet("Recordings/Folders")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -403,7 +402,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns>
     [HttpGet("Recordings/{recordingId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -425,7 +424,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Tuners/{tunerId}/Reset")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
     {
         await AssertUserCanManageLiveTv().ConfigureAwait(false);
@@ -443,7 +442,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers/{timerId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId)
     {
         return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false);
@@ -459,7 +458,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers/Defaults")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId)
     {
         return string.IsNullOrEmpty(programId)
@@ -479,7 +478,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers(
         [FromQuery] string? channelId,
         [FromQuery] string? seriesTimerId,
@@ -533,7 +532,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Programs")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms(
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds,
         [FromQuery] Guid? userId,
@@ -616,7 +615,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpPost("Programs")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body)
     {
         var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId);
@@ -682,7 +681,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Recommended epgs returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns>
     [HttpGet("Programs/Recommended")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms(
         [FromQuery] Guid? userId,
@@ -734,7 +733,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Program returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the livetv program.</returns>
     [HttpGet("Programs/{programId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<BaseItemDto>> GetProgram(
         [FromRoute, Required] string programId,
@@ -755,7 +754,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns>
     [HttpDelete("Recordings/{recordingId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
@@ -783,7 +782,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Timers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
     {
@@ -800,7 +799,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Timers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
@@ -817,7 +816,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer created.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Timers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
     {
@@ -834,7 +833,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="404">Series timer not found.</response>
     /// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns>
     [HttpGet("SeriesTimers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId)
@@ -856,7 +855,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Timers returned.</response>
     /// <returns>An <see cref="OkResult"/> of live tv series timers.</returns>
     [HttpGet("SeriesTimers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder)
     {
@@ -876,7 +875,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer cancelled.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("SeriesTimers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
     {
@@ -893,7 +892,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Series timer updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("SeriesTimers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
@@ -910,7 +909,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Series timer info created.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("SeriesTimers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
     {
@@ -925,7 +924,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <param name="groupId">Group id.</param>
     /// <returns>A <see cref="NotFoundResult"/>.</returns>
     [HttpGet("Recordings/Groups/{groupId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     [Obsolete("This endpoint is obsolete.")]
     public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId)
@@ -939,7 +938,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Guid info returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the guide info.</returns>
     [HttpGet("GuideInfo")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<GuideInfo> GetGuideInfo()
     {
@@ -953,7 +952,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created tuner host returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns>
     [HttpPost("TunerHosts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo)
     {
@@ -967,7 +966,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Tuner host deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("TunerHosts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult DeleteTunerHost([FromQuery] string? id)
     {
@@ -983,7 +982,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Default listings provider info returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns>
     [HttpGet("ListingProviders/Default")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<ListingsProviderInfo> GetDefaultListingProvider()
     {
@@ -1000,7 +999,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created listings provider returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns>
     [HttpPost("ListingProviders")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider(
@@ -1026,7 +1025,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Listing provider deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("ListingProviders")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult DeleteListingProvider([FromQuery] string? id)
     {
@@ -1044,7 +1043,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Available lineups returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the available lineups.</returns>
     [HttpGet("ListingProviders/Lineups")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups(
         [FromQuery] string? id,
@@ -1061,7 +1060,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Available countries returned.</response>
     /// <returns>A <see cref="FileResult"/> containing the available countries.</returns>
     [HttpGet("ListingProviders/SchedulesDirect/Countries")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesFile(MediaTypeNames.Application.Json)]
     public async Task<ActionResult> GetSchedulesDirectCountries()
@@ -1082,7 +1081,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Channel mapping options returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns>
     [HttpGet("ChannelMappingOptions")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId)
     {
@@ -1120,7 +1119,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created channel mapping returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns>
     [HttpPost("ChannelMappings")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto)
     {
@@ -1133,7 +1132,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Tuner host types returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns>
     [HttpGet("TunerHosts/Types")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes()
     {
@@ -1148,7 +1147,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the tuners.</returns>
     [HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")]
     [HttpGet("Tuners/Discover")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false)
     {
diff --git a/Jellyfin.Api/Controllers/MediaInfoController.cs b/Jellyfin.Api/Controllers/MediaInfoController.cs
index eee7df3af..ea10dd771 100644
--- a/Jellyfin.Api/Controllers/MediaInfoController.cs
+++ b/Jellyfin.Api/Controllers/MediaInfoController.cs
@@ -5,7 +5,6 @@ using System.Linq;
 using System.Net.Mime;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.MediaInfoDtos;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// The media info controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class MediaInfoController : BaseJellyfinApiController
 {
     private readonly IMediaSourceManager _mediaSourceManager;
diff --git a/Jellyfin.Api/Controllers/MoviesController.cs b/Jellyfin.Api/Controllers/MoviesController.cs
index 4c30dd2b3..a9336f6d2 100644
--- a/Jellyfin.Api/Controllers/MoviesController.cs
+++ b/Jellyfin.Api/Controllers/MoviesController.cs
@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Movies controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class MoviesController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/MusicGenresController.cs b/Jellyfin.Api/Controllers/MusicGenresController.cs
index 302f138eb..da1a6e832 100644
--- a/Jellyfin.Api/Controllers/MusicGenresController.cs
+++ b/Jellyfin.Api/Controllers/MusicGenresController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// The music genres controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class MusicGenresController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 3cb3caadb..0ba5e995f 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -17,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
 /// Package Controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PackageController : BaseJellyfinApiController
 {
     private readonly IInstallationManager _installationManager;
diff --git a/Jellyfin.Api/Controllers/PersonsController.cs b/Jellyfin.Api/Controllers/PersonsController.cs
index 9fb6da527..5310f50b1 100644
--- a/Jellyfin.Api/Controllers/PersonsController.cs
+++ b/Jellyfin.Api/Controllers/PersonsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
@@ -20,7 +19,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Persons controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PersonsController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index 11e589301..79c0d3c7b 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -4,7 +4,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.PlaylistDtos;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Playlists controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PlaylistsController : BaseJellyfinApiController
 {
     private readonly IPlaylistManager _playlistManager;
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index 18d6ebf1e..11f3ddbb0 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -2,7 +2,6 @@ using System;
 using System.ComponentModel.DataAnnotations;
 using System.Diagnostics.CodeAnalysis;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// Playstate controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PlaystateController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index 5a037d7a6..4726cf066 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -21,7 +21,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Plugins controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PluginsController : BaseJellyfinApiController
 {
     private readonly IInstallationManager _installationManager;
diff --git a/Jellyfin.Api/Controllers/QuickConnectController.cs b/Jellyfin.Api/Controllers/QuickConnectController.cs
index a58e85b2b..503b9d372 100644
--- a/Jellyfin.Api/Controllers/QuickConnectController.cs
+++ b/Jellyfin.Api/Controllers/QuickConnectController.cs
@@ -111,7 +111,7 @@ public class QuickConnectController : BaseJellyfinApiController
     /// <response code="403">Unknown user id.</response>
     /// <returns>Boolean indicating if the authorization was successful.</returns>
     [HttpPost("Authorize")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
index 445c5594f..5c77db240 100644
--- a/Jellyfin.Api/Controllers/RemoteImageController.cs
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -56,7 +56,7 @@ public class RemoteImageController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>Remote Image Result.</returns>
     [HttpGet("Items/{itemId}/RemoteImages")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<RemoteImageResult>> GetRemoteImages(
@@ -121,7 +121,7 @@ public class RemoteImageController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>List of remote image providers.</returns>
     [HttpGet("Items/{itemId}/RemoteImages/Providers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute, Required] Guid itemId)
diff --git a/Jellyfin.Api/Controllers/SearchController.cs b/Jellyfin.Api/Controllers/SearchController.cs
index 46b4920ca..a25b43345 100644
--- a/Jellyfin.Api/Controllers/SearchController.cs
+++ b/Jellyfin.Api/Controllers/SearchController.cs
@@ -3,7 +3,6 @@ using System.ComponentModel;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using Jellyfin.Extensions;
@@ -26,7 +25,7 @@ namespace Jellyfin.Api.Controllers;
 /// Search controller.
 /// </summary>
 [Route("Search/Hints")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class SearchController : BaseJellyfinApiController
 {
     private readonly ISearchEngine _searchEngine;
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index ef3364478..bae8e0a49 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -56,7 +56,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="200">List of sessions returned.</response>
     /// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
     [HttpGet("Sessions")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<SessionInfo>> GetSessions(
         [FromQuery] Guid? controllableByUserId,
@@ -119,7 +119,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Instruction sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Viewing")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> DisplayContent(
         [FromRoute, Required] string sessionId,
@@ -158,7 +158,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Instruction sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Playing")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> Play(
         [FromRoute, Required] string sessionId,
@@ -201,7 +201,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Playstate command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Playing/{command}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendPlaystateCommand(
         [FromRoute, Required] string sessionId,
@@ -232,7 +232,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">System command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/System/{command}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendSystemCommand(
         [FromRoute, Required] string sessionId,
@@ -258,7 +258,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">General command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Command/{command}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendGeneralCommand(
         [FromRoute, Required] string sessionId,
@@ -286,7 +286,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Full general command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Command")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendFullGeneralCommand(
         [FromRoute, Required] string sessionId,
@@ -316,7 +316,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Message sent.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Message")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendMessageCommand(
         [FromRoute, Required] string sessionId,
@@ -345,7 +345,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">User added to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/User/{userId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult AddUserToSession(
         [FromRoute, Required] string sessionId,
@@ -363,7 +363,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">User removed from session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Sessions/{sessionId}/User/{userId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult RemoveUserFromSession(
         [FromRoute, Required] string sessionId,
@@ -385,7 +385,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Capabilities posted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Capabilities")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> PostCapabilities(
         [FromQuery] string? id,
@@ -419,7 +419,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Capabilities updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Capabilities/Full")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> PostFullCapabilities(
         [FromQuery] string? id,
@@ -443,7 +443,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Session reported to server.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Viewing")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> ReportViewing(
         [FromQuery] string? sessionId,
@@ -461,7 +461,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Session end reported to server.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Logout")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> ReportSessionEnded()
     {
diff --git a/Jellyfin.Api/Controllers/StudiosController.cs b/Jellyfin.Api/Controllers/StudiosController.cs
index 799be2ae8..21965e956 100644
--- a/Jellyfin.Api/Controllers/StudiosController.cs
+++ b/Jellyfin.Api/Controllers/StudiosController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.ComponentModel.DataAnnotations;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -21,7 +20,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Studios controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class StudiosController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index fd0a71f9e..e38421338 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -114,7 +114,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Subtitles retrieved.</response>
     /// <returns>An array of <see cref="RemoteSubtitleInfo"/>.</returns>
     [HttpGet("Items/{itemId}/RemoteSearch/Subtitles/{language}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
         [FromRoute, Required] Guid itemId,
@@ -134,7 +134,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="204">Subtitle downloaded.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Items/{itemId}/RemoteSearch/Subtitles/{subtitleId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> DownloadRemoteSubtitles(
         [FromRoute, Required] Guid itemId,
@@ -164,7 +164,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">File returned.</response>
     /// <returns>A <see cref="FileStreamResult"/> with the subtitle file.</returns>
     [HttpGet("Providers/Subtitles/Subtitles/{id}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [Produces(MediaTypeNames.Application.Octet)]
     [ProducesFile("text/*")]
@@ -322,7 +322,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Subtitle playlist retrieved.</response>
     /// <returns>A <see cref="FileContentResult"/> with the HLS subtitle playlist.</returns>
     [HttpGet("Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesPlaylistFile]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
@@ -463,7 +463,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Information retrieved.</response>
     /// <returns>An array of <see cref="FontFile"/> with the available font files.</returns>
     [HttpGet("FallbackFont/Fonts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public IEnumerable<FontFile> GetFallbackFontList()
     {
@@ -514,7 +514,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Fallback font file retrieved.</response>
     /// <returns>The fallback font file.</returns>
     [HttpGet("FallbackFont/Fonts/{name}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesFile("font/*")]
     public ActionResult GetFallbackFont([FromRoute, Required] string name)
diff --git a/Jellyfin.Api/Controllers/SuggestionsController.cs b/Jellyfin.Api/Controllers/SuggestionsController.cs
index c5c429757..5b808f257 100644
--- a/Jellyfin.Api/Controllers/SuggestionsController.cs
+++ b/Jellyfin.Api/Controllers/SuggestionsController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.ComponentModel.DataAnnotations;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -19,7 +18,7 @@ namespace Jellyfin.Api.Controllers;
 /// The suggestions controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class SuggestionsController : BaseJellyfinApiController
 {
     private readonly IDtoService _dtoService;
diff --git a/Jellyfin.Api/Controllers/SystemController.cs b/Jellyfin.Api/Controllers/SystemController.cs
index b0b2e2d6d..4ab705f40 100644
--- a/Jellyfin.Api/Controllers/SystemController.cs
+++ b/Jellyfin.Api/Controllers/SystemController.cs
@@ -172,7 +172,7 @@ public class SystemController : BaseJellyfinApiController
     /// <response code="200">Information retrieved.</response>
     /// <returns><see cref="EndPointInfo"/> with information about the endpoint.</returns>
     [HttpGet("Endpoint")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<EndPointInfo> GetEndpointInfo()
     {
@@ -210,7 +210,7 @@ public class SystemController : BaseJellyfinApiController
     /// <response code="200">Information retrieved.</response>
     /// <returns>An <see cref="IEnumerable{WakeOnLanInfo}"/> with the WakeOnLan infos.</returns>
     [HttpGet("WakeOnLanInfo")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<WakeOnLanInfo>> GetWakeOnLanInfo()
diff --git a/Jellyfin.Api/Controllers/TrailersController.cs b/Jellyfin.Api/Controllers/TrailersController.cs
index 115efcd8f..b5b640620 100644
--- a/Jellyfin.Api/Controllers/TrailersController.cs
+++ b/Jellyfin.Api/Controllers/TrailersController.cs
@@ -1,5 +1,4 @@
 using System;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Model.Dto;
@@ -14,7 +13,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// The trailers controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class TrailersController : BaseJellyfinApiController
 {
     private readonly ItemsController _itemsController;
diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs
index 2be32095e..b0760f97c 100644
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// The tv shows controller.
 /// </summary>
 [Route("Shows")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class TvShowsController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/UniversalAudioController.cs b/Jellyfin.Api/Controllers/UniversalAudioController.cs
index 6946caa2b..345521597 100644
--- a/Jellyfin.Api/Controllers/UniversalAudioController.cs
+++ b/Jellyfin.Api/Controllers/UniversalAudioController.cs
@@ -5,7 +5,6 @@ using System.Globalization;
 using System.Linq;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -82,7 +81,7 @@ public class UniversalAudioController : BaseJellyfinApiController
     /// <returns>A <see cref="Task"/> containing the audio file.</returns>
     [HttpGet("Audio/{itemId}/universal")]
     [HttpHead("Audio/{itemId}/universal", Name = "HeadUniversalAudioStream")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status302Found)]
     [ProducesAudioFile]
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 7f184f31e..d9ea96f2d 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -81,7 +81,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="200">Users returned.</response>
     /// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
     [HttpGet]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<UserDto>> GetUsers(
         [FromQuery] bool? isHidden,
@@ -251,7 +251,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="404">User not found.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
     [HttpPost("{userId}/Password")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -312,7 +312,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="404">User not found.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
     [HttpPost("{userId}/EasyPassword")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -354,7 +354,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="403">User update forbidden.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
     [HttpPost("{userId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status400BadRequest)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -440,7 +440,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="403">User configuration update forbidden.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
     [HttpPost("{userId}/Configuration")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     public async Task<ActionResult> UpdateUserConfiguration(
@@ -526,7 +526,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="400">Token is not owned by a user.</response>
     /// <returns>A <see cref="UserDto"/> for the authenticated user.</returns>
     [HttpGet("Me")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status400BadRequest)]
     public ActionResult<UserDto> GetCurrentUser()
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 556cf3894..93312b817 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -4,7 +4,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -28,7 +27,7 @@ namespace Jellyfin.Api.Controllers;
 /// User library controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class UserLibraryController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/UserViewsController.cs b/Jellyfin.Api/Controllers/UserViewsController.cs
index aa7ba8891..838b43234 100644
--- a/Jellyfin.Api/Controllers/UserViewsController.cs
+++ b/Jellyfin.Api/Controllers/UserViewsController.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.UserViewDtos;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// User views controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class UserViewsController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 01a319879..929999196 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -100,7 +100,7 @@ public class VideosController : BaseJellyfinApiController
     /// <response code="200">Additional parts returned.</response>
     /// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns>
     [HttpGet("{itemId}/AdditionalParts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
     {
diff --git a/Jellyfin.Api/Controllers/YearsController.cs b/Jellyfin.Api/Controllers/YearsController.cs
index 2e5fdc146..def37cb97 100644
--- a/Jellyfin.Api/Controllers/YearsController.cs
+++ b/Jellyfin.Api/Controllers/YearsController.cs
@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -24,7 +23,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Years controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class YearsController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs b/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs
index 7b05351e3..9c2194faf 100644
--- a/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs
+++ b/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs
@@ -1,6 +1,6 @@
-using System.Net;
 using System.Threading.Tasks;
 using Jellyfin.Networking.Configuration;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Configuration;
 using Microsoft.AspNetCore.Http;
@@ -32,9 +32,14 @@ public class LanFilteringMiddleware
     /// <returns>The async task.</returns>
     public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
     {
-        var host = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
+        if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
+        {
+            await _next(httpContext).ConfigureAwait(false);
+            return;
+        }
 
-        if (!networkManager.IsInLocalNetwork(host) && !serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
+        var host = httpContext.GetNormalizedRemoteIp();
+        if (!networkManager.IsInLocalNetwork(host))
         {
             return;
         }
diff --git a/Jellyfin.Data/DayOfWeekHelper.cs b/Jellyfin.Data/DayOfWeekHelper.cs
index b7ba30180..d1ce8185f 100644
--- a/Jellyfin.Data/DayOfWeekHelper.cs
+++ b/Jellyfin.Data/DayOfWeekHelper.cs
@@ -17,5 +17,16 @@ namespace Jellyfin.Data
                 _ => new[] { (DayOfWeek)day }
             };
         }
+
+        public static bool Contains(this DynamicDayOfWeek dynamicDayOfWeek, DayOfWeek dayOfWeek)
+        {
+            return dynamicDayOfWeek switch
+            {
+                DynamicDayOfWeek.Everyday => true,
+                DynamicDayOfWeek.Weekday => dayOfWeek is > DayOfWeek.Sunday and <= DayOfWeek.Friday,
+                DynamicDayOfWeek.Weekend => dayOfWeek is DayOfWeek.Saturday or DayOfWeek.Sunday,
+                _ => (DayOfWeek)dynamicDayOfWeek == dayOfWeek
+            };
+        }
     }
 }
diff --git a/Jellyfin.Data/Entities/User.cs b/Jellyfin.Data/Entities/User.cs
index eb59e70f3..4ce581749 100644
--- a/Jellyfin.Data/Entities/User.cs
+++ b/Jellyfin.Data/Entities/User.cs
@@ -525,8 +525,9 @@ namespace Jellyfin.Data.Entities
         {
             var localTime = date.ToLocalTime();
             var hour = localTime.TimeOfDay.TotalHours;
+            var currentDayOfWeek = localTime.DayOfWeek;
 
-            return DayOfWeekHelper.GetDaysOfWeek(schedule.DayOfWeek).Contains(localTime.DayOfWeek)
+            return schedule.DayOfWeek.Contains(currentDayOfWeek)
                    && hour >= schedule.StartHour
                    && hour <= schedule.EndHour;
         }
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index e9af1cf83..e2dcaf5f5 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -5,19 +5,15 @@ using System.Linq;
 using System.Net;
 using System.Net.Sockets;
 using System.Reflection;
+using System.Security.Claims;
 using Emby.Server.Implementations;
 using Jellyfin.Api.Auth;
 using Jellyfin.Api.Auth.AnonymousLanAccessPolicy;
 using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Auth.DownloadPolicy;
-using Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy;
-using Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy;
-using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
-using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
-using Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy;
-using Jellyfin.Api.Auth.LocalAccessPolicy;
-using Jellyfin.Api.Auth.RequiresElevationPolicy;
+using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
 using Jellyfin.Api.Auth.SyncPlayAccessPolicy;
+using Jellyfin.Api.Auth.UserPermissionPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Controllers;
 using Jellyfin.Api.Formatters;
@@ -56,117 +52,34 @@ namespace Jellyfin.Server.Extensions
         /// <returns>The updated service collection.</returns>
         public static IServiceCollection AddJellyfinApiAuthorization(this IServiceCollection serviceCollection)
         {
+            // The default handler must be first so that it is evaluated first
             serviceCollection.AddSingleton<IAuthorizationHandler, DefaultAuthorizationHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, DownloadHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrDefaultHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeOrIgnoreParentalControlSetupHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, UserPermissionHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, AnonymousLanAccessHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessOrRequiresElevationHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, SyncPlayAccessHandler>();
+
             return serviceCollection.AddAuthorizationCore(options =>
             {
-                options.AddPolicy(
-                    Policies.DefaultAuthorization,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new DefaultAuthorizationRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.Download,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new DownloadRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.FirstTimeSetupOrDefault,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new FirstTimeSetupOrDefaultRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.FirstTimeSetupOrElevated,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.IgnoreParentalControl,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new IgnoreParentalControlRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.FirstTimeSetupOrIgnoreParentalControl,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new FirstTimeOrIgnoreParentalControlSetupRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.LocalAccessOnly,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new LocalAccessRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.LocalAccessOrRequiresElevation,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new LocalAccessOrRequiresElevationRequirement());
-                    });
+                options.DefaultPolicy = new AuthorizationPolicyBuilder()
+                    .AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
+                    .RequireAuthenticatedUser()
+                    .Build();
+
+                options.AddPolicy(Policies.Download, new UserPermissionRequirement(PermissionKind.EnableContentDownloading));
+                options.AddPolicy(Policies.FirstTimeSetupOrDefault, new FirstTimeSetupRequirement());
+                options.AddPolicy(Policies.FirstTimeSetupOrElevated, new FirstTimeSetupRequirement(requireAdmin: true));
+                options.AddPolicy(Policies.FirstTimeSetupOrIgnoreParentalControl, new FirstTimeSetupRequirement(validateParentalSchedule: false));
+                options.AddPolicy(Policies.IgnoreParentalControl, new DefaultAuthorizationRequirement(validateParentalSchedule: false));
+                options.AddPolicy(Policies.SyncPlayHasAccess, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.HasAccess));
+                options.AddPolicy(Policies.SyncPlayCreateGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
+                options.AddPolicy(Policies.SyncPlayJoinGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
+                options.AddPolicy(Policies.SyncPlayIsInGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
+                options.AddPolicy(Policies.AnonymousLanAccessPolicy, new AnonymousLanAccessRequirement());
                 options.AddPolicy(
                     Policies.RequiresElevation,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new RequiresElevationRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayHasAccess,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.HasAccess));
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayCreateGroup,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayJoinGroup,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayIsInGroup,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
-                    });
-                options.AddPolicy(
-                    Policies.AnonymousLanAccessPolicy,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new AnonymousLanAccessRequirement());
-                    });
+                    policy => policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
+                        .RequireClaim(ClaimTypes.Role, UserRoles.Administrator));
             });
         }
 
@@ -334,6 +247,14 @@ namespace Jellyfin.Server.Extensions
             });
         }
 
+        private static void AddPolicy(this AuthorizationOptions authorizationOptions, string policyName, IAuthorizationRequirement authorizationRequirement)
+        {
+            authorizationOptions.AddPolicy(policyName, policy =>
+            {
+                policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication).AddRequirements(authorizationRequirement);
+            });
+        }
+
         /// <summary>
         /// Sets up the proxy configuration based on the addresses in <paramref name="allowedProxies"/>.
         /// </summary>
diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs
deleted file mode 100644
index ee42216e4..000000000
--- a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs
+++ /dev/null
@@ -1,71 +0,0 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using AutoFixture;
-using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Moq;
-using Xunit;
-
-namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy
-{
-    public class FirstTimeSetupOrElevatedHandlerTests
-    {
-        private readonly Mock<IConfigurationManager> _configurationManagerMock;
-        private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly FirstTimeSetupOrElevatedHandler _sut;
-        private readonly Mock<IUserManager> _userManagerMock;
-        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
-
-        public FirstTimeSetupOrElevatedHandlerTests()
-        {
-            var fixture = new Fixture().Customize(new AutoMoqCustomization());
-            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new FirstTimeSetupOrElevatedRequirement() };
-            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
-            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
-
-            _sut = fixture.Create<FirstTimeSetupOrElevatedHandler>();
-        }
-
-        [Theory]
-        [InlineData(UserRoles.Administrator)]
-        [InlineData(UserRoles.Guest)]
-        [InlineData(UserRoles.User)]
-        public async Task ShouldSucceedIfStartupWizardIncomplete(string userRole)
-        {
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, false);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                userRole);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-
-            await _sut.HandleAsync(context);
-            Assert.True(context.HasSucceeded);
-        }
-
-        [Theory]
-        [InlineData(UserRoles.Administrator, true)]
-        [InlineData(UserRoles.Guest, false)]
-        [InlineData(UserRoles.User, false)]
-        public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
-        {
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                userRole);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-
-            await _sut.HandleAsync(context);
-            Assert.Equal(shouldSucceed, context.HasSucceeded);
-        }
-    }
-}
diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
new file mode 100644
index 000000000..6669a6689
--- /dev/null
+++ b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
@@ -0,0 +1,72 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using AutoFixture;
+using AutoFixture.AutoMoq;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
+using Jellyfin.Api.Constants;
+using MediaBrowser.Common.Configuration;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Moq;
+using Xunit;
+
+namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
+{
+    public class FirstTimeSetupHandlerTests
+    {
+        private readonly Mock<IConfigurationManager> _configurationManagerMock;
+        private readonly List<IAuthorizationRequirement> _requirements;
+        private readonly FirstTimeSetupHandler _firstTimeSetupHandler;
+        private readonly Mock<IUserManager> _userManagerMock;
+        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
+
+        public FirstTimeSetupHandlerTests()
+        {
+            var fixture = new Fixture().Customize(new AutoMoqCustomization());
+            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
+            _requirements = new List<IAuthorizationRequirement> { new FirstTimeSetupRequirement() };
+            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
+            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
+
+            _firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>();
+        }
+
+        [Theory]
+        [InlineData(UserRoles.Administrator)]
+        [InlineData(UserRoles.Guest)]
+        [InlineData(UserRoles.User)]
+        public async Task ShouldSucceedIfStartupWizardIncomplete(string userRole)
+        {
+            TestHelpers.SetupConfigurationManager(_configurationManagerMock, false);
+            var claims = TestHelpers.SetupUser(
+                _userManagerMock,
+                _httpContextAccessor,
+                userRole);
+
+            var context = new AuthorizationHandlerContext(_requirements, claims, null);
+
+            await _firstTimeSetupHandler.HandleAsync(context);
+            Assert.True(context.HasSucceeded);
+        }
+
+        [Theory]
+        [InlineData(UserRoles.Administrator, true)]
+        [InlineData(UserRoles.Guest, false)]
+        [InlineData(UserRoles.User, false)]
+        public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
+        {
+            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
+            var claims = TestHelpers.SetupUser(
+                _userManagerMock,
+                _httpContextAccessor,
+                userRole);
+
+            var context = new AuthorizationHandlerContext(_requirements, claims, null);
+
+            await _firstTimeSetupHandler.HandleAsync(context);
+            Assert.Equal(shouldSucceed, context.HasSucceeded);
+        }
+    }
+}
diff --git a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
index 7150c90bb..9cf8f8548 100644
--- a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
@@ -3,7 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using AutoFixture;
 using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
     {
         private readonly Mock<IConfigurationManager> _configurationManagerMock;
         private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly IgnoreParentalControlHandler _sut;
+        private readonly DefaultAuthorizationHandler _sut;
         private readonly Mock<IUserManager> _userManagerMock;
         private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
 
@@ -33,11 +33,11 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
         {
             var fixture = new Fixture().Customize(new AutoMoqCustomization());
             _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new IgnoreParentalControlRequirement() };
+            _requirements = new List<IAuthorizationRequirement> { new DefaultAuthorizationRequirement(validateParentalSchedule: false) };
             _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
             _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
 
-            _sut = fixture.Create<IgnoreParentalControlHandler>();
+            _sut = fixture.Create<DefaultAuthorizationHandler>();
         }
 
         [Theory]
diff --git a/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs
deleted file mode 100644
index 5b3d784ff..000000000
--- a/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-using System.Collections.Generic;
-using System.Net;
-using System.Threading.Tasks;
-using AutoFixture;
-using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.LocalAccessPolicy;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Moq;
-using Xunit;
-
-namespace Jellyfin.Api.Tests.Auth.LocalAccessPolicy
-{
-    public class LocalAccessHandlerTests
-    {
-        private readonly Mock<IConfigurationManager> _configurationManagerMock;
-        private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly LocalAccessHandler _sut;
-        private readonly Mock<IUserManager> _userManagerMock;
-        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
-        private readonly Mock<INetworkManager> _networkManagerMock;
-
-        public LocalAccessHandlerTests()
-        {
-            var fixture = new Fixture().Customize(new AutoMoqCustomization());
-            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new LocalAccessRequirement() };
-            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
-            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
-            _networkManagerMock = fixture.Freeze<Mock<INetworkManager>>();
-
-            _sut = fixture.Create<LocalAccessHandler>();
-        }
-
-        [Theory]
-        [InlineData(true, true)]
-        [InlineData(false, false)]
-        public async Task LocalAccessOnly(bool isInLocalNetwork, bool shouldSucceed)
-        {
-            _networkManagerMock
-                .Setup(n => n.IsInLocalNetwork(It.IsAny<IPAddress>()))
-                .Returns(isInLocalNetwork);
-
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                UserRoles.User);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-            await _sut.HandleAsync(context);
-            Assert.Equal(shouldSucceed, context.HasSucceeded);
-        }
-    }
-}
diff --git a/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs
deleted file mode 100644
index ffe88fcde..000000000
--- a/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs
+++ /dev/null
@@ -1,53 +0,0 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using AutoFixture;
-using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.RequiresElevationPolicy;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Moq;
-using Xunit;
-
-namespace Jellyfin.Api.Tests.Auth.RequiresElevationPolicy
-{
-    public class RequiresElevationHandlerTests
-    {
-        private readonly Mock<IConfigurationManager> _configurationManagerMock;
-        private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly RequiresElevationHandler _sut;
-        private readonly Mock<IUserManager> _userManagerMock;
-        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
-
-        public RequiresElevationHandlerTests()
-        {
-            var fixture = new Fixture().Customize(new AutoMoqCustomization());
-            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new RequiresElevationRequirement() };
-            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
-            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
-
-            _sut = fixture.Create<RequiresElevationHandler>();
-        }
-
-        [Theory]
-        [InlineData(UserRoles.Administrator, true)]
-        [InlineData(UserRoles.User, false)]
-        [InlineData(UserRoles.Guest, false)]
-        public async Task ShouldHandleRolesCorrectly(string role, bool shouldSucceed)
-        {
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                role);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-
-            await _sut.HandleAsync(context);
-            Assert.Equal(shouldSucceed, context.HasSucceeded);
-        }
-    }
-}
-- 
cgit v1.2.3


From a527034ebe31e1aa43c5fd4adb98e8cff871988a Mon Sep 17 00:00:00 2001
From: Cody Robibero <cody@robibe.ro>
Date: Fri, 17 Feb 2023 15:16:08 -0700
Subject: Validate requested user id (#8812)

---
 Jellyfin.Api/Controllers/ArtistsController.cs      |  9 ++-
 Jellyfin.Api/Controllers/ChannelsController.cs     |  9 ++-
 Jellyfin.Api/Controllers/DevicesController.cs      |  2 +
 Jellyfin.Api/Controllers/FilterController.cs       |  8 ++-
 Jellyfin.Api/Controllers/GenresController.cs       |  6 +-
 Jellyfin.Api/Controllers/InstantMixController.cs   | 22 ++++--
 Jellyfin.Api/Controllers/ItemsController.cs        |  3 +-
 Jellyfin.Api/Controllers/LibraryController.cs      | 22 +++---
 Jellyfin.Api/Controllers/LiveTvController.cs       | 26 ++++---
 Jellyfin.Api/Controllers/MediaInfoController.cs    |  5 +-
 Jellyfin.Api/Controllers/MoviesController.cs       |  4 +-
 Jellyfin.Api/Controllers/MusicGenresController.cs  |  6 +-
 Jellyfin.Api/Controllers/PersonsController.cs      |  7 +-
 Jellyfin.Api/Controllers/PlaylistsController.cs    |  8 ++-
 Jellyfin.Api/Controllers/QuickConnectController.cs | 11 +--
 Jellyfin.Api/Controllers/SearchController.cs       |  5 +-
 Jellyfin.Api/Controllers/StudiosController.cs      |  6 +-
 Jellyfin.Api/Controllers/TvShowsController.cs      | 15 ++--
 .../Controllers/UniversalAudioController.cs        |  6 +-
 Jellyfin.Api/Controllers/VideosController.cs       |  5 +-
 Jellyfin.Api/Controllers/YearsController.cs        |  6 +-
 Jellyfin.Api/Helpers/RequestHelpers.cs             | 27 ++++++++
 .../Helpers/RequestHelpersTests.cs                 | 80 ++++++++++++++++++++++
 .../Controllers/ItemsControllerTests.cs            |  4 +-
 24 files changed, 232 insertions(+), 70 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Controllers/ArtistsController.cs b/Jellyfin.Api/Controllers/ArtistsController.cs
index 11933fd97..c9d2f67f9 100644
--- a/Jellyfin.Api/Controllers/ArtistsController.cs
+++ b/Jellyfin.Api/Controllers/ArtistsController.cs
@@ -118,6 +118,7 @@ public class ArtistsController : BaseJellyfinApiController
         [FromQuery] bool? enableImages = true,
         [FromQuery] bool enableTotalRecordCount = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -125,7 +126,7 @@ public class ArtistsController : BaseJellyfinApiController
         User? user = null;
         BaseItem parentItem = _libraryManager.GetParentItem(parentId, userId);
 
-        if (userId.HasValue && !userId.Equals(default))
+        if (!userId.Value.Equals(default))
         {
             user = _userManager.GetUserById(userId.Value);
         }
@@ -321,6 +322,7 @@ public class ArtistsController : BaseJellyfinApiController
         [FromQuery] bool? enableImages = true,
         [FromQuery] bool enableTotalRecordCount = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -328,7 +330,7 @@ public class ArtistsController : BaseJellyfinApiController
         User? user = null;
         BaseItem parentItem = _libraryManager.GetParentItem(parentId, userId);
 
-        if (userId.HasValue && !userId.Equals(default))
+        if (!userId.Value.Equals(default))
         {
             user = _userManager.GetUserById(userId.Value);
         }
@@ -462,11 +464,12 @@ public class ArtistsController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<BaseItemDto> GetArtistByName([FromRoute, Required] string name, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
         var item = _libraryManager.GetArtist(name, dtoOptions);
 
-        if (userId.HasValue && !userId.Value.Equals(default))
+        if (!userId.Value.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/ChannelsController.cs b/Jellyfin.Api/Controllers/ChannelsController.cs
index 42f072f66..b5c4d8346 100644
--- a/Jellyfin.Api/Controllers/ChannelsController.cs
+++ b/Jellyfin.Api/Controllers/ChannelsController.cs
@@ -60,11 +60,12 @@ public class ChannelsController : BaseJellyfinApiController
         [FromQuery] bool? supportsMediaDeletion,
         [FromQuery] bool? isFavorite)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         return _channelManager.GetChannels(new ChannelQuery
         {
             Limit = limit,
             StartIndex = startIndex,
-            UserId = userId ?? Guid.Empty,
+            UserId = userId.Value,
             SupportsLatestItems = supportsLatestItems,
             SupportsMediaDeletion = supportsMediaDeletion,
             IsFavorite = isFavorite
@@ -124,7 +125,8 @@ public class ChannelsController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] sortBy,
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -198,7 +200,8 @@ public class ChannelsController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 497862236..aa0dff212 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -2,6 +2,7 @@ using System;
 using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Dtos;
 using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Queries;
@@ -48,6 +49,7 @@ public class DevicesController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<DeviceInfo>>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         return await _deviceManager.GetDevicesForUser(userId, supportsSync).ConfigureAwait(false);
     }
 
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index dd64ff903..dac07429f 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,5 +1,7 @@
 using System;
 using System.Linq;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Dto;
@@ -51,7 +53,8 @@ public class FilterController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] BaseItemKind[] includeItemTypes,
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] mediaTypes)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -143,7 +146,8 @@ public class FilterController : BaseJellyfinApiController
         [FromQuery] bool? isSeries,
         [FromQuery] bool? recursive)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/GenresController.cs b/Jellyfin.Api/Controllers/GenresController.cs
index 711fb4aef..eb03b514c 100644
--- a/Jellyfin.Api/Controllers/GenresController.cs
+++ b/Jellyfin.Api/Controllers/GenresController.cs
@@ -90,11 +90,12 @@ public class GenresController : BaseJellyfinApiController
         [FromQuery] bool? enableImages = true,
         [FromQuery] bool enableTotalRecordCount = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, false, imageTypeLimit, enableImageTypes);
 
-        User? user = userId is null || userId.Value.Equals(default)
+        User? user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -155,6 +156,7 @@ public class GenresController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<BaseItemDto> GetGenre([FromRoute, Required] string genreName, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions()
             .AddClientFields(User);
 
@@ -170,7 +172,7 @@ public class GenresController : BaseJellyfinApiController
 
         item ??= new Genre();
 
-        if (userId is null || userId.Value.Equals(default))
+        if (userId.Value.Equals(default))
         {
             return _dtoService.GetBaseItemDto(item, dtoOptions);
         }
diff --git a/Jellyfin.Api/Controllers/InstantMixController.cs b/Jellyfin.Api/Controllers/InstantMixController.cs
index 43f09b49a..4dc2a4253 100644
--- a/Jellyfin.Api/Controllers/InstantMixController.cs
+++ b/Jellyfin.Api/Controllers/InstantMixController.cs
@@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
 using MediaBrowser.Controller.Dto;
@@ -74,7 +75,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
         var item = _libraryManager.GetItemById(id);
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
@@ -110,7 +112,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
         var album = _libraryManager.GetItemById(id);
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
@@ -146,7 +149,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
         var playlist = (Playlist)_libraryManager.GetItemById(id);
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
@@ -181,7 +185,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery] int? imageTypeLimit,
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
@@ -217,7 +222,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
         var item = _libraryManager.GetItemById(id);
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
@@ -253,7 +259,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
         var item = _libraryManager.GetItemById(id);
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
@@ -326,7 +333,8 @@ public class InstantMixController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes)
     {
         var item = _libraryManager.GetItemById(id);
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 99366e80c..728e62810 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -240,7 +240,8 @@ public class ItemsController : BaseJellyfinApiController
     {
         var isApiKey = User.GetIsApiKey();
         // if api key is used (auth.IsApiKey == true), then `user` will be null throughout this method
-        var user = !isApiKey && userId.HasValue && !userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = !isApiKey && !userId.Value.Equals(default)
             ? _userManager.GetUserById(userId.Value) ?? throw new ResourceNotFoundException()
             : null;
 
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index e8b68c7c3..bf59febed 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -9,6 +9,7 @@ using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.LibraryDtos;
 using Jellyfin.Data.Entities;
@@ -142,12 +143,13 @@ public class LibraryController : BaseJellyfinApiController
         [FromQuery] Guid? userId,
         [FromQuery] bool inheritFromParent = false)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
         var item = itemId.Equals(default)
-            ? (userId is null || userId.Value.Equals(default)
+            ? (userId.Value.Equals(default)
                 ? _libraryManager.RootFolder
                 : _libraryManager.GetUserRootFolder())
             : _libraryManager.GetItemById(itemId);
@@ -208,12 +210,13 @@ public class LibraryController : BaseJellyfinApiController
         [FromQuery] Guid? userId,
         [FromQuery] bool inheritFromParent = false)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
         var item = itemId.Equals(default)
-            ? (userId is null || userId.Value.Equals(default)
+            ? (userId.Value.Equals(default)
                 ? _libraryManager.RootFolder
                 : _libraryManager.GetUserRootFolder())
             : _libraryManager.GetItemById(itemId);
@@ -403,7 +406,8 @@ public class LibraryController : BaseJellyfinApiController
         [FromQuery] Guid? userId,
         [FromQuery] bool? isFavorite)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -437,6 +441,7 @@ public class LibraryController : BaseJellyfinApiController
     public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
     {
         var item = _libraryManager.GetItemById(itemId);
+        userId = RequestHelpers.GetUserId(User, userId);
 
         if (item is null)
         {
@@ -445,7 +450,7 @@ public class LibraryController : BaseJellyfinApiController
 
         var baseItemDtos = new List<BaseItemDto>();
 
-        var user = userId is null || userId.Value.Equals(default)
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -675,8 +680,9 @@ public class LibraryController : BaseJellyfinApiController
         [FromQuery] int? limit,
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var item = itemId.Equals(default)
-            ? (userId is null || userId.Value.Equals(default)
+            ? (userId.Value.Equals(default)
                 ? _libraryManager.RootFolder
                 : _libraryManager.GetUserRootFolder())
             : _libraryManager.GetItemById(itemId);
@@ -691,7 +697,7 @@ public class LibraryController : BaseJellyfinApiController
             return new QueryResult<BaseItemDto>();
         }
 
-        var user = userId is null || userId.Value.Equals(default)
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 318ed5c67..96fc91f93 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -153,6 +153,7 @@ public class LiveTvController : BaseJellyfinApiController
         [FromQuery] bool enableFavoriteSorting = false,
         [FromQuery] bool addCurrentProgram = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -161,7 +162,7 @@ public class LiveTvController : BaseJellyfinApiController
             new LiveTvChannelQuery
             {
                 ChannelType = type,
-                UserId = userId ?? Guid.Empty,
+                UserId = userId.Value,
                 StartIndex = startIndex,
                 Limit = limit,
                 IsFavorite = isFavorite,
@@ -180,7 +181,7 @@ public class LiveTvController : BaseJellyfinApiController
             dtoOptions,
             CancellationToken.None);
 
-        var user = userId is null || userId.Value.Equals(default)
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -211,7 +212,8 @@ public class LiveTvController : BaseJellyfinApiController
     [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var item = channelId.Equals(default)
@@ -271,6 +273,7 @@ public class LiveTvController : BaseJellyfinApiController
         [FromQuery] bool? isLibraryItem,
         [FromQuery] bool enableTotalRecordCount = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -279,7 +282,7 @@ public class LiveTvController : BaseJellyfinApiController
             new RecordingQuery
             {
                 ChannelId = channelId,
-                UserId = userId ?? Guid.Empty,
+                UserId = userId.Value,
                 StartIndex = startIndex,
                 Limit = limit,
                 Status = status,
@@ -382,7 +385,8 @@ public class LiveTvController : BaseJellyfinApiController
     [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var folders = _liveTvManager.GetRecordingFolders(user);
@@ -404,7 +408,8 @@ public class LiveTvController : BaseJellyfinApiController
     [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var item = recordingId.Equals(default) ? _libraryManager.GetUserRootFolder() : _libraryManager.GetItemById(recordingId);
@@ -560,7 +565,8 @@ public class LiveTvController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
         [FromQuery] bool enableTotalRecordCount = true)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -699,7 +705,8 @@ public class LiveTvController : BaseJellyfinApiController
         [FromQuery] bool? enableUserData,
         [FromQuery] bool enableTotalRecordCount = true)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -737,7 +744,8 @@ public class LiveTvController : BaseJellyfinApiController
         [FromRoute, Required] string programId,
         [FromQuery] Guid? userId)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/MediaInfoController.cs b/Jellyfin.Api/Controllers/MediaInfoController.cs
index ea10dd771..da24616ff 100644
--- a/Jellyfin.Api/Controllers/MediaInfoController.cs
+++ b/Jellyfin.Api/Controllers/MediaInfoController.cs
@@ -132,6 +132,7 @@ public class MediaInfoController : BaseJellyfinApiController
         // Copy params from posted body
         // TODO clean up when breaking API compatibility.
         userId ??= playbackInfoDto?.UserId;
+        userId = RequestHelpers.GetUserId(User, userId);
         maxStreamingBitrate ??= playbackInfoDto?.MaxStreamingBitrate;
         startTimeTicks ??= playbackInfoDto?.StartTimeTicks;
         audioStreamIndex ??= playbackInfoDto?.AudioStreamIndex;
@@ -253,10 +254,12 @@ public class MediaInfoController : BaseJellyfinApiController
         [FromQuery] bool? enableDirectPlay,
         [FromQuery] bool? enableDirectStream)
     {
+        userId ??= openLiveStreamDto?.UserId;
+        userId = RequestHelpers.GetUserId(User, userId);
         var request = new LiveStreamRequest
         {
             OpenToken = openToken ?? openLiveStreamDto?.OpenToken,
-            UserId = userId ?? openLiveStreamDto?.UserId ?? Guid.Empty,
+            UserId = userId.Value,
             PlaySessionId = playSessionId ?? openLiveStreamDto?.PlaySessionId,
             MaxStreamingBitrate = maxStreamingBitrate ?? openLiveStreamDto?.MaxStreamingBitrate,
             StartTimeTicks = startTimeTicks ?? openLiveStreamDto?.StartTimeTicks,
diff --git a/Jellyfin.Api/Controllers/MoviesController.cs b/Jellyfin.Api/Controllers/MoviesController.cs
index a9336f6d2..e1145481f 100644
--- a/Jellyfin.Api/Controllers/MoviesController.cs
+++ b/Jellyfin.Api/Controllers/MoviesController.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
@@ -67,7 +68,8 @@ public class MoviesController : BaseJellyfinApiController
         [FromQuery] int categoryLimit = 5,
         [FromQuery] int itemLimit = 8)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         var dtoOptions = new DtoOptions { Fields = fields }
diff --git a/Jellyfin.Api/Controllers/MusicGenresController.cs b/Jellyfin.Api/Controllers/MusicGenresController.cs
index 3db1d89c1..435457af6 100644
--- a/Jellyfin.Api/Controllers/MusicGenresController.cs
+++ b/Jellyfin.Api/Controllers/MusicGenresController.cs
@@ -90,11 +90,12 @@ public class MusicGenresController : BaseJellyfinApiController
         [FromQuery] bool? enableImages = true,
         [FromQuery] bool enableTotalRecordCount = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, false, imageTypeLimit, enableImageTypes);
 
-        User? user = userId is null || userId.Value.Equals(default)
+        User? user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -144,6 +145,7 @@ public class MusicGenresController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<BaseItemDto> GetMusicGenre([FromRoute, Required] string genreName, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
         MusicGenre? item;
@@ -162,7 +164,7 @@ public class MusicGenresController : BaseJellyfinApiController
             return NotFound();
         }
 
-        if (userId.HasValue && !userId.Value.Equals(default))
+        if (!userId.Value.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/PersonsController.cs b/Jellyfin.Api/Controllers/PersonsController.cs
index 5310f50b1..b4c6f490a 100644
--- a/Jellyfin.Api/Controllers/PersonsController.cs
+++ b/Jellyfin.Api/Controllers/PersonsController.cs
@@ -2,6 +2,7 @@ using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
 using MediaBrowser.Controller.Dto;
@@ -77,11 +78,12 @@ public class PersonsController : BaseJellyfinApiController
         [FromQuery] Guid? userId,
         [FromQuery] bool? enableImages = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
 
-        User? user = userId is null || userId.Value.Equals(default)
+        User? user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -117,6 +119,7 @@ public class PersonsController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<BaseItemDto> GetPerson([FromRoute, Required] string name, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions()
             .AddClientFields(User);
 
@@ -126,7 +129,7 @@ public class PersonsController : BaseJellyfinApiController
             return NotFound();
         }
 
-        if (userId.HasValue && !userId.Value.Equals(default))
+        if (!userId.Value.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
             return _dtoService.GetBaseItemDto(item, dtoOptions, user);
diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index 79c0d3c7b..c6dbea5e2 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -5,6 +5,7 @@ using System.Linq;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.PlaylistDtos;
 using MediaBrowser.Controller.Dto;
@@ -81,11 +82,13 @@ public class PlaylistsController : BaseJellyfinApiController
             ids = createPlaylistRequest?.Ids ?? Array.Empty<Guid>();
         }
 
+        userId ??= createPlaylistRequest?.UserId ?? default;
+        userId = RequestHelpers.GetUserId(User, userId);
         var result = await _playlistManager.CreatePlaylist(new PlaylistCreationRequest
         {
             Name = name ?? createPlaylistRequest?.Name,
             ItemIdList = ids,
-            UserId = userId ?? createPlaylistRequest?.UserId ?? default,
+            UserId = userId.Value,
             MediaType = mediaType ?? createPlaylistRequest?.MediaType
         }).ConfigureAwait(false);
 
@@ -107,7 +110,8 @@ public class PlaylistsController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids,
         [FromQuery] Guid? userId)
     {
-        await _playlistManager.AddToPlaylistAsync(playlistId, ids, userId ?? Guid.Empty).ConfigureAwait(false);
+        userId = RequestHelpers.GetUserId(User, userId);
+        await _playlistManager.AddToPlaylistAsync(playlistId, ids, userId.Value).ConfigureAwait(false);
         return NoContent();
     }
 
diff --git a/Jellyfin.Api/Controllers/QuickConnectController.cs b/Jellyfin.Api/Controllers/QuickConnectController.cs
index 503b9d372..d7e54b5b6 100644
--- a/Jellyfin.Api/Controllers/QuickConnectController.cs
+++ b/Jellyfin.Api/Controllers/QuickConnectController.cs
@@ -3,6 +3,7 @@ using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
@@ -116,17 +117,11 @@ public class QuickConnectController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)
     {
-        var currentUserId = User.GetUserId();
-        var actualUserId = userId ?? currentUserId;
-
-        if (actualUserId.Equals(default) || (!userId.Equals(currentUserId) && !User.IsInRole(UserRoles.Administrator)))
-        {
-            return Forbid("Unknown user id");
-        }
+        userId = RequestHelpers.GetUserId(User, userId);
 
         try
         {
-            return await _quickConnect.AuthorizeRequest(actualUserId, code).ConfigureAwait(false);
+            return await _quickConnect.AuthorizeRequest(userId.Value, code).ConfigureAwait(false);
         }
         catch (AuthenticationException)
         {
diff --git a/Jellyfin.Api/Controllers/SearchController.cs b/Jellyfin.Api/Controllers/SearchController.cs
index a25b43345..f638c31c3 100644
--- a/Jellyfin.Api/Controllers/SearchController.cs
+++ b/Jellyfin.Api/Controllers/SearchController.cs
@@ -3,6 +3,8 @@ using System.ComponentModel;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using Jellyfin.Extensions;
@@ -98,6 +100,7 @@ public class SearchController : BaseJellyfinApiController
         [FromQuery] bool includeStudios = true,
         [FromQuery] bool includeArtists = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var result = _searchEngine.GetSearchHints(new SearchQuery
         {
             Limit = limit,
@@ -108,7 +111,7 @@ public class SearchController : BaseJellyfinApiController
             IncludePeople = includePeople,
             IncludeStudios = includeStudios,
             StartIndex = startIndex,
-            UserId = userId ?? Guid.Empty,
+            UserId = userId.Value,
             IncludeItemTypes = includeItemTypes,
             ExcludeItemTypes = excludeItemTypes,
             MediaTypes = mediaTypes,
diff --git a/Jellyfin.Api/Controllers/StudiosController.cs b/Jellyfin.Api/Controllers/StudiosController.cs
index 21965e956..f434f60f5 100644
--- a/Jellyfin.Api/Controllers/StudiosController.cs
+++ b/Jellyfin.Api/Controllers/StudiosController.cs
@@ -86,11 +86,12 @@ public class StudiosController : BaseJellyfinApiController
         [FromQuery] bool? enableImages = true,
         [FromQuery] bool enableTotalRecordCount = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
 
-        User? user = userId is null || userId.Value.Equals(default)
+        User? user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -139,10 +140,11 @@ public class StudiosController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<BaseItemDto> GetStudio([FromRoute, Required] string name, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
         var item = _libraryManager.GetStudio(name);
-        if (userId.HasValue && !userId.Equals(default))
+        if (!userId.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs
index b0760f97c..7d23281f2 100644
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using Jellyfin.Extensions;
@@ -87,6 +88,7 @@ public class TvShowsController : BaseJellyfinApiController
         [FromQuery] bool disableFirstEpisode = false,
         [FromQuery] bool enableRewatching = false)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var options = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -98,7 +100,7 @@ public class TvShowsController : BaseJellyfinApiController
                 ParentId = parentId,
                 SeriesId = seriesId,
                 StartIndex = startIndex,
-                UserId = userId ?? Guid.Empty,
+                UserId = userId.Value,
                 EnableTotalRecordCount = enableTotalRecordCount,
                 DisableFirstEpisode = disableFirstEpisode,
                 NextUpDateCutoff = nextUpDateCutoff ?? DateTime.MinValue,
@@ -106,7 +108,7 @@ public class TvShowsController : BaseJellyfinApiController
             },
             options);
 
-        var user = userId is null || userId.Value.Equals(default)
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -144,7 +146,8 @@ public class TvShowsController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
         [FromQuery] bool? enableUserData)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -215,7 +218,8 @@ public class TvShowsController : BaseJellyfinApiController
         [FromQuery] bool? enableUserData,
         [FromQuery] string? sortBy)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
@@ -331,7 +335,8 @@ public class TvShowsController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
         [FromQuery] bool? enableUserData)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
diff --git a/Jellyfin.Api/Controllers/UniversalAudioController.cs b/Jellyfin.Api/Controllers/UniversalAudioController.cs
index 345521597..12d033ae6 100644
--- a/Jellyfin.Api/Controllers/UniversalAudioController.cs
+++ b/Jellyfin.Api/Controllers/UniversalAudioController.cs
@@ -106,11 +106,7 @@ public class UniversalAudioController : BaseJellyfinApiController
         [FromQuery] bool enableRedirection = true)
     {
         var deviceProfile = GetDeviceProfile(container, transcodingContainer, audioCodec, transcodingProtocol, breakOnNonKeyFrames, transcodingAudioChannels, maxAudioSampleRate, maxAudioBitDepth, maxAudioChannels);
-
-        if (!userId.HasValue || userId.Value.Equals(default))
-        {
-            userId = User.GetUserId();
-        }
+        userId = RequestHelpers.GetUserId(User, userId);
 
         _logger.LogInformation("GetPostedPlaybackInfo profile: {@Profile}", deviceProfile);
 
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 3a61367f7..c0ec646ed 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -104,12 +104,13 @@ public class VideosController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
     {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
 
         var item = itemId.Equals(default)
-            ? (userId is null || userId.Value.Equals(default)
+            ? (userId.Value.Equals(default)
                 ? _libraryManager.RootFolder
                 : _libraryManager.GetUserRootFolder())
             : _libraryManager.GetItemById(itemId);
diff --git a/Jellyfin.Api/Controllers/YearsController.cs b/Jellyfin.Api/Controllers/YearsController.cs
index def37cb97..74370db50 100644
--- a/Jellyfin.Api/Controllers/YearsController.cs
+++ b/Jellyfin.Api/Controllers/YearsController.cs
@@ -85,11 +85,12 @@ public class YearsController : BaseJellyfinApiController
         [FromQuery] bool recursive = true,
         [FromQuery] bool? enableImages = true)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
             .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
 
-        User? user = userId is null || userId.Value.Equals(default)
+        User? user = userId.Value.Equals(default)
             ? null
             : _userManager.GetUserById(userId.Value);
         BaseItem parentItem = _libraryManager.GetParentItem(parentId, userId);
@@ -171,6 +172,7 @@ public class YearsController : BaseJellyfinApiController
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<BaseItemDto> GetYear([FromRoute, Required] int year, [FromQuery] Guid? userId)
     {
+        userId = RequestHelpers.GetUserId(User, userId);
         var item = _libraryManager.GetYear(year);
         if (item is null)
         {
@@ -180,7 +182,7 @@ public class YearsController : BaseJellyfinApiController
         var dtoOptions = new DtoOptions()
             .AddClientFields(User);
 
-        if (userId.HasValue && !userId.Value.Equals(default))
+        if (!userId.Value.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
             return _dtoService.GetBaseItemDto(item, dtoOptions, user);
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 0b7a4fa1a..57098edba 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -11,6 +11,7 @@ using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Querying;
@@ -55,6 +56,32 @@ public static class RequestHelpers
         return result;
     }
 
+    /// <summary>
+    /// Checks if the user can access a user.
+    /// </summary>
+    /// <param name="claimsPrincipal">The <see cref="ClaimsPrincipal"/> for the current request.</param>
+    /// <param name="userId">The user id.</param>
+    /// <returns>A <see cref="bool"/> whether the user can access the user.</returns>
+    internal static Guid GetUserId(ClaimsPrincipal claimsPrincipal, Guid? userId)
+    {
+        var authenticatedUserId = claimsPrincipal.GetUserId();
+
+        // UserId not provided, fall back to authenticated user id.
+        if (userId is null || userId.Value.Equals(default))
+        {
+            return authenticatedUserId;
+        }
+
+        // User must be administrator to access another user.
+        var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator);
+        if (!userId.Value.Equals(authenticatedUserId) && !isAdministrator)
+        {
+            throw new SecurityException("Forbidden");
+        }
+
+        return userId.Value;
+    }
+
     /// <summary>
     /// Checks if the user can update an entry.
     /// </summary>
diff --git a/tests/Jellyfin.Api.Tests/Helpers/RequestHelpersTests.cs b/tests/Jellyfin.Api.Tests/Helpers/RequestHelpersTests.cs
index c4640bd22..2d7741d81 100644
--- a/tests/Jellyfin.Api.Tests/Helpers/RequestHelpersTests.cs
+++ b/tests/Jellyfin.Api.Tests/Helpers/RequestHelpersTests.cs
@@ -1,7 +1,11 @@
 using System;
 using System.Collections.Generic;
+using System.Globalization;
+using System.Security.Claims;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Net;
 using Xunit;
 
 namespace Jellyfin.Api.Tests.Helpers
@@ -15,6 +19,82 @@ namespace Jellyfin.Api.Tests.Helpers
             Assert.Equal(expected, RequestHelpers.GetOrderBy(sortBy, requestedSortOrder));
         }
 
+        [Fact]
+        public static void GetUserId_IsAdmin()
+        {
+            Guid? requestUserId = Guid.NewGuid();
+            Guid? authUserId = Guid.NewGuid();
+
+            var claims = new[]
+            {
+                new Claim(InternalClaimTypes.UserId, authUserId.Value.ToString("N", CultureInfo.InvariantCulture)),
+                new Claim(InternalClaimTypes.IsApiKey, bool.FalseString),
+                new Claim(ClaimTypes.Role, UserRoles.Administrator)
+            };
+
+            var identity = new ClaimsIdentity(claims, string.Empty);
+            var principal = new ClaimsPrincipal(identity);
+
+            var userId = RequestHelpers.GetUserId(principal, requestUserId);
+
+            Assert.Equal(requestUserId, userId);
+        }
+
+        [Fact]
+        public static void GetUserId_IsApiKey_EmptyGuid()
+        {
+            Guid? requestUserId = Guid.Empty;
+
+            var claims = new[]
+            {
+                new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)
+            };
+
+            var identity = new ClaimsIdentity(claims, string.Empty);
+            var principal = new ClaimsPrincipal(identity);
+
+            var userId = RequestHelpers.GetUserId(principal, requestUserId);
+
+            Assert.Equal(Guid.Empty, userId);
+        }
+
+        [Fact]
+        public static void GetUserId_IsApiKey_Null()
+        {
+            Guid? requestUserId = null;
+
+            var claims = new[]
+            {
+                new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)
+            };
+
+            var identity = new ClaimsIdentity(claims, string.Empty);
+            var principal = new ClaimsPrincipal(identity);
+
+            var userId = RequestHelpers.GetUserId(principal, requestUserId);
+
+            Assert.Equal(Guid.Empty, userId);
+        }
+
+        [Fact]
+        public static void GetUserId_IsUser()
+        {
+            Guid? requestUserId = Guid.NewGuid();
+            Guid? authUserId = Guid.NewGuid();
+
+            var claims = new[]
+            {
+                new Claim(InternalClaimTypes.UserId, authUserId.Value.ToString("N", CultureInfo.InvariantCulture)),
+                new Claim(InternalClaimTypes.IsApiKey, bool.FalseString),
+                new Claim(ClaimTypes.Role, UserRoles.User)
+            };
+
+            var identity = new ClaimsIdentity(claims, string.Empty);
+            var principal = new ClaimsPrincipal(identity);
+
+            Assert.Throws<SecurityException>(() => RequestHelpers.GetUserId(principal, requestUserId));
+        }
+
         public static TheoryData<IReadOnlyList<string>, IReadOnlyList<SortOrder>, (string, SortOrder)[]> GetOrderBy_Success_TestData()
         {
             var data = new TheoryData<IReadOnlyList<string>, IReadOnlyList<SortOrder>, (string, SortOrder)[]>();
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs
index 62b32b92e..078002994 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/ItemsControllerTests.cs
@@ -22,13 +22,13 @@ public sealed class ItemsControllerTests : IClassFixture<JellyfinApplicationFact
     }
 
     [Fact]
-    public async Task GetItems_NoApiKeyOrUserId_BadRequest()
+    public async Task GetItems_NoApiKeyOrUserId_Success()
     {
         var client = _factory.CreateClient();
         client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
 
         var response = await client.GetAsync("Items").ConfigureAwait(false);
-        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
     }
 
     [Theory]
-- 
cgit v1.2.3


From 8316bd590e4553953c7ca78e6eef26672fbcb416 Mon Sep 17 00:00:00 2001
From: Bond_009 <bond.009@outlook.com>
Date: Mon, 27 Mar 2023 15:22:21 +0200
Subject: Fix #7610

---
 Jellyfin.Api/Controllers/LibraryController.cs      | 44 ++++++++++++++++------
 .../Controllers/LibraryControllerTests.cs          | 23 +++++++++++
 2 files changed, 55 insertions(+), 12 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index bf59febed..e094d2d77 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -15,6 +15,7 @@ using Jellyfin.Api.Models.LibraryDtos;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
 using Jellyfin.Extensions;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Progress;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Dto;
@@ -332,12 +333,26 @@ public class LibraryController : BaseJellyfinApiController
     [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult DeleteItem(Guid itemId)
     {
+        var isApiKey = User.GetIsApiKey();
+        var userId = User.GetUserId();
+        var user = !isApiKey && !userId.Equals(default)
+            ? _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException()
+            : null;
+        if (!isApiKey && user is null)
+        {
+            return Unauthorized("Unauthorized access");
+        }
+
         var item = _libraryManager.GetItemById(itemId);
-        var user = _userManager.GetUserById(User.GetUserId());
+        if (item is null)
+        {
+            return NotFound();
+        }
 
-        if (!item.CanDelete(user))
+        if (user is not null && !item.CanDelete(user))
         {
             return Unauthorized("Unauthorized access");
         }
@@ -361,26 +376,31 @@ public class LibraryController : BaseJellyfinApiController
     [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
     {
-        if (ids.Length == 0)
+        var isApiKey = User.GetIsApiKey();
+        var userId = User.GetUserId();
+        var user = !isApiKey && !userId.Equals(default)
+            ? _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException()
+            : null;
+
+        if (!isApiKey && user is null)
         {
-            return NoContent();
+            return Unauthorized("Unauthorized access");
         }
 
         foreach (var i in ids)
         {
             var item = _libraryManager.GetItemById(i);
-            var user = _userManager.GetUserById(User.GetUserId());
-
-            if (!item.CanDelete(user))
+            if (item is null)
             {
-                if (ids.Length > 1)
-                {
-                    return Unauthorized("Unauthorized access");
-                }
+                return NotFound();
+            }
 
-                continue;
+            if (user is not null && !item.CanDelete(user))
+            {
+                return Unauthorized("Unauthorized access");
             }
 
             _libraryManager.DeleteItem(
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs
index 013d19a9f..8998683a7 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs
@@ -37,4 +37,27 @@ public sealed class LibraryControllerTests : IClassFixture<JellyfinApplicationFa
         var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid())).ConfigureAwait(false);
         Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
     }
+
+    [Theory]
+    [InlineData("Items/{0}")]
+    [InlineData("Items?ids={0}")]
+    public async Task Delete_NonExistentItemId_Unauthorised(string format)
+    {
+        var client = _factory.CreateClient();
+
+        var response = await client.DeleteAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid())).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+    }
+
+    [Theory]
+    [InlineData("Items/{0}")]
+    [InlineData("Items?ids={0}")]
+    public async Task Delete_NonExistentItemId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.DeleteAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid())).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
 }
-- 
cgit v1.2.3


From 3982b0e057cc692875ba35573197b86abf8d7adb Mon Sep 17 00:00:00 2001
From: Bond-009 <bond.009@outlook.com>
Date: Thu, 22 Jun 2023 05:01:47 +0200
Subject: Reduce bottlenecks scan code (#9863)

---
 Jellyfin.Api/Controllers/LibraryController.cs      | 20 ++-----
 .../BaseItemManager/BaseItemManager.cs             | 65 +++-------------------
 .../BaseItemManager/IBaseItemManager.cs            |  5 --
 .../Entities/Audio/MusicArtist.cs                  |  2 +-
 MediaBrowser.Controller/Entities/BaseItem.cs       | 33 +++--------
 MediaBrowser.Controller/Entities/Folder.cs         | 38 +++----------
 .../Library/MetadataConfigurationExtensions.cs     | 17 ++++--
 .../Providers/IProviderManager.cs                  | 17 ------
 MediaBrowser.MediaEncoding/Encoder/MediaEncoder.cs |  5 +-
 .../Configuration/ServerConfiguration.cs           |  8 +--
 MediaBrowser.Providers/Manager/ProviderManager.cs  | 63 ++++-----------------
 .../Plugins/StudioImages/StudiosImageProvider.cs   |  8 +--
 src/Jellyfin.Drawing/ImageProcessor.cs             |  2 -
 13 files changed, 64 insertions(+), 219 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LibraryController.cs')

diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index e094d2d77..46c0a8d52 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -969,12 +969,8 @@ public class LibraryController : BaseJellyfinApiController
                    || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
         }
 
-        var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
-            .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-            .ToArray();
-
-        return metadataOptions.Length == 0
-               || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+        var metadataOptions = _serverConfigurationManager.GetMetadataOptionsForType(type);
+        return metadataOptions is null || !metadataOptions.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase);
     }
 
     private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
@@ -995,15 +991,7 @@ public class LibraryController : BaseJellyfinApiController
                    || string.Equals(name, "Image Extractor", StringComparison.OrdinalIgnoreCase);
         }
 
-        var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
-            .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-            .ToArray();
-
-        if (metadataOptions.Length == 0)
-        {
-            return true;
-        }
-
-        return metadataOptions.Any(i => !i.DisabledImageFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+        var metadataOptions = _serverConfigurationManager.GetMetadataOptionsForType(type);
+        return metadataOptions is null || !metadataOptions.DisabledImageFetchers.Contains(name, StringComparison.OrdinalIgnoreCase);
     }
 }
diff --git a/MediaBrowser.Controller/BaseItemManager/BaseItemManager.cs b/MediaBrowser.Controller/BaseItemManager/BaseItemManager.cs
index ed7c2c2c1..b263c173e 100644
--- a/MediaBrowser.Controller/BaseItemManager/BaseItemManager.cs
+++ b/MediaBrowser.Controller/BaseItemManager/BaseItemManager.cs
@@ -1,11 +1,10 @@
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Linq;
-using System.Threading;
 using Jellyfin.Extensions;
 using MediaBrowser.Controller.Channels;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Entities;
+using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Configuration;
 
 namespace MediaBrowser.Controller.BaseItemManager
@@ -15,8 +14,6 @@ namespace MediaBrowser.Controller.BaseItemManager
     {
         private readonly IServerConfigurationManager _serverConfigurationManager;
 
-        private int _metadataRefreshConcurrency;
-
         /// <summary>
         /// Initializes a new instance of the <see cref="BaseItemManager"/> class.
         /// </summary>
@@ -24,16 +21,8 @@ namespace MediaBrowser.Controller.BaseItemManager
         public BaseItemManager(IServerConfigurationManager serverConfigurationManager)
         {
             _serverConfigurationManager = serverConfigurationManager;
-
-            _metadataRefreshConcurrency = GetMetadataRefreshConcurrency();
-            SetupMetadataThrottler();
-
-            _serverConfigurationManager.ConfigurationUpdated += OnConfigurationUpdated;
         }
 
-        /// <inheritdoc />
-        public SemaphoreSlim MetadataRefreshThrottler { get; private set; }
-
         /// <inheritdoc />
         public bool IsMetadataFetcherEnabled(BaseItem baseItem, TypeOptions? libraryTypeOptions, string name)
         {
@@ -51,12 +40,11 @@ namespace MediaBrowser.Controller.BaseItemManager
 
             if (libraryTypeOptions is not null)
             {
-                return libraryTypeOptions.MetadataFetchers.Contains(name.AsSpan(), StringComparison.OrdinalIgnoreCase);
+                return libraryTypeOptions.MetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase);
             }
 
-            var itemConfig = _serverConfigurationManager.Configuration.MetadataOptions.FirstOrDefault(i => string.Equals(i.ItemType, baseItem.GetType().Name, StringComparison.OrdinalIgnoreCase));
-
-            return itemConfig is null || !itemConfig.DisabledMetadataFetchers.Contains(name.AsSpan(), StringComparison.OrdinalIgnoreCase);
+            var itemConfig = _serverConfigurationManager.GetMetadataOptionsForType(baseItem.GetType().Name);
+            return itemConfig is null || !itemConfig.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase);
         }
 
         /// <inheritdoc />
@@ -76,50 +64,11 @@ namespace MediaBrowser.Controller.BaseItemManager
 
             if (libraryTypeOptions is not null)
             {
-                return libraryTypeOptions.ImageFetchers.Contains(name.AsSpan(), StringComparison.OrdinalIgnoreCase);
-            }
-
-            var itemConfig = _serverConfigurationManager.Configuration.MetadataOptions.FirstOrDefault(i => string.Equals(i.ItemType, baseItem.GetType().Name, StringComparison.OrdinalIgnoreCase));
-
-            return itemConfig is null || !itemConfig.DisabledImageFetchers.Contains(name.AsSpan(), StringComparison.OrdinalIgnoreCase);
-        }
-
-        /// <summary>
-        /// Called when the configuration is updated.
-        /// It will refresh the metadata throttler if the relevant config changed.
-        /// </summary>
-        private void OnConfigurationUpdated(object? sender, EventArgs e)
-        {
-            int newMetadataRefreshConcurrency = GetMetadataRefreshConcurrency();
-            if (_metadataRefreshConcurrency != newMetadataRefreshConcurrency)
-            {
-                _metadataRefreshConcurrency = newMetadataRefreshConcurrency;
-                SetupMetadataThrottler();
-            }
-        }
-
-        /// <summary>
-        /// Creates the metadata refresh throttler.
-        /// </summary>
-        [MemberNotNull(nameof(MetadataRefreshThrottler))]
-        private void SetupMetadataThrottler()
-        {
-            MetadataRefreshThrottler = new SemaphoreSlim(_metadataRefreshConcurrency);
-        }
-
-        /// <summary>
-        /// Returns the metadata refresh concurrency.
-        /// </summary>
-        private int GetMetadataRefreshConcurrency()
-        {
-            var concurrency = _serverConfigurationManager.Configuration.LibraryMetadataRefreshConcurrency;
-
-            if (concurrency <= 0)
-            {
-                concurrency = Environment.ProcessorCount;
+                return libraryTypeOptions.ImageFetchers.Contains(name, StringComparison.OrdinalIgnoreCase);
             }
 
-            return concurrency;
+            var itemConfig = _serverConfigurationManager.GetMetadataOptionsForType(baseItem.GetType().Name);
+            return itemConfig is null || !itemConfig.DisabledImageFetchers.Contains(name, StringComparison.OrdinalIgnoreCase);
         }
     }
 }
diff --git a/MediaBrowser.Controller/BaseItemManager/IBaseItemManager.cs b/MediaBrowser.Controller/BaseItemManager/IBaseItemManager.cs
index b07c80879..ac20120d9 100644
--- a/MediaBrowser.Controller/BaseItemManager/IBaseItemManager.cs
+++ b/MediaBrowser.Controller/BaseItemManager/IBaseItemManager.cs
@@ -9,11 +9,6 @@ namespace MediaBrowser.Controller.BaseItemManager
     /// </summary>
     public interface IBaseItemManager
     {
-        /// <summary>
-        /// Gets the semaphore used to limit the amount of concurrent metadata refreshes.
-        /// </summary>
-        SemaphoreSlim MetadataRefreshThrottler { get; }
-
         /// <summary>
         /// Is metadata fetcher enabled.
         /// </summary>
diff --git a/MediaBrowser.Controller/Entities/Audio/MusicArtist.cs b/MediaBrowser.Controller/Entities/Audio/MusicArtist.cs
index 15a79fa1f..18d948a62 100644
--- a/MediaBrowser.Controller/Entities/Audio/MusicArtist.cs
+++ b/MediaBrowser.Controller/Entities/Audio/MusicArtist.cs
@@ -59,7 +59,7 @@ namespace MediaBrowser.Controller.Entities.Audio
             {
                 if (IsAccessedByName)
                 {
-                    return new List<BaseItem>();
+                    return Enumerable.Empty<BaseItem>();
                 }
 
                 return base.Children;
diff --git a/MediaBrowser.Controller/Entities/BaseItem.cs b/MediaBrowser.Controller/Entities/BaseItem.cs
index 1e868194e..501811003 100644
--- a/MediaBrowser.Controller/Entities/BaseItem.cs
+++ b/MediaBrowser.Controller/Entities/BaseItem.cs
@@ -1244,14 +1244,6 @@ namespace MediaBrowser.Controller.Entities
             return RefreshMetadata(new MetadataRefreshOptions(new DirectoryService(FileSystem)), cancellationToken);
         }
 
-        protected virtual void TriggerOnRefreshStart()
-        {
-        }
-
-        protected virtual void TriggerOnRefreshComplete()
-        {
-        }
-
         /// <summary>
         /// Overrides the base implementation to refresh metadata for local trailers.
         /// </summary>
@@ -1260,8 +1252,6 @@ namespace MediaBrowser.Controller.Entities
         /// <returns>true if a provider reports we changed.</returns>
         public async Task<ItemUpdateType> RefreshMetadata(MetadataRefreshOptions options, CancellationToken cancellationToken)
         {
-            TriggerOnRefreshStart();
-
             var requiresSave = false;
 
             if (SupportsOwnedItems)
@@ -1281,21 +1271,14 @@ namespace MediaBrowser.Controller.Entities
                 }
             }
 
-            try
-            {
-                var refreshOptions = requiresSave
-                    ? new MetadataRefreshOptions(options)
-                    {
-                        ForceSave = true
-                    }
-                    : options;
+            var refreshOptions = requiresSave
+                ? new MetadataRefreshOptions(options)
+                {
+                    ForceSave = true
+                }
+                : options;
 
-                return await ProviderManager.RefreshSingleItem(this, refreshOptions, cancellationToken).ConfigureAwait(false);
-            }
-            finally
-            {
-                TriggerOnRefreshComplete();
-            }
+            return await ProviderManager.RefreshSingleItem(this, refreshOptions, cancellationToken).ConfigureAwait(false);
         }
 
         protected bool IsVisibleStandaloneInternal(User user, bool checkFolders)
@@ -1367,7 +1350,7 @@ namespace MediaBrowser.Controller.Entities
         private async Task<bool> RefreshExtras(BaseItem item, MetadataRefreshOptions options, IReadOnlyList<FileSystemMetadata> fileSystemChildren, CancellationToken cancellationToken)
         {
             var extras = LibraryManager.FindExtras(item, fileSystemChildren, options.DirectoryService).ToArray();
-            var newExtraIds = extras.Select(i => i.Id).ToArray();
+            var newExtraIds = Array.ConvertAll(extras, x => x.Id);
             var extrasChanged = !item.ExtraIds.SequenceEqual(newExtraIds);
 
             if (!extrasChanged && !options.ReplaceAllMetadata && options.MetadataRefreshMode != MetadataRefreshMode.FullRefresh)
diff --git a/MediaBrowser.Controller/Entities/Folder.cs b/MediaBrowser.Controller/Entities/Folder.cs
index 84952295c..44fe65103 100644
--- a/MediaBrowser.Controller/Entities/Folder.cs
+++ b/MediaBrowser.Controller/Entities/Folder.cs
@@ -301,14 +301,6 @@ namespace MediaBrowser.Controller.Entities
             return dictionary;
         }
 
-        protected override void TriggerOnRefreshStart()
-        {
-        }
-
-        protected override void TriggerOnRefreshComplete()
-        {
-        }
-
         /// <summary>
         /// Validates the children internal.
         /// </summary>
@@ -510,26 +502,17 @@ namespace MediaBrowser.Controller.Entities
 
         private async Task RefreshAllMetadataForContainer(IMetadataContainer container, MetadataRefreshOptions refreshOptions, IProgress<double> progress, CancellationToken cancellationToken)
         {
-            // limit the amount of concurrent metadata refreshes
-            await ProviderManager.RunMetadataRefresh(
-                async () =>
-                {
-                    var series = container as Series;
-                    if (series is not null)
-                    {
-                        await series.RefreshMetadata(refreshOptions, cancellationToken).ConfigureAwait(false);
-                    }
+            if (container is Series series)
+            {
+                await series.RefreshMetadata(refreshOptions, cancellationToken).ConfigureAwait(false);
+            }
 
-                    await container.RefreshAllMetadata(refreshOptions, progress, cancellationToken).ConfigureAwait(false);
-                },
-                cancellationToken).ConfigureAwait(false);
+            await container.RefreshAllMetadata(refreshOptions, progress, cancellationToken).ConfigureAwait(false);
         }
 
         private async Task RefreshChildMetadata(BaseItem child, MetadataRefreshOptions refreshOptions, bool recursive, IProgress<double> progress, CancellationToken cancellationToken)
         {
-            var container = child as IMetadataContainer;
-
-            if (container is not null)
+            if (child is IMetadataContainer container)
             {
                 await RefreshAllMetadataForContainer(container, refreshOptions, progress, cancellationToken).ConfigureAwait(false);
             }
@@ -537,10 +520,7 @@ namespace MediaBrowser.Controller.Entities
             {
                 if (refreshOptions.RefreshItem(child))
                 {
-                    // limit the amount of concurrent metadata refreshes
-                    await ProviderManager.RunMetadataRefresh(
-                        async () => await child.RefreshMetadata(refreshOptions, cancellationToken).ConfigureAwait(false),
-                        cancellationToken).ConfigureAwait(false);
+                    await child.RefreshMetadata(refreshOptions, cancellationToken).ConfigureAwait(false);
                 }
 
                 if (recursive && child is Folder folder)
@@ -586,7 +566,7 @@ namespace MediaBrowser.Controller.Entities
             }
 
             var fanoutConcurrency = ConfigurationManager.Configuration.LibraryScanFanoutConcurrency;
-            var parallelism = fanoutConcurrency == 0 ? Environment.ProcessorCount : fanoutConcurrency;
+            var parallelism = fanoutConcurrency > 0 ? fanoutConcurrency : 2 * Environment.ProcessorCount;
 
             var actionBlock = new ActionBlock<int>(
                 async i =>
@@ -618,7 +598,7 @@ namespace MediaBrowser.Controller.Entities
 
             for (var i = 0; i < childrenCount; i++)
             {
-                actionBlock.Post(i);
+                await actionBlock.SendAsync(i).ConfigureAwait(false);
             }
 
             actionBlock.Complete();
diff --git a/MediaBrowser.Controller/Library/MetadataConfigurationExtensions.cs b/MediaBrowser.Controller/Library/MetadataConfigurationExtensions.cs
index 41cfcae16..ee9420cb4 100644
--- a/MediaBrowser.Controller/Library/MetadataConfigurationExtensions.cs
+++ b/MediaBrowser.Controller/Library/MetadataConfigurationExtensions.cs
@@ -1,8 +1,8 @@
-#nullable disable
-
 #pragma warning disable CS1591
 
+using System;
 using MediaBrowser.Common.Configuration;
+using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Model.Configuration;
 
 namespace MediaBrowser.Controller.Library
@@ -10,8 +10,15 @@ namespace MediaBrowser.Controller.Library
     public static class MetadataConfigurationExtensions
     {
         public static MetadataConfiguration GetMetadataConfiguration(this IConfigurationManager config)
-        {
-            return config.GetConfiguration<MetadataConfiguration>("metadata");
-        }
+            => config.GetConfiguration<MetadataConfiguration>("metadata");
+
+        /// <summary>
+        /// Gets the <see cref="MetadataOptions" /> for the specified type.
+        /// </summary>
+        /// <param name="config">The <see cref="IServerConfigurationManager"/>.</param>
+        /// <param name="type">The type to get the <see cref="MetadataOptions" /> for.</param>
+        /// <returns>The <see cref="MetadataOptions" /> for the specified type or <c>null</c>.</returns>
+        public static MetadataOptions? GetMetadataOptionsForType(this IServerConfigurationManager config, string type)
+            => Array.Find(config.Configuration.MetadataOptions, i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase));
     }
 }
diff --git a/MediaBrowser.Controller/Providers/IProviderManager.cs b/MediaBrowser.Controller/Providers/IProviderManager.cs
index 7e0a69586..16943f6aa 100644
--- a/MediaBrowser.Controller/Providers/IProviderManager.cs
+++ b/MediaBrowser.Controller/Providers/IProviderManager.cs
@@ -54,14 +54,6 @@ namespace MediaBrowser.Controller.Providers
         /// <returns>Task.</returns>
         Task<ItemUpdateType> RefreshSingleItem(BaseItem item, MetadataRefreshOptions options, CancellationToken cancellationToken);
 
-        /// <summary>
-        /// Runs multiple metadata refreshes concurrently.
-        /// </summary>
-        /// <param name="action">The action to run.</param>
-        /// <param name="cancellationToken">The cancellation token.</param>
-        /// <returns>A <see cref="Task"/> representing the result of the asynchronous operation.</returns>
-        Task RunMetadataRefresh(Func<Task> action, CancellationToken cancellationToken);
-
         /// <summary>
         /// Saves the image.
         /// </summary>
@@ -207,15 +199,6 @@ namespace MediaBrowser.Controller.Providers
             where TItemType : BaseItem, new()
             where TLookupType : ItemLookupInfo;
 
-        /// <summary>
-        /// Gets the search image.
-        /// </summary>
-        /// <param name="providerName">Name of the provider.</param>
-        /// <param name="url">The URL.</param>
-        /// <param name="cancellationToken">The cancellation token.</param>
-        /// <returns>Task{HttpResponseInfo}.</returns>
-        Task<HttpResponseMessage> GetSearchImage(string providerName, string url, CancellationToken cancellationToken);
-
         HashSet<Guid> GetRefreshQueue();
 
         void OnRefreshStart(BaseItem item);
diff --git a/MediaBrowser.MediaEncoding/Encoder/MediaEncoder.cs b/MediaBrowser.MediaEncoding/Encoder/MediaEncoder.cs
index d2112e5dc..4e63d205c 100644
--- a/MediaBrowser.MediaEncoding/Encoder/MediaEncoder.cs
+++ b/MediaBrowser.MediaEncoding/Encoder/MediaEncoder.cs
@@ -57,7 +57,7 @@ namespace MediaBrowser.MediaEncoding.Encoder
         private readonly IServerConfigurationManager _serverConfig;
         private readonly string _startupOptionFFmpegPath;
 
-        private readonly SemaphoreSlim _thumbnailResourcePool = new SemaphoreSlim(2, 2);
+        private readonly SemaphoreSlim _thumbnailResourcePool;
 
         private readonly object _runningProcessesLock = new object();
         private readonly List<ProcessWrapper> _runningProcesses = new List<ProcessWrapper>();
@@ -113,6 +113,9 @@ namespace MediaBrowser.MediaEncoding.Encoder
 
             _jsonSerializerOptions = new JsonSerializerOptions(JsonDefaults.Options);
             _jsonSerializerOptions.Converters.Add(new JsonBoolStringConverter());
+
+            var semaphoreCount = 2 * Environment.ProcessorCount;
+            _thumbnailResourcePool = new SemaphoreSlim(semaphoreCount, semaphoreCount);
         }
 
         /// <inheritdoc />
diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
index 8af782b3d..78a310f0b 100644
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@@ -189,7 +189,7 @@ namespace MediaBrowser.Model.Configuration
 
         public NameValuePair[] ContentTypes { get; set; } = Array.Empty<NameValuePair>();
 
-        public int RemoteClientBitrateLimit { get; set; } = 0;
+        public int RemoteClientBitrateLimit { get; set; }
 
         public bool EnableFolderView { get; set; } = false;
 
@@ -203,7 +203,7 @@ namespace MediaBrowser.Model.Configuration
 
         public bool EnableExternalContentInSuggestions { get; set; } = true;
 
-        public int ImageExtractionTimeoutMs { get; set; } = 0;
+        public int ImageExtractionTimeoutMs { get; set; }
 
         public PathSubstitution[] PathSubstitutions { get; set; } = Array.Empty<PathSubstitution>();
 
@@ -251,7 +251,7 @@ namespace MediaBrowser.Model.Configuration
         /// Gets or sets the dummy chapter duration in seconds, use 0 (zero) or less to disable generation alltogether.
         /// </summary>
         /// <value>The dummy chapters duration.</value>
-        public int DummyChapterDuration { get; set; } = 0;
+        public int DummyChapterDuration { get; set; }
 
         /// <summary>
         /// Gets or sets the chapter image resolution.
@@ -263,6 +263,6 @@ namespace MediaBrowser.Model.Configuration
         /// Gets or sets the limit for parallel image encoding.
         /// </summary>
         /// <value>The limit for parallel image encoding.</value>
-        public int ParallelImageEncodingLimit { get; set; } = 0;
+        public int ParallelImageEncodingLimit { get; set; }
     }
 }
diff --git a/MediaBrowser.Providers/Manager/ProviderManager.cs b/MediaBrowser.Providers/Manager/ProviderManager.cs
index 1028da32b..5cb28402e 100644
--- a/MediaBrowser.Providers/Manager/ProviderManager.cs
+++ b/MediaBrowser.Providers/Manager/ProviderManager.cs
@@ -131,12 +131,12 @@ namespace MediaBrowser.Providers.Manager
         {
             var type = item.GetType();
 
-            var service = _metadataServices.FirstOrDefault(current => current.CanRefreshPrimary(type));
-            service ??= _metadataServices.FirstOrDefault(current => current.CanRefresh(item));
+            var service = _metadataServices.FirstOrDefault(current => current.CanRefreshPrimary(type))
+                ?? _metadataServices.FirstOrDefault(current => current.CanRefresh(item));
 
             if (service is null)
             {
-                _logger.LogError("Unable to find a metadata service for item of type {TypeName}", item.GetType().Name);
+                _logger.LogError("Unable to find a metadata service for item of type {TypeName}", type.Name);
                 return Task.FromResult(ItemUpdateType.None);
             }
 
@@ -160,7 +160,7 @@ namespace MediaBrowser.Providers.Manager
             // TODO: Isolate this hack into the tvh plugin
             if (string.IsNullOrEmpty(contentType))
             {
-                if (url.IndexOf("/imagecache/", StringComparison.OrdinalIgnoreCase) != -1)
+                if (url.Contains("/imagecache/", StringComparison.OrdinalIgnoreCase))
                 {
                     contentType = "image/png";
                 }
@@ -232,6 +232,11 @@ namespace MediaBrowser.Providers.Manager
                 providers = providers.Where(i => string.Equals(i.Name, providerName, StringComparison.OrdinalIgnoreCase));
             }
 
+            if (query.ImageType is not null)
+            {
+                providers = providers.Where(i => i.GetSupportedImages(item).Contains(query.ImageType.Value));
+            }
+
             var preferredLanguage = item.GetPreferredMetadataLanguage();
 
             var tasks = providers.Select(i => GetImages(item, i, preferredLanguage, query.IncludeAllLanguages, cancellationToken, query.ImageType));
@@ -568,13 +573,7 @@ namespace MediaBrowser.Providers.Manager
 
         /// <inheritdoc/>
         public MetadataOptions GetMetadataOptions(BaseItem item)
-        {
-            var type = item.GetType().Name;
-
-            return _configurationManager.Configuration.MetadataOptions
-                .FirstOrDefault(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase)) ??
-                new MetadataOptions();
-        }
+            => _configurationManager.GetMetadataOptionsForType(item.GetType().Name) ?? new MetadataOptions();
 
         /// <inheritdoc/>
         public Task SaveMetadataAsync(BaseItem item, ItemUpdateType updateType)
@@ -809,27 +808,12 @@ namespace MediaBrowser.Providers.Manager
         {
             var results = await provider.GetSearchResults(searchInfo, cancellationToken).ConfigureAwait(false);
 
-            var list = results.ToList();
-
-            foreach (var item in list)
+            foreach (var item in results)
             {
                 item.SearchProviderName = provider.Name;
             }
 
-            return list;
-        }
-
-        /// <inheritdoc/>
-        public Task<HttpResponseMessage> GetSearchImage(string providerName, string url, CancellationToken cancellationToken)
-        {
-            var provider = _metadataProviders.OfType<IRemoteSearchProvider>().FirstOrDefault(i => string.Equals(i.Name, providerName, StringComparison.OrdinalIgnoreCase));
-
-            if (provider is null)
-            {
-                throw new ArgumentException("Search provider not found.");
-            }
-
-            return provider.GetImageResponse(url, cancellationToken);
+            return results;
         }
 
         private IEnumerable<IExternalId> GetExternalIds(IHasProviderIds item)
@@ -1102,29 +1086,6 @@ namespace MediaBrowser.Providers.Manager
             return RefreshItem(item, options, cancellationToken);
         }
 
-        /// <summary>
-        /// Runs multiple metadata refreshes concurrently.
-        /// </summary>
-        /// <param name="action">The action to run.</param>
-        /// <param name="cancellationToken">The cancellation token.</param>
-        /// <returns>A <see cref="Task"/> representing the result of the asynchronous operation.</returns>
-        public async Task RunMetadataRefresh(Func<Task> action, CancellationToken cancellationToken)
-        {
-            // create a variable for this since it is possible MetadataRefreshThrottler could change due to a config update during a scan
-            var metadataRefreshThrottler = _baseItemManager.MetadataRefreshThrottler;
-
-            await metadataRefreshThrottler.WaitAsync(cancellationToken).ConfigureAwait(false);
-
-            try
-            {
-                await action().ConfigureAwait(false);
-            }
-            finally
-            {
-                metadataRefreshThrottler.Release();
-            }
-        }
-
         /// <inheritdoc/>
         public void Dispose()
         {
diff --git a/MediaBrowser.Providers/Plugins/StudioImages/StudiosImageProvider.cs b/MediaBrowser.Providers/Plugins/StudioImages/StudiosImageProvider.cs
index ae244da19..a8461e991 100644
--- a/MediaBrowser.Providers/Plugins/StudioImages/StudiosImageProvider.cs
+++ b/MediaBrowser.Providers/Plugins/StudioImages/StudiosImageProvider.cs
@@ -64,7 +64,7 @@ namespace MediaBrowser.Providers.Plugins.StudioImages
         {
             var thumbsPath = Path.Combine(_config.ApplicationPaths.CachePath, "imagesbyname", "remotestudiothumbs.txt");
 
-            thumbsPath = await EnsureThumbsList(thumbsPath, cancellationToken).ConfigureAwait(false);
+            await EnsureThumbsList(thumbsPath, cancellationToken).ConfigureAwait(false);
 
             cancellationToken.ThrowIfCancellationRequested();
 
@@ -107,7 +107,7 @@ namespace MediaBrowser.Providers.Plugins.StudioImages
             return string.Format(CultureInfo.InvariantCulture, "{0}/images/{1}/{2}.jpg", GetRepositoryUrl(), image, filename);
         }
 
-        private Task<string> EnsureThumbsList(string file, CancellationToken cancellationToken)
+        private Task EnsureThumbsList(string file, CancellationToken cancellationToken)
         {
             string url = string.Format(CultureInfo.InvariantCulture, "{0}/thumbs.txt", GetRepositoryUrl());
 
@@ -129,7 +129,7 @@ namespace MediaBrowser.Providers.Plugins.StudioImages
         /// <param name="fileSystem">The file system.</param>
         /// <param name="cancellationToken">The cancellation token.</param>
         /// <returns>A Task to ensure existence of a file listing.</returns>
-        public async Task<string> EnsureList(string url, string file, IFileSystem fileSystem, CancellationToken cancellationToken)
+        public async Task EnsureList(string url, string file, IFileSystem fileSystem, CancellationToken cancellationToken)
         {
             var fileInfo = fileSystem.GetFileInfo(file);
 
@@ -148,8 +148,6 @@ namespace MediaBrowser.Providers.Plugins.StudioImages
                     }
                 }
             }
-
-            return file;
         }
 
         /// <summary>
diff --git a/src/Jellyfin.Drawing/ImageProcessor.cs b/src/Jellyfin.Drawing/ImageProcessor.cs
index 533baba4f..4e5d3b4d5 100644
--- a/src/Jellyfin.Drawing/ImageProcessor.cs
+++ b/src/Jellyfin.Drawing/ImageProcessor.cs
@@ -50,14 +50,12 @@ public sealed class ImageProcessor : IImageProcessor, IDisposable
     /// <param name="appPaths">The server application paths.</param>
     /// <param name="fileSystem">The filesystem.</param>
     /// <param name="imageEncoder">The image encoder.</param>
-    /// <param name="mediaEncoder">The media encoder.</param>
     /// <param name="config">The configuration.</param>
     public ImageProcessor(
         ILogger<ImageProcessor> logger,
         IServerApplicationPaths appPaths,
         IFileSystem fileSystem,
         IImageEncoder imageEncoder,
-        IMediaEncoder mediaEncoder,
         IServerConfigurationManager config)
     {
         _logger = logger;
-- 
cgit v1.2.3