From f5f890e68562e55d4bed16c454c4b4305152b296 Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Tue, 31 Jan 2023 12:18:10 +0100
Subject: Migrate to file-scoped namespaces

---
 Jellyfin.Api/Controllers/LiveTvController.cs | 2205 +++++++++++++-------------
 1 file changed, 1102 insertions(+), 1103 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LiveTvController.cs')

diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 5228e0bab..21b424346 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -35,1200 +35,1199 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Jellyfin.Api.Controllers
+namespace Jellyfin.Api.Controllers;
+
+/// <summary>
+/// Live tv controller.
+/// </summary>
+public class LiveTvController : BaseJellyfinApiController
 {
+    private readonly ILiveTvManager _liveTvManager;
+    private readonly IUserManager _userManager;
+    private readonly IHttpClientFactory _httpClientFactory;
+    private readonly ILibraryManager _libraryManager;
+    private readonly IDtoService _dtoService;
+    private readonly IMediaSourceManager _mediaSourceManager;
+    private readonly IConfigurationManager _configurationManager;
+    private readonly TranscodingJobHelper _transcodingJobHelper;
+    private readonly ISessionManager _sessionManager;
+
     /// <summary>
-    /// Live tv controller.
+    /// Initializes a new instance of the <see cref="LiveTvController"/> class.
     /// </summary>
-    public class LiveTvController : BaseJellyfinApiController
+    /// <param name="liveTvManager">Instance of the <see cref="ILiveTvManager"/> interface.</param>
+    /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+    /// <param name="httpClientFactory">Instance of the <see cref="IHttpClientFactory"/> interface.</param>
+    /// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
+    /// <param name="dtoService">Instance of the <see cref="IDtoService"/> interface.</param>
+    /// <param name="mediaSourceManager">Instance of the <see cref="IMediaSourceManager"/> interface.</param>
+    /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
+    /// <param name="transcodingJobHelper">Instance of the <see cref="TranscodingJobHelper"/> class.</param>
+    /// <param name="sessionManager">Instance of the <see cref="ISessionManager"/> interface.</param>
+    public LiveTvController(
+        ILiveTvManager liveTvManager,
+        IUserManager userManager,
+        IHttpClientFactory httpClientFactory,
+        ILibraryManager libraryManager,
+        IDtoService dtoService,
+        IMediaSourceManager mediaSourceManager,
+        IConfigurationManager configurationManager,
+        TranscodingJobHelper transcodingJobHelper,
+        ISessionManager sessionManager)
     {
-        private readonly ILiveTvManager _liveTvManager;
-        private readonly IUserManager _userManager;
-        private readonly IHttpClientFactory _httpClientFactory;
-        private readonly ILibraryManager _libraryManager;
-        private readonly IDtoService _dtoService;
-        private readonly IMediaSourceManager _mediaSourceManager;
-        private readonly IConfigurationManager _configurationManager;
-        private readonly TranscodingJobHelper _transcodingJobHelper;
-        private readonly ISessionManager _sessionManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="LiveTvController"/> class.
-        /// </summary>
-        /// <param name="liveTvManager">Instance of the <see cref="ILiveTvManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="httpClientFactory">Instance of the <see cref="IHttpClientFactory"/> interface.</param>
-        /// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
-        /// <param name="dtoService">Instance of the <see cref="IDtoService"/> interface.</param>
-        /// <param name="mediaSourceManager">Instance of the <see cref="IMediaSourceManager"/> interface.</param>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="transcodingJobHelper">Instance of the <see cref="TranscodingJobHelper"/> class.</param>
-        /// <param name="sessionManager">Instance of the <see cref="ISessionManager"/> interface.</param>
-        public LiveTvController(
-            ILiveTvManager liveTvManager,
-            IUserManager userManager,
-            IHttpClientFactory httpClientFactory,
-            ILibraryManager libraryManager,
-            IDtoService dtoService,
-            IMediaSourceManager mediaSourceManager,
-            IConfigurationManager configurationManager,
-            TranscodingJobHelper transcodingJobHelper,
-            ISessionManager sessionManager)
-        {
-            _liveTvManager = liveTvManager;
-            _userManager = userManager;
-            _httpClientFactory = httpClientFactory;
-            _libraryManager = libraryManager;
-            _dtoService = dtoService;
-            _mediaSourceManager = mediaSourceManager;
-            _configurationManager = configurationManager;
-            _transcodingJobHelper = transcodingJobHelper;
-            _sessionManager = sessionManager;
-        }
+        _liveTvManager = liveTvManager;
+        _userManager = userManager;
+        _httpClientFactory = httpClientFactory;
+        _libraryManager = libraryManager;
+        _dtoService = dtoService;
+        _mediaSourceManager = mediaSourceManager;
+        _configurationManager = configurationManager;
+        _transcodingJobHelper = transcodingJobHelper;
+        _sessionManager = sessionManager;
+    }
 
-        /// <summary>
-        /// Gets available live tv services.
-        /// </summary>
-        /// <response code="200">Available live tv services returned.</response>
-        /// <returns>
-        /// An <see cref="OkResult"/> containing the available live tv services.
-        /// </returns>
-        [HttpGet("Info")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult<LiveTvInfo> GetLiveTvInfo()
-        {
-            return _liveTvManager.GetLiveTvInfo(CancellationToken.None);
-        }
+    /// <summary>
+    /// Gets available live tv services.
+    /// </summary>
+    /// <response code="200">Available live tv services returned.</response>
+    /// <returns>
+    /// An <see cref="OkResult"/> containing the available live tv services.
+    /// </returns>
+    [HttpGet("Info")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public ActionResult<LiveTvInfo> GetLiveTvInfo()
+    {
+        return _liveTvManager.GetLiveTvInfo(CancellationToken.None);
+    }
 
-        /// <summary>
-        /// Gets available live tv channels.
-        /// </summary>
-        /// <param name="type">Optional. Filter by channel type.</param>
-        /// <param name="userId">Optional. Filter by user and attach user data.</param>
-        /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
-        /// <param name="isMovie">Optional. Filter for movies.</param>
-        /// <param name="isSeries">Optional. Filter for series.</param>
-        /// <param name="isNews">Optional. Filter for news.</param>
-        /// <param name="isKids">Optional. Filter for kids.</param>
-        /// <param name="isSports">Optional. Filter for sports.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="isFavorite">Optional. Filter by channels that are favorites, or not.</param>
-        /// <param name="isLiked">Optional. Filter by channels that are liked, or not.</param>
-        /// <param name="isDisliked">Optional. Filter by channels that are disliked, or not.</param>
-        /// <param name="enableImages">Optional. Include image information in output.</param>
-        /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
-        /// <param name="enableImageTypes">"Optional. The image types to include in the output.</param>
-        /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
-        /// <param name="enableUserData">Optional. Include user data.</param>
-        /// <param name="sortBy">Optional. Key to sort by.</param>
-        /// <param name="sortOrder">Optional. Sort order.</param>
-        /// <param name="enableFavoriteSorting">Optional. Incorporate favorite and like status into channel sorting.</param>
-        /// <param name="addCurrentProgram">Optional. Adds current program info to each channel.</param>
-        /// <response code="200">Available live tv channels returned.</response>
-        /// <returns>
-        /// An <see cref="OkResult"/> containing the resulting available live tv channels.
-        /// </returns>
-        [HttpGet("Channels")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels(
-            [FromQuery] ChannelType? type,
-            [FromQuery] Guid? userId,
-            [FromQuery] int? startIndex,
-            [FromQuery] bool? isMovie,
-            [FromQuery] bool? isSeries,
-            [FromQuery] bool? isNews,
-            [FromQuery] bool? isKids,
-            [FromQuery] bool? isSports,
-            [FromQuery] int? limit,
-            [FromQuery] bool? isFavorite,
-            [FromQuery] bool? isLiked,
-            [FromQuery] bool? isDisliked,
-            [FromQuery] bool? enableImages,
-            [FromQuery] int? imageTypeLimit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
-            [FromQuery] bool? enableUserData,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] sortBy,
-            [FromQuery] SortOrder? sortOrder,
-            [FromQuery] bool enableFavoriteSorting = false,
-            [FromQuery] bool addCurrentProgram = true)
-        {
-            var dtoOptions = new DtoOptions { Fields = fields }
-                .AddClientFields(User)
-                .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
-
-            var channelResult = _liveTvManager.GetInternalChannels(
-                new LiveTvChannelQuery
-                {
-                    ChannelType = type,
-                    UserId = userId ?? Guid.Empty,
-                    StartIndex = startIndex,
-                    Limit = limit,
-                    IsFavorite = isFavorite,
-                    IsLiked = isLiked,
-                    IsDisliked = isDisliked,
-                    EnableFavoriteSorting = enableFavoriteSorting,
-                    IsMovie = isMovie,
-                    IsSeries = isSeries,
-                    IsNews = isNews,
-                    IsKids = isKids,
-                    IsSports = isSports,
-                    SortBy = sortBy,
-                    SortOrder = sortOrder ?? SortOrder.Ascending,
-                    AddCurrentProgram = addCurrentProgram
-                },
-                dtoOptions,
-                CancellationToken.None);
-
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-
-            var fieldsList = dtoOptions.Fields.ToList();
-            fieldsList.Remove(ItemFields.CanDelete);
-            fieldsList.Remove(ItemFields.CanDownload);
-            fieldsList.Remove(ItemFields.DisplayPreferencesId);
-            fieldsList.Remove(ItemFields.Etag);
-            dtoOptions.Fields = fieldsList.ToArray();
-            dtoOptions.AddCurrentProgram = addCurrentProgram;
-
-            var returnArray = _dtoService.GetBaseItemDtos(channelResult.Items, dtoOptions, user);
-            return new QueryResult<BaseItemDto>(
-                startIndex,
-                channelResult.TotalRecordCount,
-                returnArray);
-        }
+    /// <summary>
+    /// Gets available live tv channels.
+    /// </summary>
+    /// <param name="type">Optional. Filter by channel type.</param>
+    /// <param name="userId">Optional. Filter by user and attach user data.</param>
+    /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
+    /// <param name="isMovie">Optional. Filter for movies.</param>
+    /// <param name="isSeries">Optional. Filter for series.</param>
+    /// <param name="isNews">Optional. Filter for news.</param>
+    /// <param name="isKids">Optional. Filter for kids.</param>
+    /// <param name="isSports">Optional. Filter for sports.</param>
+    /// <param name="limit">Optional. The maximum number of records to return.</param>
+    /// <param name="isFavorite">Optional. Filter by channels that are favorites, or not.</param>
+    /// <param name="isLiked">Optional. Filter by channels that are liked, or not.</param>
+    /// <param name="isDisliked">Optional. Filter by channels that are disliked, or not.</param>
+    /// <param name="enableImages">Optional. Include image information in output.</param>
+    /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
+    /// <param name="enableImageTypes">"Optional. The image types to include in the output.</param>
+    /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
+    /// <param name="enableUserData">Optional. Include user data.</param>
+    /// <param name="sortBy">Optional. Key to sort by.</param>
+    /// <param name="sortOrder">Optional. Sort order.</param>
+    /// <param name="enableFavoriteSorting">Optional. Incorporate favorite and like status into channel sorting.</param>
+    /// <param name="addCurrentProgram">Optional. Adds current program info to each channel.</param>
+    /// <response code="200">Available live tv channels returned.</response>
+    /// <returns>
+    /// An <see cref="OkResult"/> containing the resulting available live tv channels.
+    /// </returns>
+    [HttpGet("Channels")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels(
+        [FromQuery] ChannelType? type,
+        [FromQuery] Guid? userId,
+        [FromQuery] int? startIndex,
+        [FromQuery] bool? isMovie,
+        [FromQuery] bool? isSeries,
+        [FromQuery] bool? isNews,
+        [FromQuery] bool? isKids,
+        [FromQuery] bool? isSports,
+        [FromQuery] int? limit,
+        [FromQuery] bool? isFavorite,
+        [FromQuery] bool? isLiked,
+        [FromQuery] bool? isDisliked,
+        [FromQuery] bool? enableImages,
+        [FromQuery] int? imageTypeLimit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
+        [FromQuery] bool? enableUserData,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] sortBy,
+        [FromQuery] SortOrder? sortOrder,
+        [FromQuery] bool enableFavoriteSorting = false,
+        [FromQuery] bool addCurrentProgram = true)
+    {
+        var dtoOptions = new DtoOptions { Fields = fields }
+            .AddClientFields(User)
+            .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
 
-        /// <summary>
-        /// Gets a live tv channel.
-        /// </summary>
-        /// <param name="channelId">Channel id.</param>
-        /// <param name="userId">Optional. Attach user data.</param>
-        /// <response code="200">Live tv channel returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns>
-        [HttpGet("Channels/{channelId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-            var item = channelId.Equals(default)
-                ? _libraryManager.GetUserRootFolder()
-                : _libraryManager.GetItemById(channelId);
-
-            var dtoOptions = new DtoOptions()
-                .AddClientFields(User);
-            return _dtoService.GetBaseItemDto(item, dtoOptions, user);
-        }
+        var channelResult = _liveTvManager.GetInternalChannels(
+            new LiveTvChannelQuery
+            {
+                ChannelType = type,
+                UserId = userId ?? Guid.Empty,
+                StartIndex = startIndex,
+                Limit = limit,
+                IsFavorite = isFavorite,
+                IsLiked = isLiked,
+                IsDisliked = isDisliked,
+                EnableFavoriteSorting = enableFavoriteSorting,
+                IsMovie = isMovie,
+                IsSeries = isSeries,
+                IsNews = isNews,
+                IsKids = isKids,
+                IsSports = isSports,
+                SortBy = sortBy,
+                SortOrder = sortOrder ?? SortOrder.Ascending,
+                AddCurrentProgram = addCurrentProgram
+            },
+            dtoOptions,
+            CancellationToken.None);
+
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
+
+        var fieldsList = dtoOptions.Fields.ToList();
+        fieldsList.Remove(ItemFields.CanDelete);
+        fieldsList.Remove(ItemFields.CanDownload);
+        fieldsList.Remove(ItemFields.DisplayPreferencesId);
+        fieldsList.Remove(ItemFields.Etag);
+        dtoOptions.Fields = fieldsList.ToArray();
+        dtoOptions.AddCurrentProgram = addCurrentProgram;
+
+        var returnArray = _dtoService.GetBaseItemDtos(channelResult.Items, dtoOptions, user);
+        return new QueryResult<BaseItemDto>(
+            startIndex,
+            channelResult.TotalRecordCount,
+            returnArray);
+    }
 
-        /// <summary>
-        /// Gets live tv recordings.
-        /// </summary>
-        /// <param name="channelId">Optional. Filter by channel id.</param>
-        /// <param name="userId">Optional. Filter by user and attach user data.</param>
-        /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="status">Optional. Filter by recording status.</param>
-        /// <param name="isInProgress">Optional. Filter by recordings that are in progress, or not.</param>
-        /// <param name="seriesTimerId">Optional. Filter by recordings belonging to a series timer.</param>
-        /// <param name="enableImages">Optional. Include image information in output.</param>
-        /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
-        /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
-        /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
-        /// <param name="enableUserData">Optional. Include user data.</param>
-        /// <param name="isMovie">Optional. Filter for movies.</param>
-        /// <param name="isSeries">Optional. Filter for series.</param>
-        /// <param name="isKids">Optional. Filter for kids.</param>
-        /// <param name="isSports">Optional. Filter for sports.</param>
-        /// <param name="isNews">Optional. Filter for news.</param>
-        /// <param name="isLibraryItem">Optional. Filter for is library item.</param>
-        /// <param name="enableTotalRecordCount">Optional. Return total record count.</param>
-        /// <response code="200">Live tv recordings returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
-        [HttpGet("Recordings")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult<QueryResult<BaseItemDto>> GetRecordings(
-            [FromQuery] string? channelId,
-            [FromQuery] Guid? userId,
-            [FromQuery] int? startIndex,
-            [FromQuery] int? limit,
-            [FromQuery] RecordingStatus? status,
-            [FromQuery] bool? isInProgress,
-            [FromQuery] string? seriesTimerId,
-            [FromQuery] bool? enableImages,
-            [FromQuery] int? imageTypeLimit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
-            [FromQuery] bool? enableUserData,
-            [FromQuery] bool? isMovie,
-            [FromQuery] bool? isSeries,
-            [FromQuery] bool? isKids,
-            [FromQuery] bool? isSports,
-            [FromQuery] bool? isNews,
-            [FromQuery] bool? isLibraryItem,
-            [FromQuery] bool enableTotalRecordCount = true)
-        {
-            var dtoOptions = new DtoOptions { Fields = fields }
-                .AddClientFields(User)
-                .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
-
-            return _liveTvManager.GetRecordings(
-                new RecordingQuery
-                {
-                    ChannelId = channelId,
-                    UserId = userId ?? Guid.Empty,
-                    StartIndex = startIndex,
-                    Limit = limit,
-                    Status = status,
-                    SeriesTimerId = seriesTimerId,
-                    IsInProgress = isInProgress,
-                    EnableTotalRecordCount = enableTotalRecordCount,
-                    IsMovie = isMovie,
-                    IsNews = isNews,
-                    IsSeries = isSeries,
-                    IsKids = isKids,
-                    IsSports = isSports,
-                    IsLibraryItem = isLibraryItem,
-                    Fields = fields,
-                    ImageTypeLimit = imageTypeLimit,
-                    EnableImages = enableImages
-                },
-                dtoOptions);
-        }
+    /// <summary>
+    /// Gets a live tv channel.
+    /// </summary>
+    /// <param name="channelId">Channel id.</param>
+    /// <param name="userId">Optional. Attach user data.</param>
+    /// <response code="200">Live tv channel returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns>
+    [HttpGet("Channels/{channelId}")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
+        var item = channelId.Equals(default)
+            ? _libraryManager.GetUserRootFolder()
+            : _libraryManager.GetItemById(channelId);
+
+        var dtoOptions = new DtoOptions()
+            .AddClientFields(User);
+        return _dtoService.GetBaseItemDto(item, dtoOptions, user);
+    }
 
-        /// <summary>
-        /// Gets live tv recording series.
-        /// </summary>
-        /// <param name="channelId">Optional. Filter by channel id.</param>
-        /// <param name="userId">Optional. Filter by user and attach user data.</param>
-        /// <param name="groupId">Optional. Filter by recording group.</param>
-        /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="status">Optional. Filter by recording status.</param>
-        /// <param name="isInProgress">Optional. Filter by recordings that are in progress, or not.</param>
-        /// <param name="seriesTimerId">Optional. Filter by recordings belonging to a series timer.</param>
-        /// <param name="enableImages">Optional. Include image information in output.</param>
-        /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
-        /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
-        /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
-        /// <param name="enableUserData">Optional. Include user data.</param>
-        /// <param name="enableTotalRecordCount">Optional. Return total record count.</param>
-        /// <response code="200">Live tv recordings returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
-        [HttpGet("Recordings/Series")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [Obsolete("This endpoint is obsolete.")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "groupId", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "startIndex", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "limit", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "status", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isInProgress", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "seriesTimerId", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableImages", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageTypeLimit", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableImageTypes", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "fields", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableUserData", Justification = "Imported from ServiceStack")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableTotalRecordCount", Justification = "Imported from ServiceStack")]
-        public ActionResult<QueryResult<BaseItemDto>> GetRecordingsSeries(
-            [FromQuery] string? channelId,
-            [FromQuery] Guid? userId,
-            [FromQuery] string? groupId,
-            [FromQuery] int? startIndex,
-            [FromQuery] int? limit,
-            [FromQuery] RecordingStatus? status,
-            [FromQuery] bool? isInProgress,
-            [FromQuery] string? seriesTimerId,
-            [FromQuery] bool? enableImages,
-            [FromQuery] int? imageTypeLimit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
-            [FromQuery] bool? enableUserData,
-            [FromQuery] bool enableTotalRecordCount = true)
-        {
-            return new QueryResult<BaseItemDto>();
-        }
+    /// <summary>
+    /// Gets live tv recordings.
+    /// </summary>
+    /// <param name="channelId">Optional. Filter by channel id.</param>
+    /// <param name="userId">Optional. Filter by user and attach user data.</param>
+    /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
+    /// <param name="limit">Optional. The maximum number of records to return.</param>
+    /// <param name="status">Optional. Filter by recording status.</param>
+    /// <param name="isInProgress">Optional. Filter by recordings that are in progress, or not.</param>
+    /// <param name="seriesTimerId">Optional. Filter by recordings belonging to a series timer.</param>
+    /// <param name="enableImages">Optional. Include image information in output.</param>
+    /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
+    /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
+    /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
+    /// <param name="enableUserData">Optional. Include user data.</param>
+    /// <param name="isMovie">Optional. Filter for movies.</param>
+    /// <param name="isSeries">Optional. Filter for series.</param>
+    /// <param name="isKids">Optional. Filter for kids.</param>
+    /// <param name="isSports">Optional. Filter for sports.</param>
+    /// <param name="isNews">Optional. Filter for news.</param>
+    /// <param name="isLibraryItem">Optional. Filter for is library item.</param>
+    /// <param name="enableTotalRecordCount">Optional. Return total record count.</param>
+    /// <response code="200">Live tv recordings returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
+    [HttpGet("Recordings")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public ActionResult<QueryResult<BaseItemDto>> GetRecordings(
+        [FromQuery] string? channelId,
+        [FromQuery] Guid? userId,
+        [FromQuery] int? startIndex,
+        [FromQuery] int? limit,
+        [FromQuery] RecordingStatus? status,
+        [FromQuery] bool? isInProgress,
+        [FromQuery] string? seriesTimerId,
+        [FromQuery] bool? enableImages,
+        [FromQuery] int? imageTypeLimit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
+        [FromQuery] bool? enableUserData,
+        [FromQuery] bool? isMovie,
+        [FromQuery] bool? isSeries,
+        [FromQuery] bool? isKids,
+        [FromQuery] bool? isSports,
+        [FromQuery] bool? isNews,
+        [FromQuery] bool? isLibraryItem,
+        [FromQuery] bool enableTotalRecordCount = true)
+    {
+        var dtoOptions = new DtoOptions { Fields = fields }
+            .AddClientFields(User)
+            .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
 
-        /// <summary>
-        /// Gets live tv recording groups.
-        /// </summary>
-        /// <param name="userId">Optional. Filter by user and attach user data.</param>
-        /// <response code="200">Recording groups returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the recording groups.</returns>
-        [HttpGet("Recordings/Groups")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [Obsolete("This endpoint is obsolete.")]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
-        public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId)
-        {
-            return new QueryResult<BaseItemDto>();
-        }
+        return _liveTvManager.GetRecordings(
+            new RecordingQuery
+            {
+                ChannelId = channelId,
+                UserId = userId ?? Guid.Empty,
+                StartIndex = startIndex,
+                Limit = limit,
+                Status = status,
+                SeriesTimerId = seriesTimerId,
+                IsInProgress = isInProgress,
+                EnableTotalRecordCount = enableTotalRecordCount,
+                IsMovie = isMovie,
+                IsNews = isNews,
+                IsSeries = isSeries,
+                IsKids = isKids,
+                IsSports = isSports,
+                IsLibraryItem = isLibraryItem,
+                Fields = fields,
+                ImageTypeLimit = imageTypeLimit,
+                EnableImages = enableImages
+            },
+            dtoOptions);
+    }
 
-        /// <summary>
-        /// Gets recording folders.
-        /// </summary>
-        /// <param name="userId">Optional. Filter by user and attach user data.</param>
-        /// <response code="200">Recording folders returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the recording folders.</returns>
-        [HttpGet("Recordings/Folders")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-            var folders = _liveTvManager.GetRecordingFolders(user);
+    /// <summary>
+    /// Gets live tv recording series.
+    /// </summary>
+    /// <param name="channelId">Optional. Filter by channel id.</param>
+    /// <param name="userId">Optional. Filter by user and attach user data.</param>
+    /// <param name="groupId">Optional. Filter by recording group.</param>
+    /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
+    /// <param name="limit">Optional. The maximum number of records to return.</param>
+    /// <param name="status">Optional. Filter by recording status.</param>
+    /// <param name="isInProgress">Optional. Filter by recordings that are in progress, or not.</param>
+    /// <param name="seriesTimerId">Optional. Filter by recordings belonging to a series timer.</param>
+    /// <param name="enableImages">Optional. Include image information in output.</param>
+    /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
+    /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
+    /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
+    /// <param name="enableUserData">Optional. Include user data.</param>
+    /// <param name="enableTotalRecordCount">Optional. Return total record count.</param>
+    /// <response code="200">Live tv recordings returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
+    [HttpGet("Recordings/Series")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Obsolete("This endpoint is obsolete.")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "groupId", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "startIndex", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "limit", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "status", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isInProgress", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "seriesTimerId", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableImages", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageTypeLimit", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableImageTypes", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "fields", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableUserData", Justification = "Imported from ServiceStack")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "enableTotalRecordCount", Justification = "Imported from ServiceStack")]
+    public ActionResult<QueryResult<BaseItemDto>> GetRecordingsSeries(
+        [FromQuery] string? channelId,
+        [FromQuery] Guid? userId,
+        [FromQuery] string? groupId,
+        [FromQuery] int? startIndex,
+        [FromQuery] int? limit,
+        [FromQuery] RecordingStatus? status,
+        [FromQuery] bool? isInProgress,
+        [FromQuery] string? seriesTimerId,
+        [FromQuery] bool? enableImages,
+        [FromQuery] int? imageTypeLimit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
+        [FromQuery] bool? enableUserData,
+        [FromQuery] bool enableTotalRecordCount = true)
+    {
+        return new QueryResult<BaseItemDto>();
+    }
 
-            var returnArray = _dtoService.GetBaseItemDtos(folders, new DtoOptions(), user);
+    /// <summary>
+    /// Gets live tv recording groups.
+    /// </summary>
+    /// <param name="userId">Optional. Filter by user and attach user data.</param>
+    /// <response code="200">Recording groups returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the recording groups.</returns>
+    [HttpGet("Recordings/Groups")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Obsolete("This endpoint is obsolete.")]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+    public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId)
+    {
+        return new QueryResult<BaseItemDto>();
+    }
 
-            return new QueryResult<BaseItemDto>(returnArray);
-        }
+    /// <summary>
+    /// Gets recording folders.
+    /// </summary>
+    /// <param name="userId">Optional. Filter by user and attach user data.</param>
+    /// <response code="200">Recording folders returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the recording folders.</returns>
+    [HttpGet("Recordings/Folders")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
+        var folders = _liveTvManager.GetRecordingFolders(user);
 
-        /// <summary>
-        /// Gets a live tv recording.
-        /// </summary>
-        /// <param name="recordingId">Recording id.</param>
-        /// <param name="userId">Optional. Attach user data.</param>
-        /// <response code="200">Recording returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns>
-        [HttpGet("Recordings/{recordingId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
-            var item = recordingId.Equals(default) ? _libraryManager.GetUserRootFolder() : _libraryManager.GetItemById(recordingId);
+        var returnArray = _dtoService.GetBaseItemDtos(folders, new DtoOptions(), user);
 
-            var dtoOptions = new DtoOptions()
-                .AddClientFields(User);
+        return new QueryResult<BaseItemDto>(returnArray);
+    }
 
-            return _dtoService.GetBaseItemDto(item, dtoOptions, user);
-        }
+    /// <summary>
+    /// Gets a live tv recording.
+    /// </summary>
+    /// <param name="recordingId">Recording id.</param>
+    /// <param name="userId">Optional. Attach user data.</param>
+    /// <response code="200">Recording returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns>
+    [HttpGet("Recordings/{recordingId}")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
+        var item = recordingId.Equals(default) ? _libraryManager.GetUserRootFolder() : _libraryManager.GetItemById(recordingId);
 
-        /// <summary>
-        /// Resets a tv tuner.
-        /// </summary>
-        /// <param name="tunerId">Tuner id.</param>
-        /// <response code="204">Tuner reset.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Tuners/{tunerId}/Reset")]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
-        {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.ResetTuner(tunerId, CancellationToken.None).ConfigureAwait(false);
-            return NoContent();
-        }
+        var dtoOptions = new DtoOptions()
+            .AddClientFields(User);
 
-        /// <summary>
-        /// Gets a timer.
-        /// </summary>
-        /// <param name="timerId">Timer id.</param>
-        /// <response code="200">Timer returned.</response>
-        /// <returns>
-        /// A <see cref="Task"/> containing an <see cref="OkResult"/> which contains the timer.
-        /// </returns>
-        [HttpGet("Timers/{timerId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId)
-        {
-            return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false);
-        }
+        return _dtoService.GetBaseItemDto(item, dtoOptions, user);
+    }
 
-        /// <summary>
-        /// Gets the default values for a new timer.
-        /// </summary>
-        /// <param name="programId">Optional. To attach default values based on a program.</param>
-        /// <response code="200">Default values returned.</response>
-        /// <returns>
-        /// A <see cref="Task"/> containing an <see cref="OkResult"/> which contains the default values for a timer.
-        /// </returns>
-        [HttpGet("Timers/Defaults")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId)
-        {
-            return string.IsNullOrEmpty(programId)
-                ? await _liveTvManager.GetNewTimerDefaults(CancellationToken.None).ConfigureAwait(false)
-                : await _liveTvManager.GetNewTimerDefaults(programId, CancellationToken.None).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Resets a tv tuner.
+    /// </summary>
+    /// <param name="tunerId">Tuner id.</param>
+    /// <response code="204">Tuner reset.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Tuners/{tunerId}/Reset")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.ResetTuner(tunerId, CancellationToken.None).ConfigureAwait(false);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Gets the live tv timers.
-        /// </summary>
-        /// <param name="channelId">Optional. Filter by channel id.</param>
-        /// <param name="seriesTimerId">Optional. Filter by timers belonging to a series timer.</param>
-        /// <param name="isActive">Optional. Filter by timers that are active.</param>
-        /// <param name="isScheduled">Optional. Filter by timers that are scheduled.</param>
-        /// <returns>
-        /// A <see cref="Task"/> containing an <see cref="OkResult"/> which contains the live tv timers.
-        /// </returns>
-        [HttpGet("Timers")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers(
-            [FromQuery] string? channelId,
-            [FromQuery] string? seriesTimerId,
-            [FromQuery] bool? isActive,
-            [FromQuery] bool? isScheduled)
-        {
-            return await _liveTvManager.GetTimers(
-                new TimerQuery
-                {
-                    ChannelId = channelId,
-                    SeriesTimerId = seriesTimerId,
-                    IsActive = isActive,
-                    IsScheduled = isScheduled
-                },
-                CancellationToken.None).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Gets a timer.
+    /// </summary>
+    /// <param name="timerId">Timer id.</param>
+    /// <response code="200">Timer returned.</response>
+    /// <returns>
+    /// A <see cref="Task"/> containing an <see cref="OkResult"/> which contains the timer.
+    /// </returns>
+    [HttpGet("Timers/{timerId}")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId)
+    {
+        return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false);
+    }
 
-        /// <summary>
-        /// Gets available live tv epgs.
-        /// </summary>
-        /// <param name="channelIds">The channels to return guide information for.</param>
-        /// <param name="userId">Optional. Filter by user id.</param>
-        /// <param name="minStartDate">Optional. The minimum premiere start date.</param>
-        /// <param name="hasAired">Optional. Filter by programs that have completed airing, or not.</param>
-        /// <param name="isAiring">Optional. Filter by programs that are currently airing, or not.</param>
-        /// <param name="maxStartDate">Optional. The maximum premiere start date.</param>
-        /// <param name="minEndDate">Optional. The minimum premiere end date.</param>
-        /// <param name="maxEndDate">Optional. The maximum premiere end date.</param>
-        /// <param name="isMovie">Optional. Filter for movies.</param>
-        /// <param name="isSeries">Optional. Filter for series.</param>
-        /// <param name="isNews">Optional. Filter for news.</param>
-        /// <param name="isKids">Optional. Filter for kids.</param>
-        /// <param name="isSports">Optional. Filter for sports.</param>
-        /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="sortBy">Optional. Specify one or more sort orders, comma delimited. Options: Name, StartDate.</param>
-        /// <param name="sortOrder">Sort Order - Ascending,Descending.</param>
-        /// <param name="genres">The genres to return guide information for.</param>
-        /// <param name="genreIds">The genre ids to return guide information for.</param>
-        /// <param name="enableImages">Optional. Include image information in output.</param>
-        /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
-        /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
-        /// <param name="enableUserData">Optional. Include user data.</param>
-        /// <param name="seriesTimerId">Optional. Filter by series timer id.</param>
-        /// <param name="librarySeriesId">Optional. Filter by library series id.</param>
-        /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
-        /// <param name="enableTotalRecordCount">Retrieve total record count.</param>
-        /// <response code="200">Live tv epgs returned.</response>
-        /// <returns>
-        /// A <see cref="Task"/> containing a <see cref="OkResult"/> which contains the live tv epgs.
-        /// </returns>
-        [HttpGet("Programs")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms(
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds,
-            [FromQuery] Guid? userId,
-            [FromQuery] DateTime? minStartDate,
-            [FromQuery] bool? hasAired,
-            [FromQuery] bool? isAiring,
-            [FromQuery] DateTime? maxStartDate,
-            [FromQuery] DateTime? minEndDate,
-            [FromQuery] DateTime? maxEndDate,
-            [FromQuery] bool? isMovie,
-            [FromQuery] bool? isSeries,
-            [FromQuery] bool? isNews,
-            [FromQuery] bool? isKids,
-            [FromQuery] bool? isSports,
-            [FromQuery] int? startIndex,
-            [FromQuery] int? limit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] sortBy,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] SortOrder[] sortOrder,
-            [FromQuery, ModelBinder(typeof(PipeDelimitedArrayModelBinder))] string[] genres,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] genreIds,
-            [FromQuery] bool? enableImages,
-            [FromQuery] int? imageTypeLimit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
-            [FromQuery] bool? enableUserData,
-            [FromQuery] string? seriesTimerId,
-            [FromQuery] Guid? librarySeriesId,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
-            [FromQuery] bool enableTotalRecordCount = true)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
+    /// <summary>
+    /// Gets the default values for a new timer.
+    /// </summary>
+    /// <param name="programId">Optional. To attach default values based on a program.</param>
+    /// <response code="200">Default values returned.</response>
+    /// <returns>
+    /// A <see cref="Task"/> containing an <see cref="OkResult"/> which contains the default values for a timer.
+    /// </returns>
+    [HttpGet("Timers/Defaults")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId)
+    {
+        return string.IsNullOrEmpty(programId)
+            ? await _liveTvManager.GetNewTimerDefaults(CancellationToken.None).ConfigureAwait(false)
+            : await _liveTvManager.GetNewTimerDefaults(programId, CancellationToken.None).ConfigureAwait(false);
+    }
 
-            var query = new InternalItemsQuery(user)
+    /// <summary>
+    /// Gets the live tv timers.
+    /// </summary>
+    /// <param name="channelId">Optional. Filter by channel id.</param>
+    /// <param name="seriesTimerId">Optional. Filter by timers belonging to a series timer.</param>
+    /// <param name="isActive">Optional. Filter by timers that are active.</param>
+    /// <param name="isScheduled">Optional. Filter by timers that are scheduled.</param>
+    /// <returns>
+    /// A <see cref="Task"/> containing an <see cref="OkResult"/> which contains the live tv timers.
+    /// </returns>
+    [HttpGet("Timers")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers(
+        [FromQuery] string? channelId,
+        [FromQuery] string? seriesTimerId,
+        [FromQuery] bool? isActive,
+        [FromQuery] bool? isScheduled)
+    {
+        return await _liveTvManager.GetTimers(
+            new TimerQuery
             {
-                ChannelIds = channelIds,
-                HasAired = hasAired,
-                IsAiring = isAiring,
-                EnableTotalRecordCount = enableTotalRecordCount,
-                MinStartDate = minStartDate,
-                MinEndDate = minEndDate,
-                MaxStartDate = maxStartDate,
-                MaxEndDate = maxEndDate,
-                StartIndex = startIndex,
-                Limit = limit,
-                OrderBy = RequestHelpers.GetOrderBy(sortBy, sortOrder),
-                IsNews = isNews,
-                IsMovie = isMovie,
-                IsSeries = isSeries,
-                IsKids = isKids,
-                IsSports = isSports,
+                ChannelId = channelId,
                 SeriesTimerId = seriesTimerId,
-                Genres = genres,
-                GenreIds = genreIds
-            };
-
-            if (librarySeriesId.HasValue && !librarySeriesId.Equals(default))
-            {
-                query.IsSeries = true;
-
-                if (_libraryManager.GetItemById(librarySeriesId.Value) is Series series)
-                {
-                    query.Name = series.Name;
-                }
-            }
+                IsActive = isActive,
+                IsScheduled = isScheduled
+            },
+            CancellationToken.None).ConfigureAwait(false);
+    }
 
-            var dtoOptions = new DtoOptions { Fields = fields }
-                .AddClientFields(User)
-                .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
-            return await _liveTvManager.GetPrograms(query, dtoOptions, CancellationToken.None).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Gets available live tv epgs.
+    /// </summary>
+    /// <param name="channelIds">The channels to return guide information for.</param>
+    /// <param name="userId">Optional. Filter by user id.</param>
+    /// <param name="minStartDate">Optional. The minimum premiere start date.</param>
+    /// <param name="hasAired">Optional. Filter by programs that have completed airing, or not.</param>
+    /// <param name="isAiring">Optional. Filter by programs that are currently airing, or not.</param>
+    /// <param name="maxStartDate">Optional. The maximum premiere start date.</param>
+    /// <param name="minEndDate">Optional. The minimum premiere end date.</param>
+    /// <param name="maxEndDate">Optional. The maximum premiere end date.</param>
+    /// <param name="isMovie">Optional. Filter for movies.</param>
+    /// <param name="isSeries">Optional. Filter for series.</param>
+    /// <param name="isNews">Optional. Filter for news.</param>
+    /// <param name="isKids">Optional. Filter for kids.</param>
+    /// <param name="isSports">Optional. Filter for sports.</param>
+    /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
+    /// <param name="limit">Optional. The maximum number of records to return.</param>
+    /// <param name="sortBy">Optional. Specify one or more sort orders, comma delimited. Options: Name, StartDate.</param>
+    /// <param name="sortOrder">Sort Order - Ascending,Descending.</param>
+    /// <param name="genres">The genres to return guide information for.</param>
+    /// <param name="genreIds">The genre ids to return guide information for.</param>
+    /// <param name="enableImages">Optional. Include image information in output.</param>
+    /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
+    /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
+    /// <param name="enableUserData">Optional. Include user data.</param>
+    /// <param name="seriesTimerId">Optional. Filter by series timer id.</param>
+    /// <param name="librarySeriesId">Optional. Filter by library series id.</param>
+    /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
+    /// <param name="enableTotalRecordCount">Retrieve total record count.</param>
+    /// <response code="200">Live tv epgs returned.</response>
+    /// <returns>
+    /// A <see cref="Task"/> containing a <see cref="OkResult"/> which contains the live tv epgs.
+    /// </returns>
+    [HttpGet("Programs")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms(
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds,
+        [FromQuery] Guid? userId,
+        [FromQuery] DateTime? minStartDate,
+        [FromQuery] bool? hasAired,
+        [FromQuery] bool? isAiring,
+        [FromQuery] DateTime? maxStartDate,
+        [FromQuery] DateTime? minEndDate,
+        [FromQuery] DateTime? maxEndDate,
+        [FromQuery] bool? isMovie,
+        [FromQuery] bool? isSeries,
+        [FromQuery] bool? isNews,
+        [FromQuery] bool? isKids,
+        [FromQuery] bool? isSports,
+        [FromQuery] int? startIndex,
+        [FromQuery] int? limit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] sortBy,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] SortOrder[] sortOrder,
+        [FromQuery, ModelBinder(typeof(PipeDelimitedArrayModelBinder))] string[] genres,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] genreIds,
+        [FromQuery] bool? enableImages,
+        [FromQuery] int? imageTypeLimit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
+        [FromQuery] bool? enableUserData,
+        [FromQuery] string? seriesTimerId,
+        [FromQuery] Guid? librarySeriesId,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
+        [FromQuery] bool enableTotalRecordCount = true)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
 
-        /// <summary>
-        /// Gets available live tv epgs.
-        /// </summary>
-        /// <param name="body">Request body.</param>
-        /// <response code="200">Live tv epgs returned.</response>
-        /// <returns>
-        /// A <see cref="Task"/> containing a <see cref="OkResult"/> which contains the live tv epgs.
-        /// </returns>
-        [HttpPost("Programs")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body)
+        var query = new InternalItemsQuery(user)
         {
-            var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId);
+            ChannelIds = channelIds,
+            HasAired = hasAired,
+            IsAiring = isAiring,
+            EnableTotalRecordCount = enableTotalRecordCount,
+            MinStartDate = minStartDate,
+            MinEndDate = minEndDate,
+            MaxStartDate = maxStartDate,
+            MaxEndDate = maxEndDate,
+            StartIndex = startIndex,
+            Limit = limit,
+            OrderBy = RequestHelpers.GetOrderBy(sortBy, sortOrder),
+            IsNews = isNews,
+            IsMovie = isMovie,
+            IsSeries = isSeries,
+            IsKids = isKids,
+            IsSports = isSports,
+            SeriesTimerId = seriesTimerId,
+            Genres = genres,
+            GenreIds = genreIds
+        };
+
+        if (librarySeriesId.HasValue && !librarySeriesId.Equals(default))
+        {
+            query.IsSeries = true;
 
-            var query = new InternalItemsQuery(user)
-            {
-                ChannelIds = body.ChannelIds,
-                HasAired = body.HasAired,
-                IsAiring = body.IsAiring,
-                EnableTotalRecordCount = body.EnableTotalRecordCount,
-                MinStartDate = body.MinStartDate,
-                MinEndDate = body.MinEndDate,
-                MaxStartDate = body.MaxStartDate,
-                MaxEndDate = body.MaxEndDate,
-                StartIndex = body.StartIndex,
-                Limit = body.Limit,
-                OrderBy = RequestHelpers.GetOrderBy(body.SortBy, body.SortOrder),
-                IsNews = body.IsNews,
-                IsMovie = body.IsMovie,
-                IsSeries = body.IsSeries,
-                IsKids = body.IsKids,
-                IsSports = body.IsSports,
-                SeriesTimerId = body.SeriesTimerId,
-                Genres = body.Genres,
-                GenreIds = body.GenreIds
-            };
-
-            if (!body.LibrarySeriesId.Equals(default))
+            if (_libraryManager.GetItemById(librarySeriesId.Value) is Series series)
             {
-                query.IsSeries = true;
-
-                if (_libraryManager.GetItemById(body.LibrarySeriesId) is Series series)
-                {
-                    query.Name = series.Name;
-                }
+                query.Name = series.Name;
             }
-
-            var dtoOptions = new DtoOptions { Fields = body.Fields }
-                .AddClientFields(User)
-                .AddAdditionalDtoOptions(body.EnableImages, body.EnableUserData, body.ImageTypeLimit, body.EnableImageTypes);
-            return await _liveTvManager.GetPrograms(query, dtoOptions, CancellationToken.None).ConfigureAwait(false);
         }
 
-        /// <summary>
-        /// Gets recommended live tv epgs.
-        /// </summary>
-        /// <param name="userId">Optional. filter by user id.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="isAiring">Optional. Filter by programs that are currently airing, or not.</param>
-        /// <param name="hasAired">Optional. Filter by programs that have completed airing, or not.</param>
-        /// <param name="isSeries">Optional. Filter for series.</param>
-        /// <param name="isMovie">Optional. Filter for movies.</param>
-        /// <param name="isNews">Optional. Filter for news.</param>
-        /// <param name="isKids">Optional. Filter for kids.</param>
-        /// <param name="isSports">Optional. Filter for sports.</param>
-        /// <param name="enableImages">Optional. Include image information in output.</param>
-        /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
-        /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
-        /// <param name="genreIds">The genres to return guide information for.</param>
-        /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
-        /// <param name="enableUserData">Optional. include user data.</param>
-        /// <param name="enableTotalRecordCount">Retrieve total record count.</param>
-        /// <response code="200">Recommended epgs returned.</response>
-        /// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns>
-        [HttpGet("Programs/Recommended")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms(
-            [FromQuery] Guid? userId,
-            [FromQuery] int? limit,
-            [FromQuery] bool? isAiring,
-            [FromQuery] bool? hasAired,
-            [FromQuery] bool? isSeries,
-            [FromQuery] bool? isMovie,
-            [FromQuery] bool? isNews,
-            [FromQuery] bool? isKids,
-            [FromQuery] bool? isSports,
-            [FromQuery] bool? enableImages,
-            [FromQuery] int? imageTypeLimit,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] genreIds,
-            [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
-            [FromQuery] bool? enableUserData,
-            [FromQuery] bool enableTotalRecordCount = true)
+        var dtoOptions = new DtoOptions { Fields = fields }
+            .AddClientFields(User)
+            .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
+        return await _liveTvManager.GetPrograms(query, dtoOptions, CancellationToken.None).ConfigureAwait(false);
+    }
+
+    /// <summary>
+    /// Gets available live tv epgs.
+    /// </summary>
+    /// <param name="body">Request body.</param>
+    /// <response code="200">Live tv epgs returned.</response>
+    /// <returns>
+    /// A <see cref="Task"/> containing a <see cref="OkResult"/> which contains the live tv epgs.
+    /// </returns>
+    [HttpPost("Programs")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body)
+    {
+        var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId);
+
+        var query = new InternalItemsQuery(user)
+        {
+            ChannelIds = body.ChannelIds,
+            HasAired = body.HasAired,
+            IsAiring = body.IsAiring,
+            EnableTotalRecordCount = body.EnableTotalRecordCount,
+            MinStartDate = body.MinStartDate,
+            MinEndDate = body.MinEndDate,
+            MaxStartDate = body.MaxStartDate,
+            MaxEndDate = body.MaxEndDate,
+            StartIndex = body.StartIndex,
+            Limit = body.Limit,
+            OrderBy = RequestHelpers.GetOrderBy(body.SortBy, body.SortOrder),
+            IsNews = body.IsNews,
+            IsMovie = body.IsMovie,
+            IsSeries = body.IsSeries,
+            IsKids = body.IsKids,
+            IsSports = body.IsSports,
+            SeriesTimerId = body.SeriesTimerId,
+            Genres = body.Genres,
+            GenreIds = body.GenreIds
+        };
+
+        if (!body.LibrarySeriesId.Equals(default))
         {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
+            query.IsSeries = true;
 
-            var query = new InternalItemsQuery(user)
+            if (_libraryManager.GetItemById(body.LibrarySeriesId) is Series series)
             {
-                IsAiring = isAiring,
-                Limit = limit,
-                HasAired = hasAired,
-                IsSeries = isSeries,
-                IsMovie = isMovie,
-                IsKids = isKids,
-                IsNews = isNews,
-                IsSports = isSports,
-                EnableTotalRecordCount = enableTotalRecordCount,
-                GenreIds = genreIds
-            };
-
-            var dtoOptions = new DtoOptions { Fields = fields }
-                .AddClientFields(User)
-                .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
-            return await _liveTvManager.GetRecommendedProgramsAsync(query, dtoOptions, CancellationToken.None).ConfigureAwait(false);
+                query.Name = series.Name;
+            }
         }
 
-        /// <summary>
-        /// Gets a live tv program.
-        /// </summary>
-        /// <param name="programId">Program id.</param>
-        /// <param name="userId">Optional. Attach user data.</param>
-        /// <response code="200">Program returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the livetv program.</returns>
-        [HttpGet("Programs/{programId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<BaseItemDto>> GetProgram(
-            [FromRoute, Required] string programId,
-            [FromQuery] Guid? userId)
-        {
-            var user = userId is null || userId.Value.Equals(default)
-                ? null
-                : _userManager.GetUserById(userId.Value);
+        var dtoOptions = new DtoOptions { Fields = body.Fields }
+            .AddClientFields(User)
+            .AddAdditionalDtoOptions(body.EnableImages, body.EnableUserData, body.ImageTypeLimit, body.EnableImageTypes);
+        return await _liveTvManager.GetPrograms(query, dtoOptions, CancellationToken.None).ConfigureAwait(false);
+    }
 
-            return await _liveTvManager.GetProgram(programId, CancellationToken.None, user).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Gets recommended live tv epgs.
+    /// </summary>
+    /// <param name="userId">Optional. filter by user id.</param>
+    /// <param name="limit">Optional. The maximum number of records to return.</param>
+    /// <param name="isAiring">Optional. Filter by programs that are currently airing, or not.</param>
+    /// <param name="hasAired">Optional. Filter by programs that have completed airing, or not.</param>
+    /// <param name="isSeries">Optional. Filter for series.</param>
+    /// <param name="isMovie">Optional. Filter for movies.</param>
+    /// <param name="isNews">Optional. Filter for news.</param>
+    /// <param name="isKids">Optional. Filter for kids.</param>
+    /// <param name="isSports">Optional. Filter for sports.</param>
+    /// <param name="enableImages">Optional. Include image information in output.</param>
+    /// <param name="imageTypeLimit">Optional. The max number of images to return, per image type.</param>
+    /// <param name="enableImageTypes">Optional. The image types to include in the output.</param>
+    /// <param name="genreIds">The genres to return guide information for.</param>
+    /// <param name="fields">Optional. Specify additional fields of information to return in the output.</param>
+    /// <param name="enableUserData">Optional. include user data.</param>
+    /// <param name="enableTotalRecordCount">Retrieve total record count.</param>
+    /// <response code="200">Recommended epgs returned.</response>
+    /// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns>
+    [HttpGet("Programs/Recommended")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms(
+        [FromQuery] Guid? userId,
+        [FromQuery] int? limit,
+        [FromQuery] bool? isAiring,
+        [FromQuery] bool? hasAired,
+        [FromQuery] bool? isSeries,
+        [FromQuery] bool? isMovie,
+        [FromQuery] bool? isNews,
+        [FromQuery] bool? isKids,
+        [FromQuery] bool? isSports,
+        [FromQuery] bool? enableImages,
+        [FromQuery] int? imageTypeLimit,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ImageType[] enableImageTypes,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] genreIds,
+        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] ItemFields[] fields,
+        [FromQuery] bool? enableUserData,
+        [FromQuery] bool enableTotalRecordCount = true)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
 
-        /// <summary>
-        /// Deletes a live tv recording.
-        /// </summary>
-        /// <param name="recordingId">Recording id.</param>
-        /// <response code="204">Recording deleted.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns>
-        [HttpDelete("Recordings/{recordingId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
+        var query = new InternalItemsQuery(user)
         {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
+            IsAiring = isAiring,
+            Limit = limit,
+            HasAired = hasAired,
+            IsSeries = isSeries,
+            IsMovie = isMovie,
+            IsKids = isKids,
+            IsNews = isNews,
+            IsSports = isSports,
+            EnableTotalRecordCount = enableTotalRecordCount,
+            GenreIds = genreIds
+        };
+
+        var dtoOptions = new DtoOptions { Fields = fields }
+            .AddClientFields(User)
+            .AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
+        return await _liveTvManager.GetRecommendedProgramsAsync(query, dtoOptions, CancellationToken.None).ConfigureAwait(false);
+    }
 
-            var item = _libraryManager.GetItemById(recordingId);
-            if (item is null)
-            {
-                return NotFound();
-            }
+    /// <summary>
+    /// Gets a live tv program.
+    /// </summary>
+    /// <param name="programId">Program id.</param>
+    /// <param name="userId">Optional. Attach user data.</param>
+    /// <response code="200">Program returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the livetv program.</returns>
+    [HttpGet("Programs/{programId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<BaseItemDto>> GetProgram(
+        [FromRoute, Required] string programId,
+        [FromQuery] Guid? userId)
+    {
+        var user = userId is null || userId.Value.Equals(default)
+            ? null
+            : _userManager.GetUserById(userId.Value);
 
-            _libraryManager.DeleteItem(item, new DeleteOptions
-            {
-                DeleteFileLocation = false
-            });
+        return await _liveTvManager.GetProgram(programId, CancellationToken.None, user).ConfigureAwait(false);
+    }
 
-            return NoContent();
-        }
+    /// <summary>
+    /// Deletes a live tv recording.
+    /// </summary>
+    /// <param name="recordingId">Recording id.</param>
+    /// <response code="204">Recording deleted.</response>
+    /// <response code="404">Item not found.</response>
+    /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns>
+    [HttpDelete("Recordings/{recordingId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
 
-        /// <summary>
-        /// Cancels a live tv timer.
-        /// </summary>
-        /// <param name="timerId">Timer id.</param>
-        /// <response code="204">Timer deleted.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("Timers/{timerId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
+        var item = _libraryManager.GetItemById(recordingId);
+        if (item is null)
         {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.CancelTimer(timerId).ConfigureAwait(false);
-            return NoContent();
+            return NotFound();
         }
 
-        /// <summary>
-        /// Updates a live tv timer.
-        /// </summary>
-        /// <param name="timerId">Timer id.</param>
-        /// <param name="timerInfo">New timer info.</param>
-        /// <response code="204">Timer updated.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Timers/{timerId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
-        public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
+        _libraryManager.DeleteItem(item, new DeleteOptions
         {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.UpdateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
-            return NoContent();
-        }
+            DeleteFileLocation = false
+        });
 
-        /// <summary>
-        /// Creates a live tv timer.
-        /// </summary>
-        /// <param name="timerInfo">New timer info.</param>
-        /// <response code="204">Timer created.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("Timers")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
-        {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.CreateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
-            return NoContent();
-        }
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Gets a live tv series timer.
-        /// </summary>
-        /// <param name="timerId">Timer id.</param>
-        /// <response code="200">Series timer returned.</response>
-        /// <response code="404">Series timer not found.</response>
-        /// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns>
-        [HttpGet("SeriesTimers/{timerId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId)
-        {
-            var timer = await _liveTvManager.GetSeriesTimer(timerId, CancellationToken.None).ConfigureAwait(false);
-            if (timer is null)
-            {
-                return NotFound();
-            }
+    /// <summary>
+    /// Cancels a live tv timer.
+    /// </summary>
+    /// <param name="timerId">Timer id.</param>
+    /// <response code="204">Timer deleted.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpDelete("Timers/{timerId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.CancelTimer(timerId).ConfigureAwait(false);
+        return NoContent();
+    }
 
-            return timer;
-        }
+    /// <summary>
+    /// Updates a live tv timer.
+    /// </summary>
+    /// <param name="timerId">Timer id.</param>
+    /// <param name="timerInfo">New timer info.</param>
+    /// <response code="204">Timer updated.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Timers/{timerId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
+    public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.UpdateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Gets live tv series timers.
-        /// </summary>
-        /// <param name="sortBy">Optional. Sort by SortName or Priority.</param>
-        /// <param name="sortOrder">Optional. Sort in Ascending or Descending order.</param>
-        /// <response code="200">Timers returned.</response>
-        /// <returns>An <see cref="OkResult"/> of live tv series timers.</returns>
-        [HttpGet("SeriesTimers")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder)
-        {
-            return await _liveTvManager.GetSeriesTimers(
-                new SeriesTimerQuery
-                {
-                    SortOrder = sortOrder ?? SortOrder.Ascending,
-                    SortBy = sortBy
-                },
-                CancellationToken.None).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Creates a live tv timer.
+    /// </summary>
+    /// <param name="timerInfo">New timer info.</param>
+    /// <response code="204">Timer created.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("Timers")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.CreateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Cancels a live tv series timer.
-        /// </summary>
-        /// <param name="timerId">Timer id.</param>
-        /// <response code="204">Timer cancelled.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("SeriesTimers/{timerId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
+    /// <summary>
+    /// Gets a live tv series timer.
+    /// </summary>
+    /// <param name="timerId">Timer id.</param>
+    /// <response code="200">Series timer returned.</response>
+    /// <response code="404">Series timer not found.</response>
+    /// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns>
+    [HttpGet("SeriesTimers/{timerId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId)
+    {
+        var timer = await _liveTvManager.GetSeriesTimer(timerId, CancellationToken.None).ConfigureAwait(false);
+        if (timer is null)
         {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.CancelSeriesTimer(timerId).ConfigureAwait(false);
-            return NoContent();
+            return NotFound();
         }
 
-        /// <summary>
-        /// Updates a live tv series timer.
-        /// </summary>
-        /// <param name="timerId">Timer id.</param>
-        /// <param name="seriesTimerInfo">New series timer info.</param>
-        /// <response code="204">Series timer updated.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("SeriesTimers/{timerId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
-        public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
-        {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.UpdateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
-            return NoContent();
-        }
+        return timer;
+    }
 
-        /// <summary>
-        /// Creates a live tv series timer.
-        /// </summary>
-        /// <param name="seriesTimerInfo">New series timer info.</param>
-        /// <response code="204">Series timer info created.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("SeriesTimers")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
-        {
-            await AssertUserCanManageLiveTv().ConfigureAwait(false);
-            await _liveTvManager.CreateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
-            return NoContent();
-        }
+    /// <summary>
+    /// Gets live tv series timers.
+    /// </summary>
+    /// <param name="sortBy">Optional. Sort by SortName or Priority.</param>
+    /// <param name="sortOrder">Optional. Sort in Ascending or Descending order.</param>
+    /// <response code="200">Timers returned.</response>
+    /// <returns>An <see cref="OkResult"/> of live tv series timers.</returns>
+    [HttpGet("SeriesTimers")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder)
+    {
+        return await _liveTvManager.GetSeriesTimers(
+            new SeriesTimerQuery
+            {
+                SortOrder = sortOrder ?? SortOrder.Ascending,
+                SortBy = sortBy
+            },
+            CancellationToken.None).ConfigureAwait(false);
+    }
 
-        /// <summary>
-        /// Get recording group.
-        /// </summary>
-        /// <param name="groupId">Group id.</param>
-        /// <returns>A <see cref="NotFoundResult"/>.</returns>
-        [HttpGet("Recordings/Groups/{groupId}")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [Obsolete("This endpoint is obsolete.")]
-        public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId)
-        {
-            return NotFound();
-        }
+    /// <summary>
+    /// Cancels a live tv series timer.
+    /// </summary>
+    /// <param name="timerId">Timer id.</param>
+    /// <response code="204">Timer cancelled.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpDelete("SeriesTimers/{timerId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.CancelSeriesTimer(timerId).ConfigureAwait(false);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Get guid info.
-        /// </summary>
-        /// <response code="200">Guid info returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the guide info.</returns>
-        [HttpGet("GuideInfo")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<GuideInfo> GetGuideInfo()
-        {
-            return _liveTvManager.GetGuideInfo();
-        }
+    /// <summary>
+    /// Updates a live tv series timer.
+    /// </summary>
+    /// <param name="timerId">Timer id.</param>
+    /// <param name="seriesTimerInfo">New series timer info.</param>
+    /// <response code="204">Series timer updated.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("SeriesTimers/{timerId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
+    public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.UpdateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Adds a tuner host.
-        /// </summary>
-        /// <param name="tunerHostInfo">New tuner host.</param>
-        /// <response code="200">Created tuner host returned.</response>
-        /// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns>
-        [HttpPost("TunerHosts")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo)
-        {
-            return await _liveTvManager.SaveTunerHost(tunerHostInfo).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Creates a live tv series timer.
+    /// </summary>
+    /// <param name="seriesTimerInfo">New series timer info.</param>
+    /// <response code="204">Series timer info created.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpPost("SeriesTimers")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
+    {
+        await AssertUserCanManageLiveTv().ConfigureAwait(false);
+        await _liveTvManager.CreateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Deletes a tuner host.
-        /// </summary>
-        /// <param name="id">Tuner host id.</param>
-        /// <response code="204">Tuner host deleted.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("TunerHosts")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult DeleteTunerHost([FromQuery] string? id)
-        {
-            var config = _configurationManager.GetConfiguration<LiveTvOptions>("livetv");
-            config.TunerHosts = config.TunerHosts.Where(i => !string.Equals(id, i.Id, StringComparison.OrdinalIgnoreCase)).ToArray();
-            _configurationManager.SaveConfiguration("livetv", config);
-            return NoContent();
-        }
+    /// <summary>
+    /// Get recording group.
+    /// </summary>
+    /// <param name="groupId">Group id.</param>
+    /// <returns>A <see cref="NotFoundResult"/>.</returns>
+    [HttpGet("Recordings/Groups/{groupId}")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [Obsolete("This endpoint is obsolete.")]
+    public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId)
+    {
+        return NotFound();
+    }
 
-        /// <summary>
-        /// Gets default listings provider info.
-        /// </summary>
-        /// <response code="200">Default listings provider info returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns>
-        [HttpGet("ListingProviders/Default")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<ListingsProviderInfo> GetDefaultListingProvider()
-        {
-            return new ListingsProviderInfo();
-        }
+    /// <summary>
+    /// Get guid info.
+    /// </summary>
+    /// <response code="200">Guid info returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the guide info.</returns>
+    [HttpGet("GuideInfo")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<GuideInfo> GetGuideInfo()
+    {
+        return _liveTvManager.GetGuideInfo();
+    }
 
-        /// <summary>
-        /// Adds a listings provider.
-        /// </summary>
-        /// <param name="pw">Password.</param>
-        /// <param name="listingsProviderInfo">New listings info.</param>
-        /// <param name="validateListings">Validate listings.</param>
-        /// <param name="validateLogin">Validate login.</param>
-        /// <response code="200">Created listings provider returned.</response>
-        /// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns>
-        [HttpPost("ListingProviders")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")]
-        public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider(
-            [FromQuery] string? pw,
-            [FromBody] ListingsProviderInfo listingsProviderInfo,
-            [FromQuery] bool validateListings = false,
-            [FromQuery] bool validateLogin = false)
-        {
-            if (!string.IsNullOrEmpty(pw))
-            {
-                // TODO: remove ToLower when Convert.ToHexString supports lowercase
-                // Schedules Direct requires the hex to be lowercase
-                listingsProviderInfo.Password = Convert.ToHexString(SHA1.HashData(Encoding.UTF8.GetBytes(pw))).ToLowerInvariant();
-            }
+    /// <summary>
+    /// Adds a tuner host.
+    /// </summary>
+    /// <param name="tunerHostInfo">New tuner host.</param>
+    /// <response code="200">Created tuner host returned.</response>
+    /// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns>
+    [HttpPost("TunerHosts")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo)
+    {
+        return await _liveTvManager.SaveTunerHost(tunerHostInfo).ConfigureAwait(false);
+    }
 
-            return await _liveTvManager.SaveListingProvider(listingsProviderInfo, validateLogin, validateListings).ConfigureAwait(false);
-        }
+    /// <summary>
+    /// Deletes a tuner host.
+    /// </summary>
+    /// <param name="id">Tuner host id.</param>
+    /// <response code="204">Tuner host deleted.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpDelete("TunerHosts")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public ActionResult DeleteTunerHost([FromQuery] string? id)
+    {
+        var config = _configurationManager.GetConfiguration<LiveTvOptions>("livetv");
+        config.TunerHosts = config.TunerHosts.Where(i => !string.Equals(id, i.Id, StringComparison.OrdinalIgnoreCase)).ToArray();
+        _configurationManager.SaveConfiguration("livetv", config);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Delete listing provider.
-        /// </summary>
-        /// <param name="id">Listing provider id.</param>
-        /// <response code="204">Listing provider deleted.</response>
-        /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("ListingProviders")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult DeleteListingProvider([FromQuery] string? id)
-        {
-            _liveTvManager.DeleteListingsProvider(id);
-            return NoContent();
-        }
+    /// <summary>
+    /// Gets default listings provider info.
+    /// </summary>
+    /// <response code="200">Default listings provider info returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns>
+    [HttpGet("ListingProviders/Default")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<ListingsProviderInfo> GetDefaultListingProvider()
+    {
+        return new ListingsProviderInfo();
+    }
 
-        /// <summary>
-        /// Gets available lineups.
-        /// </summary>
-        /// <param name="id">Provider id.</param>
-        /// <param name="type">Provider type.</param>
-        /// <param name="location">Location.</param>
-        /// <param name="country">Country.</param>
-        /// <response code="200">Available lineups returned.</response>
-        /// <returns>A <see cref="OkResult"/> containing the available lineups.</returns>
-        [HttpGet("ListingProviders/Lineups")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups(
-            [FromQuery] string? id,
-            [FromQuery] string? type,
-            [FromQuery] string? location,
-            [FromQuery] string? country)
+    /// <summary>
+    /// Adds a listings provider.
+    /// </summary>
+    /// <param name="pw">Password.</param>
+    /// <param name="listingsProviderInfo">New listings info.</param>
+    /// <param name="validateListings">Validate listings.</param>
+    /// <param name="validateLogin">Validate login.</param>
+    /// <response code="200">Created listings provider returned.</response>
+    /// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns>
+    [HttpPost("ListingProviders")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")]
+    public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider(
+        [FromQuery] string? pw,
+        [FromBody] ListingsProviderInfo listingsProviderInfo,
+        [FromQuery] bool validateListings = false,
+        [FromQuery] bool validateLogin = false)
+    {
+        if (!string.IsNullOrEmpty(pw))
         {
-            return await _liveTvManager.GetLineups(type, id, country, location).ConfigureAwait(false);
+            // TODO: remove ToLower when Convert.ToHexString supports lowercase
+            // Schedules Direct requires the hex to be lowercase
+            listingsProviderInfo.Password = Convert.ToHexString(SHA1.HashData(Encoding.UTF8.GetBytes(pw))).ToLowerInvariant();
         }
 
-        /// <summary>
-        /// Gets available countries.
-        /// </summary>
-        /// <response code="200">Available countries returned.</response>
-        /// <returns>A <see cref="FileResult"/> containing the available countries.</returns>
-        [HttpGet("ListingProviders/SchedulesDirect/Countries")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesFile(MediaTypeNames.Application.Json)]
-        public async Task<ActionResult> GetSchedulesDirectCountries()
-        {
-            var client = _httpClientFactory.CreateClient(NamedClient.Default);
-            // https://json.schedulesdirect.org/20141201/available/countries
-            // Can't dispose the response as it's required up the call chain.
-            var response = await client.GetAsync(new Uri("https://json.schedulesdirect.org/20141201/available/countries"))
-                .ConfigureAwait(false);
+        return await _liveTvManager.SaveListingProvider(listingsProviderInfo, validateLogin, validateListings).ConfigureAwait(false);
+    }
 
-            return File(await response.Content.ReadAsStreamAsync().ConfigureAwait(false), MediaTypeNames.Application.Json);
-        }
+    /// <summary>
+    /// Delete listing provider.
+    /// </summary>
+    /// <param name="id">Listing provider id.</param>
+    /// <response code="204">Listing provider deleted.</response>
+    /// <returns>A <see cref="NoContentResult"/>.</returns>
+    [HttpDelete("ListingProviders")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    public ActionResult DeleteListingProvider([FromQuery] string? id)
+    {
+        _liveTvManager.DeleteListingsProvider(id);
+        return NoContent();
+    }
 
-        /// <summary>
-        /// Get channel mapping options.
-        /// </summary>
-        /// <param name="providerId">Provider id.</param>
-        /// <response code="200">Channel mapping options returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns>
-        [HttpGet("ChannelMappingOptions")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId)
-        {
-            var config = _configurationManager.GetConfiguration<LiveTvOptions>("livetv");
+    /// <summary>
+    /// Gets available lineups.
+    /// </summary>
+    /// <param name="id">Provider id.</param>
+    /// <param name="type">Provider type.</param>
+    /// <param name="location">Location.</param>
+    /// <param name="country">Country.</param>
+    /// <response code="200">Available lineups returned.</response>
+    /// <returns>A <see cref="OkResult"/> containing the available lineups.</returns>
+    [HttpGet("ListingProviders/Lineups")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups(
+        [FromQuery] string? id,
+        [FromQuery] string? type,
+        [FromQuery] string? location,
+        [FromQuery] string? country)
+    {
+        return await _liveTvManager.GetLineups(type, id, country, location).ConfigureAwait(false);
+    }
 
-            var listingsProviderInfo = config.ListingProviders.First(i => string.Equals(providerId, i.Id, StringComparison.OrdinalIgnoreCase));
+    /// <summary>
+    /// Gets available countries.
+    /// </summary>
+    /// <response code="200">Available countries returned.</response>
+    /// <returns>A <see cref="FileResult"/> containing the available countries.</returns>
+    [HttpGet("ListingProviders/SchedulesDirect/Countries")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesFile(MediaTypeNames.Application.Json)]
+    public async Task<ActionResult> GetSchedulesDirectCountries()
+    {
+        var client = _httpClientFactory.CreateClient(NamedClient.Default);
+        // https://json.schedulesdirect.org/20141201/available/countries
+        // Can't dispose the response as it's required up the call chain.
+        var response = await client.GetAsync(new Uri("https://json.schedulesdirect.org/20141201/available/countries"))
+            .ConfigureAwait(false);
 
-            var listingsProviderName = _liveTvManager.ListingProviders.First(i => string.Equals(i.Type, listingsProviderInfo.Type, StringComparison.OrdinalIgnoreCase)).Name;
+        return File(await response.Content.ReadAsStreamAsync().ConfigureAwait(false), MediaTypeNames.Application.Json);
+    }
 
-            var tunerChannels = await _liveTvManager.GetChannelsForListingsProvider(providerId, CancellationToken.None)
-                .ConfigureAwait(false);
+    /// <summary>
+    /// Get channel mapping options.
+    /// </summary>
+    /// <param name="providerId">Provider id.</param>
+    /// <response code="200">Channel mapping options returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns>
+    [HttpGet("ChannelMappingOptions")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId)
+    {
+        var config = _configurationManager.GetConfiguration<LiveTvOptions>("livetv");
 
-            var providerChannels = await _liveTvManager.GetChannelsFromListingsProviderData(providerId, CancellationToken.None)
-                .ConfigureAwait(false);
+        var listingsProviderInfo = config.ListingProviders.First(i => string.Equals(providerId, i.Id, StringComparison.OrdinalIgnoreCase));
 
-            var mappings = listingsProviderInfo.ChannelMappings;
+        var listingsProviderName = _liveTvManager.ListingProviders.First(i => string.Equals(i.Type, listingsProviderInfo.Type, StringComparison.OrdinalIgnoreCase)).Name;
 
-            return new ChannelMappingOptionsDto
-            {
-                TunerChannels = tunerChannels.Select(i => _liveTvManager.GetTunerChannelMapping(i, mappings, providerChannels)).ToList(),
-                ProviderChannels = providerChannels.Select(i => new NameIdPair
-                {
-                    Name = i.Name,
-                    Id = i.Id
-                }).ToList(),
-                Mappings = mappings,
-                ProviderName = listingsProviderName
-            };
-        }
+        var tunerChannels = await _liveTvManager.GetChannelsForListingsProvider(providerId, CancellationToken.None)
+            .ConfigureAwait(false);
 
-        /// <summary>
-        /// Set channel mappings.
-        /// </summary>
-        /// <param name="setChannelMappingDto">The set channel mapping dto.</param>
-        /// <response code="200">Created channel mapping returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns>
-        [HttpPost("ChannelMappings")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto)
-        {
-            return await _liveTvManager.SetChannelMapping(setChannelMappingDto.ProviderId, setChannelMappingDto.TunerChannelId, setChannelMappingDto.ProviderChannelId).ConfigureAwait(false);
-        }
+        var providerChannels = await _liveTvManager.GetChannelsFromListingsProviderData(providerId, CancellationToken.None)
+            .ConfigureAwait(false);
 
-        /// <summary>
-        /// Get tuner host types.
-        /// </summary>
-        /// <response code="200">Tuner host types returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns>
-        [HttpGet("TunerHosts/Types")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes()
-        {
-            return _liveTvManager.GetTunerHostTypes();
-        }
+        var mappings = listingsProviderInfo.ChannelMappings;
 
-        /// <summary>
-        /// Discover tuners.
-        /// </summary>
-        /// <param name="newDevicesOnly">Only discover new tuners.</param>
-        /// <response code="200">Tuners returned.</response>
-        /// <returns>An <see cref="OkResult"/> containing the tuners.</returns>
-        [HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")]
-        [HttpGet("Tuners/Discover")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false)
+        return new ChannelMappingOptionsDto
         {
-            return await _liveTvManager.DiscoverTuners(newDevicesOnly, CancellationToken.None).ConfigureAwait(false);
-        }
+            TunerChannels = tunerChannels.Select(i => _liveTvManager.GetTunerChannelMapping(i, mappings, providerChannels)).ToList(),
+            ProviderChannels = providerChannels.Select(i => new NameIdPair
+            {
+                Name = i.Name,
+                Id = i.Id
+            }).ToList(),
+            Mappings = mappings,
+            ProviderName = listingsProviderName
+        };
+    }
 
-        /// <summary>
-        /// Gets a live tv recording stream.
-        /// </summary>
-        /// <param name="recordingId">Recording id.</param>
-        /// <response code="200">Recording stream returned.</response>
-        /// <response code="404">Recording not found.</response>
-        /// <returns>
-        /// An <see cref="OkResult"/> containing the recording stream on success,
-        /// or a <see cref="NotFoundResult"/> if recording not found.
-        /// </returns>
-        [HttpGet("LiveRecordings/{recordingId}/stream")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesVideoFile]
-        public ActionResult GetLiveRecordingFile([FromRoute, Required] string recordingId)
-        {
-            var path = _liveTvManager.GetEmbyTvActiveRecordingPath(recordingId);
+    /// <summary>
+    /// Set channel mappings.
+    /// </summary>
+    /// <param name="setChannelMappingDto">The set channel mapping dto.</param>
+    /// <response code="200">Created channel mapping returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns>
+    [HttpPost("ChannelMappings")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto)
+    {
+        return await _liveTvManager.SetChannelMapping(setChannelMappingDto.ProviderId, setChannelMappingDto.TunerChannelId, setChannelMappingDto.ProviderChannelId).ConfigureAwait(false);
+    }
 
-            if (string.IsNullOrWhiteSpace(path))
-            {
-                return NotFound();
-            }
+    /// <summary>
+    /// Get tuner host types.
+    /// </summary>
+    /// <response code="200">Tuner host types returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns>
+    [HttpGet("TunerHosts/Types")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes()
+    {
+        return _liveTvManager.GetTunerHostTypes();
+    }
 
-            var stream = new ProgressiveFileStream(path, null, _transcodingJobHelper);
-            return new FileStreamResult(stream, MimeTypes.GetMimeType(path));
-        }
+    /// <summary>
+    /// Discover tuners.
+    /// </summary>
+    /// <param name="newDevicesOnly">Only discover new tuners.</param>
+    /// <response code="200">Tuners returned.</response>
+    /// <returns>An <see cref="OkResult"/> containing the tuners.</returns>
+    [HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")]
+    [HttpGet("Tuners/Discover")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false)
+    {
+        return await _liveTvManager.DiscoverTuners(newDevicesOnly, CancellationToken.None).ConfigureAwait(false);
+    }
 
-        /// <summary>
-        /// Gets a live tv channel stream.
-        /// </summary>
-        /// <param name="streamId">Stream id.</param>
-        /// <param name="container">Container type.</param>
-        /// <response code="200">Stream returned.</response>
-        /// <response code="404">Stream not found.</response>
-        /// <returns>
-        /// An <see cref="OkResult"/> containing the channel stream on success,
-        /// or a <see cref="NotFoundResult"/> if stream not found.
-        /// </returns>
-        [HttpGet("LiveStreamFiles/{streamId}/stream.{container}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesVideoFile]
-        public ActionResult GetLiveStreamFile([FromRoute, Required] string streamId, [FromRoute, Required] string container)
+    /// <summary>
+    /// Gets a live tv recording stream.
+    /// </summary>
+    /// <param name="recordingId">Recording id.</param>
+    /// <response code="200">Recording stream returned.</response>
+    /// <response code="404">Recording not found.</response>
+    /// <returns>
+    /// An <see cref="OkResult"/> containing the recording stream on success,
+    /// or a <see cref="NotFoundResult"/> if recording not found.
+    /// </returns>
+    [HttpGet("LiveRecordings/{recordingId}/stream")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [ProducesVideoFile]
+    public ActionResult GetLiveRecordingFile([FromRoute, Required] string recordingId)
+    {
+        var path = _liveTvManager.GetEmbyTvActiveRecordingPath(recordingId);
+
+        if (string.IsNullOrWhiteSpace(path))
         {
-            var liveStreamInfo = _mediaSourceManager.GetLiveStreamInfoByUniqueId(streamId);
-            if (liveStreamInfo is null)
-            {
-                return NotFound();
-            }
+            return NotFound();
+        }
+
+        var stream = new ProgressiveFileStream(path, null, _transcodingJobHelper);
+        return new FileStreamResult(stream, MimeTypes.GetMimeType(path));
+    }
 
-            var liveStream = new ProgressiveFileStream(liveStreamInfo.GetStream());
-            return new FileStreamResult(liveStream, MimeTypes.GetMimeType("file." + container));
+    /// <summary>
+    /// Gets a live tv channel stream.
+    /// </summary>
+    /// <param name="streamId">Stream id.</param>
+    /// <param name="container">Container type.</param>
+    /// <response code="200">Stream returned.</response>
+    /// <response code="404">Stream not found.</response>
+    /// <returns>
+    /// An <see cref="OkResult"/> containing the channel stream on success,
+    /// or a <see cref="NotFoundResult"/> if stream not found.
+    /// </returns>
+    [HttpGet("LiveStreamFiles/{streamId}/stream.{container}")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [ProducesVideoFile]
+    public ActionResult GetLiveStreamFile([FromRoute, Required] string streamId, [FromRoute, Required] string container)
+    {
+        var liveStreamInfo = _mediaSourceManager.GetLiveStreamInfoByUniqueId(streamId);
+        if (liveStreamInfo is null)
+        {
+            return NotFound();
         }
 
-        private async Task AssertUserCanManageLiveTv()
+        var liveStream = new ProgressiveFileStream(liveStreamInfo.GetStream());
+        return new FileStreamResult(liveStream, MimeTypes.GetMimeType("file." + container));
+    }
+
+    private async Task AssertUserCanManageLiveTv()
+    {
+        var user = _userManager.GetUserById(User.GetUserId());
+        var session = await _sessionManager.LogSessionActivity(
+            User.GetClient(),
+            User.GetVersion(),
+            User.GetDeviceId(),
+            User.GetDevice(),
+            HttpContext.GetNormalizedRemoteIp().ToString(),
+            user).ConfigureAwait(false);
+
+        if (session.UserId.Equals(default))
         {
-            var user = _userManager.GetUserById(User.GetUserId());
-            var session = await _sessionManager.LogSessionActivity(
-                User.GetClient(),
-                User.GetVersion(),
-                User.GetDeviceId(),
-                User.GetDevice(),
-                HttpContext.GetNormalizedRemoteIp().ToString(),
-                user).ConfigureAwait(false);
-
-            if (session.UserId.Equals(default))
-            {
-                throw new SecurityException("Anonymous live tv management is not allowed.");
-            }
+            throw new SecurityException("Anonymous live tv management is not allowed.");
+        }
 
-            if (!user.HasPermission(PermissionKind.EnableLiveTvManagement))
-            {
-                throw new SecurityException("The current user does not have permission to manage live tv.");
-            }
+        if (!user.HasPermission(PermissionKind.EnableLiveTvManagement))
+        {
+            throw new SecurityException("The current user does not have permission to manage live tv.");
         }
     }
 }
-- 
cgit v1.2.3


From 52230d1c30b76f34132c8c3ad21a09deea72d9d8 Mon Sep 17 00:00:00 2001
From: Bond_009 <bond.009@outlook.com>
Date: Sat, 4 Feb 2023 17:56:12 +0100
Subject: Return NotFound when itemId isn't found

---
 .../SyncPlayAccessPolicy/SyncPlayAccessHandler.cs  |   5 +
 Jellyfin.Api/Controllers/ImageController.cs        |  14 ++-
 Jellyfin.Api/Controllers/ItemsController.cs        |   5 +
 Jellyfin.Api/Controllers/LibraryController.cs      |   4 +
 Jellyfin.Api/Controllers/LiveTvController.cs       |   2 +-
 Jellyfin.Api/Controllers/MusicGenresController.cs  |   5 +
 Jellyfin.Api/Controllers/PlaystateController.cs    |  20 ++++
 Jellyfin.Api/Controllers/SessionController.cs      |   4 +
 Jellyfin.Api/Controllers/UserController.cs         |  25 +++-
 Jellyfin.Api/Controllers/UserLibraryController.cs  |  41 +++++++
 Jellyfin.Api/Controllers/VideosController.cs       |   7 +-
 Jellyfin.Api/Helpers/MediaInfoHelper.cs            |   2 +-
 Jellyfin.Api/Helpers/RequestHelpers.cs             |   7 +-
 Jellyfin.Api/Models/UserDtos/CreateUserByName.cs   |   7 +-
 Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs  |   2 +-
 .../Models/UserDtos/ForgotPasswordPinDto.cs        |   2 +-
 .../Devices/DeviceManager.cs                       |   5 +
 MediaBrowser.Controller/Dto/IDtoService.cs         |   7 +-
 MediaBrowser.Controller/Library/IUserManager.cs    |  10 +-
 .../Library/LibraryManagerExtensions.cs            |   4 +-
 .../AuthHelper.cs                                  |  28 +++++
 .../Controllers/MusicGenreControllerTests.cs       |  26 +++++
 .../Controllers/UserControllerTests.cs             |  12 +-
 .../Controllers/UserLibraryControllerTests.cs      | 129 +++++++++++++++++++++
 .../Controllers/VideosControllerTests.cs           |  27 +++++
 25 files changed, 370 insertions(+), 30 deletions(-)
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs
 create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs

(limited to 'Jellyfin.Api/Controllers/LiveTvController.cs')

diff --git a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
index cdd7d8a52..2ef244a0a 100644
--- a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
+++ b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
@@ -2,6 +2,7 @@
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.SyncPlay;
@@ -47,6 +48,10 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
 
             var userId = context.User.GetUserId();
             var user = _userManager.GetUserById(userId);
+            if (user is null)
+            {
+                throw new ResourceNotFoundException();
+            }
 
             if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
             {
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index cc824c65a..7261c47e9 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -99,12 +99,17 @@ public class ImageController : BaseJellyfinApiController
         [FromRoute, Required] ImageType imageType,
         [FromQuery] int? index = null)
     {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
         }
 
-        var user = _userManager.GetUserById(userId);
         var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
         await using (memoryStream.ConfigureAwait(false))
         {
@@ -148,12 +153,17 @@ public class ImageController : BaseJellyfinApiController
         [FromRoute, Required] ImageType imageType,
         [FromRoute] int index)
     {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
         }
 
-        var user = _userManager.GetUserById(userId);
         var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
         await using (memoryStream.ConfigureAwait(false))
         {
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 134974dbe..1bfc111af 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -815,6 +815,11 @@ public class ItemsController : BaseJellyfinApiController
         [FromQuery] bool excludeActiveSessions = false)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var parentIdGuid = parentId ?? Guid.Empty;
         var dtoOptions = new DtoOptions { Fields = fields }
             .AddClientFields(User)
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 830f84849..a311554b4 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -452,6 +452,10 @@ public class LibraryController : BaseJellyfinApiController
             if (user is not null)
             {
                 parent = TranslateParentItem(parent, user);
+                if (parent is null)
+                {
+                    break;
+                }
             }
 
             baseItemDtos.Add(_dtoService.GetBaseItemDto(parent, dtoOptions, user));
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 21b424346..1aa1d8a10 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -1211,7 +1211,7 @@ public class LiveTvController : BaseJellyfinApiController
 
     private async Task AssertUserCanManageLiveTv()
     {
-        var user = _userManager.GetUserById(User.GetUserId());
+        var user = _userManager.GetUserById(User.GetUserId()) ?? throw new ResourceNotFoundException();
         var session = await _sessionManager.LogSessionActivity(
             User.GetClient(),
             User.GetVersion(),
diff --git a/Jellyfin.Api/Controllers/MusicGenresController.cs b/Jellyfin.Api/Controllers/MusicGenresController.cs
index 302f138eb..b08c8c447 100644
--- a/Jellyfin.Api/Controllers/MusicGenresController.cs
+++ b/Jellyfin.Api/Controllers/MusicGenresController.cs
@@ -158,6 +158,11 @@ public class MusicGenresController : BaseJellyfinApiController
             item = _libraryManager.GetMusicGenre(genreName);
         }
 
+        if (item is null)
+        {
+            return NotFound();
+        }
+
         if (userId.HasValue && !userId.Value.Equals(default))
         {
             var user = _userManager.GetUserById(userId.Value);
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index 18d6ebf1e..ea8a59cfd 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -77,6 +77,11 @@ public class PlaystateController : BaseJellyfinApiController
         [FromQuery, ModelBinder(typeof(LegacyDateTimeModelBinder))] DateTime? datePlayed)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var session = await RequestHelpers.GetSession(_sessionManager, _userManager, HttpContext).ConfigureAwait(false);
 
         var item = _libraryManager.GetItemById(itemId);
@@ -89,6 +94,11 @@ public class PlaystateController : BaseJellyfinApiController
         foreach (var additionalUserInfo in session.AdditionalUsers)
         {
             var additionalUser = _userManager.GetUserById(additionalUserInfo.UserId);
+            if (additionalUser is null)
+            {
+                return NotFound();
+            }
+
             UpdatePlayedStatus(additionalUser, item, true, datePlayed);
         }
 
@@ -109,6 +119,11 @@ public class PlaystateController : BaseJellyfinApiController
     public async Task<ActionResult<UserItemDataDto>> MarkUnplayedItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var session = await RequestHelpers.GetSession(_sessionManager, _userManager, HttpContext).ConfigureAwait(false);
         var item = _libraryManager.GetItemById(itemId);
 
@@ -121,6 +136,11 @@ public class PlaystateController : BaseJellyfinApiController
         foreach (var additionalUserInfo in session.AdditionalUsers)
         {
             var additionalUser = _userManager.GetUserById(additionalUserInfo.UserId);
+            if (additionalUser is null)
+            {
+                return NotFound();
+            }
+
             UpdatePlayedStatus(additionalUser, item, false, null);
         }
 
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index ef3364478..782fcadbb 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -75,6 +75,10 @@ public class SessionController : BaseJellyfinApiController
             result = result.Where(i => i.SupportsRemoteControl);
 
             var user = _userManager.GetUserById(controllableByUserId.Value);
+            if (user is null)
+            {
+                return NotFound();
+            }
 
             if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
             {
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 7f184f31e..911e50132 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -147,6 +147,11 @@ public class UserController : BaseJellyfinApiController
     public async Task<ActionResult> DeleteUser([FromRoute, Required] Guid userId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         await _sessionManager.RevokeUserTokens(user.Id, null).ConfigureAwait(false);
         await _userManager.DeleteUserAsync(userId).ConfigureAwait(false);
         return NoContent();
@@ -281,8 +286,8 @@ public class UserController : BaseJellyfinApiController
             {
                 var success = await _userManager.AuthenticateUser(
                     user.Username,
-                    request.CurrentPw,
-                    request.CurrentPw,
+                    request.CurrentPw ?? string.Empty,
+                    request.CurrentPw ?? string.Empty,
                     HttpContext.GetNormalizedRemoteIp().ToString(),
                     false).ConfigureAwait(false);
 
@@ -292,7 +297,7 @@ public class UserController : BaseJellyfinApiController
                 }
             }
 
-            await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
+            await _userManager.ChangePassword(user, request.NewPw ?? string.Empty).ConfigureAwait(false);
 
             var currentToken = User.GetToken();
 
@@ -338,7 +343,7 @@ public class UserController : BaseJellyfinApiController
         }
         else
         {
-            await _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword).ConfigureAwait(false);
+            await _userManager.ChangeEasyPassword(user, request.NewPw ?? string.Empty, request.NewPassword ?? string.Empty).ConfigureAwait(false);
         }
 
         return NoContent();
@@ -362,13 +367,17 @@ public class UserController : BaseJellyfinApiController
         [FromRoute, Required] Guid userId,
         [FromBody, Required] UserDto updateUser)
     {
+        var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true))
         {
             return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
         }
 
-        var user = _userManager.GetUserById(userId);
-
         if (!string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
         {
             await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
@@ -398,6 +407,10 @@ public class UserController : BaseJellyfinApiController
         [FromBody, Required] UserPolicy newPolicy)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         // If removing admin access
         if (!newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator))
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 556cf3894..1e54a9781 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -79,10 +79,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public async Task<ActionResult<BaseItemDto>> GetItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         await RefreshItemOnDemandIfNeeded(item).ConfigureAwait(false);
 
@@ -102,6 +110,11 @@ public class UserLibraryController : BaseJellyfinApiController
     public ActionResult<BaseItemDto> GetRootFolder([FromRoute, Required] Guid userId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
+
         var item = _libraryManager.GetUserRootFolder();
         var dtoOptions = new DtoOptions().AddClientFields(User);
         return _dtoService.GetBaseItemDto(item, dtoOptions, user);
@@ -119,10 +132,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetIntros([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         var items = await _libraryManager.GetIntros(item, user).ConfigureAwait(false);
         var dtoOptions = new DtoOptions().AddClientFields(User);
@@ -200,10 +221,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public ActionResult<IEnumerable<BaseItemDto>> GetLocalTrailers([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
@@ -230,10 +259,18 @@ public class UserLibraryController : BaseJellyfinApiController
     public ActionResult<IEnumerable<BaseItemDto>> GetSpecialFeatures([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         var item = itemId.Equals(default)
             ? _libraryManager.GetUserRootFolder()
             : _libraryManager.GetItemById(itemId);
+        if (item is null)
+        {
+            return NotFound();
+        }
 
         var dtoOptions = new DtoOptions().AddClientFields(User);
 
@@ -275,6 +312,10 @@ public class UserLibraryController : BaseJellyfinApiController
         [FromQuery] bool groupItems = true)
     {
         var user = _userManager.GetUserById(userId);
+        if (user is null)
+        {
+            return NotFound();
+        }
 
         if (!isPlayed.HasValue)
         {
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 01a319879..12aa47ead 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -155,7 +155,12 @@ public class VideosController : BaseJellyfinApiController
 
         if (video.LinkedAlternateVersions.Length == 0)
         {
-            video = (Video)_libraryManager.GetItemById(video.PrimaryVersionId);
+            video = (Video?)_libraryManager.GetItemById(video.PrimaryVersionId);
+        }
+
+        if (video is null)
+        {
+            return NotFound();
         }
 
         foreach (var link in video.GetLinkedAlternateVersions())
diff --git a/Jellyfin.Api/Helpers/MediaInfoHelper.cs b/Jellyfin.Api/Helpers/MediaInfoHelper.cs
index df37d96c6..5910d8073 100644
--- a/Jellyfin.Api/Helpers/MediaInfoHelper.cs
+++ b/Jellyfin.Api/Helpers/MediaInfoHelper.cs
@@ -200,7 +200,7 @@ public class MediaInfoHelper
             options.SubtitleStreamIndex = subtitleStreamIndex;
         }
 
-        var user = _userManager.GetUserById(userId);
+        var user = _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException();
 
         if (!enableDirectPlay)
         {
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 3ce2b834d..0b7a4fa1a 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -81,6 +81,11 @@ public static class RequestHelpers
         }
 
         var user = userManager.GetUserById(userId);
+        if (user is null)
+        {
+            throw new ResourceNotFoundException();
+        }
+
         return user.EnableUserPreferenceAccess;
     }
 
@@ -98,7 +103,7 @@ public static class RequestHelpers
 
         if (session is null)
         {
-            throw new ArgumentException("Session not found.");
+            throw new ResourceNotFoundException("Session not found.");
         }
 
         return session;
diff --git a/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
index 0503c5d57..6b6d9682b 100644
--- a/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
+++ b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
@@ -1,4 +1,6 @@
-namespace Jellyfin.Api.Models.UserDtos;
+using System.ComponentModel.DataAnnotations;
+
+namespace Jellyfin.Api.Models.UserDtos;
 
 /// <summary>
 /// The create user by name request body.
@@ -8,7 +10,8 @@ public class CreateUserByName
     /// <summary>
     /// Gets or sets the username.
     /// </summary>
-    public string? Name { get; set; }
+    [Required]
+    required public string Name { get; set; }
 
     /// <summary>
     /// Gets or sets the password.
diff --git a/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs b/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs
index ebe9297ea..a0631fd07 100644
--- a/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs
+++ b/Jellyfin.Api/Models/UserDtos/ForgotPasswordDto.cs
@@ -11,5 +11,5 @@ public class ForgotPasswordDto
     /// Gets or sets the entered username to have its password reset.
     /// </summary>
     [Required]
-    public string? EnteredUsername { get; set; }
+    required public string EnteredUsername { get; set; }
 }
diff --git a/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs b/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs
index 2949efe29..79b8a5d63 100644
--- a/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs
+++ b/Jellyfin.Api/Models/UserDtos/ForgotPasswordPinDto.cs
@@ -11,5 +11,5 @@ public class ForgotPasswordPinDto
     /// Gets or sets the entered pin to have the password reset.
     /// </summary>
     [Required]
-    public string? Pin { get; set; }
+    required public string Pin { get; set; }
 }
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index 8b15d6823..a4b4c1959 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -9,6 +9,7 @@ using Jellyfin.Data.Enums;
 using Jellyfin.Data.Events;
 using Jellyfin.Data.Queries;
 using Jellyfin.Extensions;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Devices;
@@ -185,6 +186,10 @@ namespace Jellyfin.Server.Implementations.Devices
                 if (userId.HasValue)
                 {
                     var user = _userManager.GetUserById(userId.Value);
+                    if (user is null)
+                    {
+                        throw new ResourceNotFoundException();
+                    }
 
                     sessions = sessions.Where(i => CanAccessDevice(user, i.DeviceId));
                 }
diff --git a/MediaBrowser.Controller/Dto/IDtoService.cs b/MediaBrowser.Controller/Dto/IDtoService.cs
index 89aafc84f..22453f0f7 100644
--- a/MediaBrowser.Controller/Dto/IDtoService.cs
+++ b/MediaBrowser.Controller/Dto/IDtoService.cs
@@ -1,4 +1,3 @@
-#nullable disable
 #pragma warning disable CA1002
 
 using System.Collections.Generic;
@@ -28,7 +27,7 @@ namespace MediaBrowser.Controller.Dto
         /// <param name="user">The user.</param>
         /// <param name="owner">The owner.</param>
         /// <returns>BaseItemDto.</returns>
-        BaseItemDto GetBaseItemDto(BaseItem item, DtoOptions options, User user = null, BaseItem owner = null);
+        BaseItemDto GetBaseItemDto(BaseItem item, DtoOptions options, User? user = null, BaseItem? owner = null);
 
         /// <summary>
         /// Gets the base item dtos.
@@ -38,7 +37,7 @@ namespace MediaBrowser.Controller.Dto
         /// <param name="user">The user.</param>
         /// <param name="owner">The owner.</param>
         /// <returns>The <see cref="IReadOnlyList{T}"/> of <see cref="BaseItemDto"/>.</returns>
-        IReadOnlyList<BaseItemDto> GetBaseItemDtos(IReadOnlyList<BaseItem> items, DtoOptions options, User user = null, BaseItem owner = null);
+        IReadOnlyList<BaseItemDto> GetBaseItemDtos(IReadOnlyList<BaseItem> items, DtoOptions options, User? user = null, BaseItem? owner = null);
 
         /// <summary>
         /// Gets the item by name dto.
@@ -48,6 +47,6 @@ namespace MediaBrowser.Controller.Dto
         /// <param name="taggedItems">The list of tagged items.</param>
         /// <param name="user">The user.</param>
         /// <returns>The item dto.</returns>
-        BaseItemDto GetItemByNameDto(BaseItem item, DtoOptions options, List<BaseItem> taggedItems, User user = null);
+        BaseItemDto GetItemByNameDto(BaseItem item, DtoOptions options, List<BaseItem>? taggedItems, User? user = null);
     }
 }
diff --git a/MediaBrowser.Controller/Library/IUserManager.cs b/MediaBrowser.Controller/Library/IUserManager.cs
index 993e3e18f..37b4afcf3 100644
--- a/MediaBrowser.Controller/Library/IUserManager.cs
+++ b/MediaBrowser.Controller/Library/IUserManager.cs
@@ -1,5 +1,3 @@
-#nullable disable
-
 #pragma warning disable CS1591
 
 using System;
@@ -47,14 +45,14 @@ namespace MediaBrowser.Controller.Library
         /// <param name="id">The id.</param>
         /// <returns>The user with the specified Id, or <c>null</c> if the user doesn't exist.</returns>
         /// <exception cref="ArgumentException"><c>id</c> is an empty Guid.</exception>
-        User GetUserById(Guid id);
+        User? GetUserById(Guid id);
 
         /// <summary>
         /// Gets the name of the user by.
         /// </summary>
         /// <param name="name">The name.</param>
         /// <returns>User.</returns>
-        User GetUserByName(string name);
+        User? GetUserByName(string name);
 
         /// <summary>
         /// Renames the user.
@@ -128,7 +126,7 @@ namespace MediaBrowser.Controller.Library
         /// <param name="user">The user.</param>
         /// <param name="remoteEndPoint">The remote end point.</param>
         /// <returns>UserDto.</returns>
-        UserDto GetUserDto(User user, string remoteEndPoint = null);
+        UserDto GetUserDto(User user, string? remoteEndPoint = null);
 
         /// <summary>
         /// Authenticates the user.
@@ -139,7 +137,7 @@ namespace MediaBrowser.Controller.Library
         /// <param name="remoteEndPoint">Remove endpoint to use.</param>
         /// <param name="isUserSession">Specifies if a user session.</param>
         /// <returns>User wrapped in awaitable task.</returns>
-        Task<User> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession);
+        Task<User?> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession);
 
         /// <summary>
         /// Starts the forgot password process.
diff --git a/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs b/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs
index 7bc8fa5ab..6d2c3c3d2 100644
--- a/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs
+++ b/MediaBrowser.Controller/Library/LibraryManagerExtensions.cs
@@ -1,5 +1,3 @@
-#nullable disable
-
 #pragma warning disable CS1591
 
 using System;
@@ -9,7 +7,7 @@ namespace MediaBrowser.Controller.Library
 {
     public static class LibraryManagerExtensions
     {
-        public static BaseItem GetItemById(this ILibraryManager manager, string id)
+        public static BaseItem? GetItemById(this ILibraryManager manager, string id)
         {
             return manager.GetItemById(new Guid(id));
         }
diff --git a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
index 9eb0beda4..3737fee0a 100644
--- a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
@@ -8,6 +8,7 @@ using System.Threading.Tasks;
 using Jellyfin.Api.Models.StartupDtos;
 using Jellyfin.Api.Models.UserDtos;
 using Jellyfin.Extensions.Json;
+using MediaBrowser.Model.Dto;
 using Xunit;
 
 namespace Jellyfin.Server.Integration.Tests
@@ -43,6 +44,33 @@ namespace Jellyfin.Server.Integration.Tests
             return auth!.AccessToken;
         }
 
+        public static async Task<UserDto> GetUserDtoAsync(HttpClient client)
+        {
+            using var response = await client.GetAsync("Users/Me").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var userDto = await JsonSerializer.DeserializeAsync<UserDto>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false), JsonDefaults.Options).ConfigureAwait(false);
+            Assert.NotNull(userDto);
+            return userDto;
+        }
+
+        public static async Task<BaseItemDto> GetRootFolderDtoAsync(HttpClient client, Guid userId = default)
+        {
+            if (userId.Equals(default))
+            {
+                var userDto = await GetUserDtoAsync(client).ConfigureAwait(false);
+                userId = userDto.Id;
+            }
+
+            var response = await client.GetAsync($"Users/{userId}/Items/Root").ConfigureAwait(false);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var rootDto = await JsonSerializer.DeserializeAsync<BaseItemDto>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    JsonDefaults.Options).ConfigureAwait(false);
+            Assert.NotNull(rootDto);
+            return rootDto;
+        }
+
         public static void AddAuthHeader(this HttpHeaders headers, string accessToken)
         {
             headers.Add(AuthHeaderName, DummyAuthHeader + $", Token={accessToken}");
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs
new file mode 100644
index 000000000..17f3dc99f
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/MusicGenreControllerTests.cs
@@ -0,0 +1,26 @@
+using System.Net;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class MusicGenreControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private static string? _accessToken;
+
+    public MusicGenreControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task MusicGenres_FakeMusicGenre_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync("MusicGenres/Fake-MusicGenre").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
index 2b825a93a..e5cde6676 100644
--- a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserControllerTests.cs
@@ -66,6 +66,16 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
             Assert.False(users![0].HasConfiguredPassword);
         }
 
+        [Fact]
+        [Priority(-1)]
+        public async Task Me_Valid_Success()
+        {
+            var client = _factory.CreateClient();
+            client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+            _ = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        }
+
         [Fact]
         [Priority(0)]
         public async Task New_Valid_Success()
@@ -108,7 +118,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
 
             var createRequest = new CreateUserByName()
             {
-                Name = username
+                Name = username!
             };
 
             using var response = await CreateUserByName(client, createRequest).ConfigureAwait(false);
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs
new file mode 100644
index 000000000..69f2ccf33
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/UserLibraryControllerTests.cs
@@ -0,0 +1,129 @@
+using System;
+using System.Globalization;
+using System.Net;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Jellyfin.Extensions.Json;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Querying;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class UserLibraryControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private readonly JsonSerializerOptions _jsonOptions = JsonDefaults.Options;
+    private static string? _accessToken;
+
+    public UserLibraryControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task GetRootFolder_NonExistenUserId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.GetAsync($"Users/{Guid.NewGuid()}/Items/Root").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Fact]
+    public async Task GetRootFolder_UserId_Valid()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        _ = await AuthHelper.GetRootFolderDtoAsync(client).ConfigureAwait(false);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items/{1}")]
+    [InlineData("Users/{0}/Items/{1}/Intros")]
+    [InlineData("Users/{0}/Items/{1}/LocalTrailers")]
+    [InlineData("Users/{0}/Items/{1}/SpecialFeatures")]
+    [InlineData("Users/{0}/Items/{1}/Lyrics")]
+    public async Task GetItem_NonExistenUserId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid(), rootFolderDto.Id)).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items/{1}")]
+    [InlineData("Users/{0}/Items/{1}/Intros")]
+    [InlineData("Users/{0}/Items/{1}/LocalTrailers")]
+    [InlineData("Users/{0}/Items/{1}/SpecialFeatures")]
+    [InlineData("Users/{0}/Items/{1}/Lyrics")]
+    public async Task GetItem_NonExistentItemId_NotFound(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, userDto.Id, Guid.NewGuid())).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+
+    [Fact]
+    public async Task GetItem_UserIdAndItemId_Valid()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client, userDto.Id).ConfigureAwait(false);
+
+        var response = await client.GetAsync($"Users/{userDto.Id}/Items/{rootFolderDto.Id}").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var rootDto = await JsonSerializer.DeserializeAsync<BaseItemDto>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(rootDto);
+    }
+
+    [Fact]
+    public async Task GetIntros_UserIdAndItemId_Valid()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client, userDto.Id).ConfigureAwait(false);
+
+        var response = await client.GetAsync($"Users/{userDto.Id}/Items/{rootFolderDto.Id}/Intros").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var rootDto = await JsonSerializer.DeserializeAsync<QueryResult<BaseItemDto>>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(rootDto);
+    }
+
+    [Theory]
+    [InlineData("Users/{0}/Items/{1}/LocalTrailers")]
+    [InlineData("Users/{0}/Items/{1}/SpecialFeatures")]
+    public async Task LocalTrailersAndSpecialFeatures_UserIdAndItemId_Valid(string format)
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var userDto = await AuthHelper.GetUserDtoAsync(client).ConfigureAwait(false);
+        var rootFolderDto = await AuthHelper.GetRootFolderDtoAsync(client, userDto.Id).ConfigureAwait(false);
+
+        var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, userDto.Id, rootFolderDto.Id)).ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        var rootDto = await JsonSerializer.DeserializeAsync<BaseItemDto[]>(
+                    await response.Content.ReadAsStreamAsync().ConfigureAwait(false),
+                    _jsonOptions).ConfigureAwait(false);
+        Assert.NotNull(rootDto);
+    }
+}
diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs
new file mode 100644
index 000000000..0f9a2e90a
--- /dev/null
+++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/VideosControllerTests.cs
@@ -0,0 +1,27 @@
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace Jellyfin.Server.Integration.Tests.Controllers;
+
+public sealed class VideosControllerTests : IClassFixture<JellyfinApplicationFactory>
+{
+    private readonly JellyfinApplicationFactory _factory;
+    private static string? _accessToken;
+
+    public VideosControllerTests(JellyfinApplicationFactory factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task DeleteAlternateSources_NonExistentItemId_NotFound()
+    {
+        var client = _factory.CreateClient();
+        client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
+
+        var response = await client.DeleteAsync($"Videos/{Guid.NewGuid()}").ConfigureAwait(false);
+        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+    }
+}
-- 
cgit v1.2.3


From 209edd38a4163a8cf4abd5e47bfe0ea1a100f351 Mon Sep 17 00:00:00 2001
From: cvium <clausvium@gmail.com>
Date: Wed, 8 Feb 2023 23:55:26 +0100
Subject: refactor: simplify authz

---
 .../AnonymousLanAccessHandler.cs                   |   3 +-
 Jellyfin.Api/Auth/BaseAuthorizationHandler.cs      | 113 ----------------
 .../DefaultAuthorizationHandler.cs                 |  47 ++++++-
 .../DefaultAuthorizationRequirement.cs             |  13 ++
 .../Auth/DownloadPolicy/DownloadHandler.cs         |  44 -------
 .../Auth/DownloadPolicy/DownloadRequirement.cs     |  11 --
 ...FirstTimeOrIgnoreParentalControlSetupHandler.cs |  56 --------
 ...tTimeOrIgnoreParentalControlSetupRequirement.cs |  11 --
 .../FirstTimeSetupOrDefaultHandler.cs              |  56 --------
 .../FirstTimeSetupOrDefaultRequirement.cs          |  11 --
 .../FirstTimeSetupOrElevatedHandler.cs             |  57 --------
 .../FirstTimeSetupOrElevatedRequirement.cs         |  11 --
 .../FirstTimeSetupPolicy/FirstTimeSetupHandler.cs  |  61 +++++++++
 .../FirstTimeSetupRequirement.cs                   |  26 ++++
 .../IgnoreParentalControlHandler.cs                |  44 -------
 .../IgnoreParentalControlRequirement.cs            |  11 --
 .../LocalAccessOrRequiresElevationHandler.cs       |  45 -------
 .../LocalAccessOrRequiresElevationRequirement.cs   |  11 --
 .../Auth/LocalAccessPolicy/LocalAccessHandler.cs   |  44 -------
 .../LocalAccessPolicy/LocalAccessRequirement.cs    |  11 --
 .../RequiresElevationHandler.cs                    |  45 -------
 .../RequiresElevationRequirement.cs                |  11 --
 .../SyncPlayAccessPolicy/SyncPlayAccessHandler.cs  |  41 +-----
 .../SyncPlayAccessRequirement.cs                   |   6 +-
 .../UserPermissionPolicy/UserPermissionHandler.cs  |  37 ++++++
 .../UserPermissionRequirement.cs                   |  26 ++++
 Jellyfin.Api/Constants/Policies.cs                 |   5 -
 Jellyfin.Api/Controllers/ArtistsController.cs      |   3 +-
 Jellyfin.Api/Controllers/ChannelsController.cs     |   3 +-
 Jellyfin.Api/Controllers/ClientLogController.cs    |   3 +-
 Jellyfin.Api/Controllers/CollectionController.cs   |   3 +-
 .../Controllers/ConfigurationController.cs         |   2 +-
 Jellyfin.Api/Controllers/DashboardController.cs    |   3 +-
 .../Controllers/DisplayPreferencesController.cs    |   3 +-
 Jellyfin.Api/Controllers/DynamicHlsController.cs   |   3 +-
 Jellyfin.Api/Controllers/FilterController.cs       |   3 +-
 Jellyfin.Api/Controllers/GenresController.cs       |   5 +-
 Jellyfin.Api/Controllers/HlsSegmentController.cs   |   5 +-
 Jellyfin.Api/Controllers/ImageController.cs        |  18 +--
 Jellyfin.Api/Controllers/InstantMixController.cs   |   3 +-
 Jellyfin.Api/Controllers/ItemLookupController.cs   |   2 +-
 Jellyfin.Api/Controllers/ItemsController.cs        |   3 +-
 Jellyfin.Api/Controllers/LibraryController.cs      |  80 ++++++------
 Jellyfin.Api/Controllers/LiveTvController.cs       |  77 ++++++-----
 Jellyfin.Api/Controllers/MediaInfoController.cs    |   3 +-
 Jellyfin.Api/Controllers/MoviesController.cs       |   3 +-
 Jellyfin.Api/Controllers/MusicGenresController.cs  |   3 +-
 Jellyfin.Api/Controllers/PackageController.cs      |   2 +-
 Jellyfin.Api/Controllers/PersonsController.cs      |   3 +-
 Jellyfin.Api/Controllers/PlaylistsController.cs    |   3 +-
 Jellyfin.Api/Controllers/PlaystateController.cs    |   3 +-
 Jellyfin.Api/Controllers/PluginsController.cs      |   2 +-
 Jellyfin.Api/Controllers/QuickConnectController.cs |   2 +-
 Jellyfin.Api/Controllers/RemoteImageController.cs  |   4 +-
 Jellyfin.Api/Controllers/SearchController.cs       |   3 +-
 Jellyfin.Api/Controllers/SessionController.cs      |  28 ++--
 Jellyfin.Api/Controllers/StudiosController.cs      |   3 +-
 Jellyfin.Api/Controllers/SubtitleController.cs     |  12 +-
 Jellyfin.Api/Controllers/SuggestionsController.cs  |   3 +-
 Jellyfin.Api/Controllers/SystemController.cs       |   4 +-
 Jellyfin.Api/Controllers/TrailersController.cs     |   3 +-
 Jellyfin.Api/Controllers/TvShowsController.cs      |   3 +-
 .../Controllers/UniversalAudioController.cs        |   3 +-
 Jellyfin.Api/Controllers/UserController.cs         |  12 +-
 Jellyfin.Api/Controllers/UserLibraryController.cs  |   3 +-
 Jellyfin.Api/Controllers/UserViewsController.cs    |   3 +-
 Jellyfin.Api/Controllers/VideosController.cs       |   2 +-
 Jellyfin.Api/Controllers/YearsController.cs        |   3 +-
 Jellyfin.Api/Middleware/LanFilteringMiddleware.cs  |  11 +-
 Jellyfin.Data/DayOfWeekHelper.cs                   |  11 ++
 Jellyfin.Data/Entities/User.cs                     |   3 +-
 .../Extensions/ApiServiceCollectionExtensions.cs   | 143 +++++----------------
 .../FirstTimeSetupOrElevatedHandlerTests.cs        |  71 ----------
 .../FirstTimeSetupHandlerTests.cs                  |  72 +++++++++++
 .../IgnoreScheduleHandlerTests.cs                  |   8 +-
 .../LocalAccessPolicy/LocalAccessHandlerTests.cs   |  59 ---------
 .../RequiresElevationHandlerTests.cs               |  53 --------
 77 files changed, 494 insertions(+), 1126 deletions(-)
 delete mode 100644 Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
 create mode 100644 Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs
 create mode 100644 Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs
 delete mode 100644 tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs
 create mode 100644 tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
 delete mode 100644 tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs
 delete mode 100644 tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs

(limited to 'Jellyfin.Api/Controllers/LiveTvController.cs')

diff --git a/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
index d4b1ffb06..741b88ea9 100644
--- a/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
+++ b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -29,7 +30,7 @@ namespace Jellyfin.Api.Auth.AnonymousLanAccessPolicy
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement)
         {
-            var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress;
+            var ip = _httpContextAccessor.HttpContext?.GetNormalizedRemoteIp();
 
             // Loopback will be on LAN, so we can accept null.
             if (ip is null || _networkManager.IsInLocalNetwork(ip))
diff --git a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
deleted file mode 100644
index 8e5e66d64..000000000
--- a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-using System.Security.Claims;
-using Jellyfin.Api.Extensions;
-using Jellyfin.Api.Helpers;
-using Jellyfin.Data.Enums;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth
-{
-    /// <summary>
-    /// Base authorization handler.
-    /// </summary>
-    /// <typeparam name="T">Type of Authorization Requirement.</typeparam>
-    public abstract class BaseAuthorizationHandler<T> : AuthorizationHandler<T>
-        where T : IAuthorizationRequirement
-    {
-        private readonly IUserManager _userManager;
-        private readonly INetworkManager _networkManager;
-        private readonly IHttpContextAccessor _httpContextAccessor;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="BaseAuthorizationHandler{T}"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        protected BaseAuthorizationHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-        {
-            _userManager = userManager;
-            _networkManager = networkManager;
-            _httpContextAccessor = httpContextAccessor;
-        }
-
-        /// <summary>
-        /// Validate authenticated claims.
-        /// </summary>
-        /// <param name="claimsPrincipal">Request claims.</param>
-        /// <param name="ignoreSchedule">Whether to ignore parental control.</param>
-        /// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
-        /// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
-        /// <returns>Validated claim status.</returns>
-        protected bool ValidateClaims(
-            ClaimsPrincipal claimsPrincipal,
-            bool ignoreSchedule = false,
-            bool localAccessOnly = false,
-            bool requiredDownloadPermission = false)
-        {
-            // ApiKey is currently global admin, always allow.
-            var isApiKey = claimsPrincipal.GetIsApiKey();
-            if (isApiKey)
-            {
-                return true;
-            }
-
-            // Ensure claim has userId.
-            var userId = claimsPrincipal.GetUserId();
-            if (userId.Equals(default))
-            {
-                return false;
-            }
-
-            // Ensure userId links to a valid user.
-            var user = _userManager.GetUserById(userId);
-            if (user is null)
-            {
-                return false;
-            }
-
-            // Ensure user is not disabled.
-            if (user.HasPermission(PermissionKind.IsDisabled))
-            {
-                return false;
-            }
-
-            var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
-                && _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
-
-            // User cannot access remotely and user is remote
-            if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork)
-            {
-                return false;
-            }
-
-            if (localAccessOnly && !isInLocalNetwork)
-            {
-                return false;
-            }
-
-            // User attempting to access out of parental control hours.
-            if (!ignoreSchedule
-                && !user.HasPermission(PermissionKind.IsAdministrator)
-                && !user.IsParentalScheduleAllowed())
-            {
-                return false;
-            }
-
-            // User attempting to download without permission.
-            if (requiredDownloadPermission
-                && !user.HasPermission(PermissionKind.EnableContentDownloading))
-            {
-                return false;
-            }
-
-            return true;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
index be77b7a4e..7489e2a35 100644
--- a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
@@ -1,4 +1,8 @@
 using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Extensions;
+using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Library;
 using Microsoft.AspNetCore.Authorization;
@@ -9,8 +13,12 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
     /// <summary>
     /// Default authorization handler.
     /// </summary>
-    public class DefaultAuthorizationHandler : BaseAuthorizationHandler<DefaultAuthorizationRequirement>
+    public class DefaultAuthorizationHandler : AuthorizationHandler<DefaultAuthorizationRequirement>
     {
+        private readonly IUserManager _userManager;
+        private readonly INetworkManager _networkManager;
+        private readonly IHttpContextAccessor _httpContextAccessor;
+
         /// <summary>
         /// Initializes a new instance of the <see cref="DefaultAuthorizationHandler"/> class.
         /// </summary>
@@ -21,21 +29,50 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
             IUserManager userManager,
             INetworkManager networkManager,
             IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
         {
+            _userManager = userManager;
+            _networkManager = networkManager;
+            _httpContextAccessor = httpContextAccessor;
         }
 
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirement requirement)
         {
-            var validated = ValidateClaims(context.User);
-            if (validated)
+            // Admins can do everything
+            if (context.User.GetIsApiKey() || context.User.IsInRole(UserRoles.Administrator))
             {
                 context.Succeed(requirement);
+                return Task.CompletedTask;
             }
-            else
+
+            var userId = context.User.GetUserId();
+            // This likely only happens during the wizard, so skip the default checks and let any other handlers do it
+            if (userId.Equals(default))
+            {
+                return Task.CompletedTask;
+            }
+
+            var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
+                                   && _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
+            var user = _userManager.GetUserById(userId);
+            // User cannot access remotely and user is remote
+            if (!isInLocalNetwork && !user.HasPermission(PermissionKind.EnableRemoteAccess))
             {
                 context.Fail();
+                return Task.CompletedTask;
+            }
+
+            // It's not great to have this check, but parental schedule must usually be honored except in a few rare cases
+            if (requirement.ValidateParentalSchedule && !user.IsParentalScheduleAllowed())
+            {
+                context.Fail();
+                return Task.CompletedTask;
+            }
+
+            // Only succeed if the requirement isn't a subclass as any subclassed requirement will handle success in its own handler
+            if (requirement.GetType() == typeof(DefaultAuthorizationRequirement))
+            {
+                context.Succeed(requirement);
             }
 
             return Task.CompletedTask;
diff --git a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs
index 7cea00b69..0846e7515 100644
--- a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs
+++ b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs
@@ -7,5 +7,18 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
     /// </summary>
     public class DefaultAuthorizationRequirement : IAuthorizationRequirement
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DefaultAuthorizationRequirement"/> class.
+        /// </summary>
+        /// <param name="validateParentalSchedule">A value indicating whether to validate parental schedule.</param>
+        public DefaultAuthorizationRequirement(bool validateParentalSchedule = true)
+        {
+            ValidateParentalSchedule = validateParentalSchedule;
+        }
+
+        /// <summary>
+        /// Gets a value indicating whether to ignore parental schedule.
+        /// </summary>
+        public bool ValidateParentalSchedule { get; init; }
     }
 }
diff --git a/Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs b/Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs
deleted file mode 100644
index b61680ab1..000000000
--- a/Jellyfin.Api/Auth/DownloadPolicy/DownloadHandler.cs
+++ /dev/null
@@ -1,44 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.DownloadPolicy
-{
-    /// <summary>
-    /// Download authorization handler.
-    /// </summary>
-    public class DownloadHandler : BaseAuthorizationHandler<DownloadRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="DownloadHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public DownloadHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DownloadRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs b/Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs
deleted file mode 100644
index b0a72a9de..000000000
--- a/Jellyfin.Api/Auth/DownloadPolicy/DownloadRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.DownloadPolicy
-{
-    /// <summary>
-    /// The download permission requirement.
-    /// </summary>
-    public class DownloadRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs
deleted file mode 100644
index 31482a930..000000000
--- a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupHandler.cs
+++ /dev/null
@@ -1,56 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
-{
-    /// <summary>
-    /// Ignore parental control schedule and allow before startup wizard has been completed.
-    /// </summary>
-    public class FirstTimeOrIgnoreParentalControlSetupHandler : BaseAuthorizationHandler<FirstTimeOrIgnoreParentalControlSetupRequirement>
-    {
-        private readonly IConfigurationManager _configurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="FirstTimeOrIgnoreParentalControlSetupHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        public FirstTimeOrIgnoreParentalControlSetupHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor,
-            IConfigurationManager configurationManager)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-            _configurationManager = configurationManager;
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeOrIgnoreParentalControlSetupRequirement requirement)
-        {
-            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var validated = ValidateClaims(context.User, ignoreSchedule: true);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs b/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs
deleted file mode 100644
index 00aaec334..000000000
--- a/Jellyfin.Api/Auth/FirstTimeOrIgnoreParentalControlSetupPolicy/FirstTimeOrIgnoreParentalControlSetupRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
-{
-    /// <summary>
-    /// First time setup or ignore parental controls requirement.
-    /// </summary>
-    public class FirstTimeOrIgnoreParentalControlSetupRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
deleted file mode 100644
index dd0bd4ec2..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
+++ /dev/null
@@ -1,56 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
-{
-    /// <summary>
-    /// Authorization handler for requiring first time setup or default privileges.
-    /// </summary>
-    public class FirstTimeSetupOrDefaultHandler : BaseAuthorizationHandler<FirstTimeSetupOrDefaultRequirement>
-    {
-        private readonly IConfigurationManager _configurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="FirstTimeSetupOrDefaultHandler" /> class.
-        /// </summary>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public FirstTimeSetupOrDefaultHandler(
-            IConfigurationManager configurationManager,
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-            _configurationManager = configurationManager;
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrDefaultRequirement requirement)
-        {
-            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var validated = ValidateClaims(context.User);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
deleted file mode 100644
index f7366bd7a..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
-{
-    /// <summary>
-    /// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
-    /// </summary>
-    public class FirstTimeSetupOrDefaultRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
deleted file mode 100644
index 90b76ee99..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
+++ /dev/null
@@ -1,57 +0,0 @@
-using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
-{
-    /// <summary>
-    /// Authorization handler for requiring first time setup or elevated privileges.
-    /// </summary>
-    public class FirstTimeSetupOrElevatedHandler : BaseAuthorizationHandler<FirstTimeSetupOrElevatedRequirement>
-    {
-        private readonly IConfigurationManager _configurationManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="FirstTimeSetupOrElevatedHandler" /> class.
-        /// </summary>
-        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public FirstTimeSetupOrElevatedHandler(
-            IConfigurationManager configurationManager,
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-            _configurationManager = configurationManager;
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement requirement)
-        {
-            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
-            {
-                context.Succeed(requirement);
-                return Task.CompletedTask;
-            }
-
-            var validated = ValidateClaims(context.User);
-            if (validated && context.User.IsInRole(UserRoles.Administrator))
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
deleted file mode 100644
index 51ba637b6..000000000
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
-{
-    /// <summary>
-    /// The authorization requirement, requiring incomplete first time setup or elevated privileges, for the authorization handler.
-    /// </summary>
-    public class FirstTimeSetupOrElevatedRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
new file mode 100644
index 000000000..302e052a7
--- /dev/null
+++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
@@ -0,0 +1,61 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Extensions;
+using MediaBrowser.Common.Configuration;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
+{
+    /// <summary>
+    /// Authorization handler for requiring first time setup or default privileges.
+    /// </summary>
+    public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
+    {
+        private readonly IConfigurationManager _configurationManager;
+        private readonly IUserManager _userManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
+        /// </summary>
+        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        public FirstTimeSetupHandler(
+            IConfigurationManager configurationManager,
+            IUserManager userManager)
+        {
+            _configurationManager = configurationManager;
+            _userManager = userManager;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
+        {
+            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
+            {
+                context.Succeed(requirement);
+                return Task.CompletedTask;
+            }
+
+            if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
+            {
+                context.Fail();
+                return Task.CompletedTask;
+            }
+
+            if (!requirement.ValidateParentalSchedule)
+            {
+                context.Succeed(requirement);
+                return Task.CompletedTask;
+            }
+
+            var user = _userManager.GetUserById(context.User.GetUserId());
+            if (user.IsParentalScheduleAllowed())
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs
new file mode 100644
index 000000000..8b7a94954
--- /dev/null
+++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupRequirement.cs
@@ -0,0 +1,26 @@
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+
+namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
+{
+    /// <summary>
+    /// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
+    /// </summary>
+    public class FirstTimeSetupRequirement : DefaultAuthorizationRequirement
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="FirstTimeSetupRequirement"/> class.
+        /// </summary>
+        /// <param name="validateParentalSchedule">A value indicating whether to ignore parental schedule.</param>
+        /// <param name="requireAdmin">A value indicating whether administrator role is required.</param>
+        public FirstTimeSetupRequirement(bool validateParentalSchedule = false, bool requireAdmin = true)
+        {
+            ValidateParentalSchedule = validateParentalSchedule;
+            RequireAdmin = requireAdmin;
+        }
+
+        /// <summary>
+        /// Gets a value indicating whether administrator role is required.
+        /// </summary>
+        public bool RequireAdmin { get; }
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
deleted file mode 100644
index a7623556a..000000000
--- a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
+++ /dev/null
@@ -1,44 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
-{
-    /// <summary>
-    /// Escape schedule controls handler.
-    /// </summary>
-    public class IgnoreParentalControlHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="IgnoreParentalControlHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public IgnoreParentalControlHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreParentalControlRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, ignoreSchedule: true);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
deleted file mode 100644
index cdad74270..000000000
--- a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
-{
-    /// <summary>
-    /// Escape schedule controls requirement.
-    /// </summary>
-    public class IgnoreParentalControlRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
deleted file mode 100644
index 14722aa57..000000000
--- a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
-{
-    /// <summary>
-    /// Local access or require elevated privileges handler.
-    /// </summary>
-    public class LocalAccessOrRequiresElevationHandler : BaseAuthorizationHandler<LocalAccessOrRequiresElevationRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="LocalAccessOrRequiresElevationHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public LocalAccessOrRequiresElevationHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, localAccessOnly: true);
-            if (validated || context.User.IsInRole(UserRoles.Administrator))
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
deleted file mode 100644
index d9c64d01c..000000000
--- a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
-{
-    /// <summary>
-    /// The local access or elevated privileges authorization requirement.
-    /// </summary>
-    public class LocalAccessOrRequiresElevationRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs b/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs
deleted file mode 100644
index d772ec554..000000000
--- a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs
+++ /dev/null
@@ -1,44 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.LocalAccessPolicy
-{
-    /// <summary>
-    /// Local access handler.
-    /// </summary>
-    public class LocalAccessHandler : BaseAuthorizationHandler<LocalAccessRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="LocalAccessHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public LocalAccessHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, localAccessOnly: true);
-            if (validated)
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs b/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs
deleted file mode 100644
index 761127fa4..000000000
--- a/Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.LocalAccessPolicy
-{
-    /// <summary>
-    /// The local access authorization requirement.
-    /// </summary>
-    public class LocalAccessRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
deleted file mode 100644
index b235c4b63..000000000
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.RequiresElevationPolicy
-{
-    /// <summary>
-    /// Authorization handler for requiring elevated privileges.
-    /// </summary>
-    public class RequiresElevationHandler : BaseAuthorizationHandler<RequiresElevationRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="RequiresElevationHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public RequiresElevationHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User);
-            if (validated && context.User.IsInRole(UserRoles.Administrator))
-            {
-                context.Succeed(requirement);
-            }
-            else
-            {
-                context.Fail();
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
deleted file mode 100644
index cfff1cc0c..000000000
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.RequiresElevationPolicy
-{
-    /// <summary>
-    /// The authorization requirement for requiring elevated privileges in the authorization handler.
-    /// </summary>
-    public class RequiresElevationRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
index cdd7d8a52..5c1029b38 100644
--- a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
+++ b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessHandler.cs
@@ -1,19 +1,16 @@
 using System.Threading.Tasks;
 using Jellyfin.Api.Extensions;
-using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
-using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.SyncPlay;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 
 namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
 {
     /// <summary>
     /// Default authorization handler.
     /// </summary>
-    public class SyncPlayAccessHandler : BaseAuthorizationHandler<SyncPlayAccessRequirement>
+    public class SyncPlayAccessHandler : AuthorizationHandler<SyncPlayAccessRequirement>
     {
         private readonly ISyncPlayManager _syncPlayManager;
         private readonly IUserManager _userManager;
@@ -23,14 +20,9 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
         /// </summary>
         /// <param name="syncPlayManager">Instance of the <see cref="ISyncPlayManager"/> interface.</param>
         /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
         public SyncPlayAccessHandler(
             ISyncPlayManager syncPlayManager,
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
+            IUserManager userManager)
         {
             _syncPlayManager = syncPlayManager;
             _userManager = userManager;
@@ -39,27 +31,16 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
         {
-            if (!ValidateClaims(context.User))
-            {
-                context.Fail();
-                return Task.CompletedTask;
-            }
-
             var userId = context.User.GetUserId();
             var user = _userManager.GetUserById(userId);
 
             if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
             {
-                if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups
-                    || user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups
+                if (user.SyncPlayAccess is SyncPlayUserAccessType.CreateAndJoinGroups or SyncPlayUserAccessType.JoinGroups
                     || _syncPlayManager.IsUserActive(userId))
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
             }
             else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup)
             {
@@ -67,10 +48,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
             }
             else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup)
             {
@@ -79,10 +56,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
             }
             else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup)
             {
@@ -90,14 +63,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
                 {
                     context.Succeed(requirement);
                 }
-                else
-                {
-                    context.Fail();
-                }
-            }
-            else
-            {
-                context.Fail();
             }
 
             return Task.CompletedTask;
diff --git a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs
index 6fab4c0ad..220b223b3 100644
--- a/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs
+++ b/Jellyfin.Api/Auth/SyncPlayAccessPolicy/SyncPlayAccessRequirement.cs
@@ -1,12 +1,12 @@
-using Jellyfin.Data.Enums;
-using Microsoft.AspNetCore.Authorization;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+using Jellyfin.Data.Enums;
 
 namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
 {
     /// <summary>
     /// The default authorization requirement.
     /// </summary>
-    public class SyncPlayAccessRequirement : IAuthorizationRequirement
+    public class SyncPlayAccessRequirement : DefaultAuthorizationRequirement
     {
         /// <summary>
         /// Initializes a new instance of the <see cref="SyncPlayAccessRequirement"/> class.
diff --git a/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs
new file mode 100644
index 000000000..c3de7be32
--- /dev/null
+++ b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionHandler.cs
@@ -0,0 +1,37 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Auth.DownloadPolicy;
+using Jellyfin.Api.Extensions;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.UserPermissionPolicy
+{
+    /// <summary>
+    /// Download authorization handler.
+    /// </summary>
+    public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
+    {
+        private readonly IUserManager _userManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UserPermissionHandler"/> class.
+        /// </summary>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        public UserPermissionHandler(IUserManager userManager)
+        {
+            _userManager = userManager;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserPermissionRequirement requirement)
+        {
+            var user = _userManager.GetUserById(context.User.GetUserId());
+            if (user.HasPermission(requirement.RequiredPermission))
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs
new file mode 100644
index 000000000..195a61199
--- /dev/null
+++ b/Jellyfin.Api/Auth/UserPermissionPolicy/UserPermissionRequirement.cs
@@ -0,0 +1,26 @@
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+using Jellyfin.Data.Enums;
+
+namespace Jellyfin.Api.Auth.DownloadPolicy
+{
+    /// <summary>
+    /// The user permission requirement.
+    /// </summary>
+    public class UserPermissionRequirement : DefaultAuthorizationRequirement
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UserPermissionRequirement"/> class.
+        /// </summary>
+        /// <param name="requiredPermission">The required <see cref="PermissionKind"/>.</param>
+        /// <param name="validateParentalSchedule">Whether to validate the user's parental schedule.</param>
+        public UserPermissionRequirement(PermissionKind requiredPermission, bool validateParentalSchedule = true) : base(validateParentalSchedule)
+        {
+            RequiredPermission = requiredPermission;
+        }
+
+        /// <summary>
+        /// Gets the required user permission.
+        /// </summary>
+        public PermissionKind RequiredPermission { get; }
+    }
+}
diff --git a/Jellyfin.Api/Constants/Policies.cs b/Jellyfin.Api/Constants/Policies.cs
index 5a5a2bf46..adc95e57b 100644
--- a/Jellyfin.Api/Constants/Policies.cs
+++ b/Jellyfin.Api/Constants/Policies.cs
@@ -5,11 +5,6 @@ namespace Jellyfin.Api.Constants;
 /// </summary>
 public static class Policies
 {
-    /// <summary>
-    /// Policy name for default authorization.
-    /// </summary>
-    public const string DefaultAuthorization = "DefaultAuthorization";
-
     /// <summary>
     /// Policy name for requiring first time setup or elevated privileges.
     /// </summary>
diff --git a/Jellyfin.Api/Controllers/ArtistsController.cs b/Jellyfin.Api/Controllers/ArtistsController.cs
index 069e7311b..11933fd97 100644
--- a/Jellyfin.Api/Controllers/ArtistsController.cs
+++ b/Jellyfin.Api/Controllers/ArtistsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// The artists controller.
 /// </summary>
 [Route("Artists")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ArtistsController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/ChannelsController.cs b/Jellyfin.Api/Controllers/ChannelsController.cs
index 573b7069c..42f072f66 100644
--- a/Jellyfin.Api/Controllers/ChannelsController.cs
+++ b/Jellyfin.Api/Controllers/ChannelsController.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Threading;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Channels Controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ChannelsController : BaseJellyfinApiController
 {
     private readonly IChannelManager _channelManager;
diff --git a/Jellyfin.Api/Controllers/ClientLogController.cs b/Jellyfin.Api/Controllers/ClientLogController.cs
index 21c31bc93..2c5dbacbb 100644
--- a/Jellyfin.Api/Controllers/ClientLogController.cs
+++ b/Jellyfin.Api/Controllers/ClientLogController.cs
@@ -1,7 +1,6 @@
 using System.Net.Mime;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Models.ClientLogDtos;
 using MediaBrowser.Controller.ClientEvent;
@@ -15,7 +14,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Client log controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ClientLogController : BaseJellyfinApiController
 {
     private const int MaxDocumentSize = 1_000_000;
diff --git a/Jellyfin.Api/Controllers/CollectionController.cs b/Jellyfin.Api/Controllers/CollectionController.cs
index 5a4a9bf07..f9f9be7ce 100644
--- a/Jellyfin.Api/Controllers/CollectionController.cs
+++ b/Jellyfin.Api/Controllers/CollectionController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using MediaBrowser.Controller.Collections;
@@ -17,7 +16,7 @@ namespace Jellyfin.Api.Controllers;
 /// The collection controller.
 /// </summary>
 [Route("Collections")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class CollectionController : BaseJellyfinApiController
 {
     private readonly ICollectionManager _collectionManager;
diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index d53d7cefd..9007dfc41 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -19,7 +19,7 @@ namespace Jellyfin.Api.Controllers;
 /// Configuration Controller.
 /// </summary>
 [Route("System")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ConfigurationController : BaseJellyfinApiController
 {
     private readonly IServerConfigurationManager _configurationManager;
diff --git a/Jellyfin.Api/Controllers/DashboardController.cs b/Jellyfin.Api/Controllers/DashboardController.cs
index f7e978bad..076084c7a 100644
--- a/Jellyfin.Api/Controllers/DashboardController.cs
+++ b/Jellyfin.Api/Controllers/DashboardController.cs
@@ -4,7 +4,6 @@ using System.IO;
 using System.Linq;
 using System.Net.Mime;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Models;
 using MediaBrowser.Common.Plugins;
 using MediaBrowser.Model.Net;
@@ -48,7 +47,7 @@ public class DashboardController : BaseJellyfinApiController
     [HttpGet("web/ConfigurationPages")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<IEnumerable<ConfigurationPageInfo>> GetConfigurationPages(
         [FromQuery] bool? enableInMainMenu)
     {
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 49d87a362..6f0006832 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -3,7 +3,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Common.Extensions;
@@ -19,7 +18,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Display Preferences Controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class DisplayPreferencesController : BaseJellyfinApiController
 {
     private readonly IDisplayPreferencesManager _displayPreferencesManager;
diff --git a/Jellyfin.Api/Controllers/DynamicHlsController.cs b/Jellyfin.Api/Controllers/DynamicHlsController.cs
index b68849171..4d8b4de24 100644
--- a/Jellyfin.Api/Controllers/DynamicHlsController.cs
+++ b/Jellyfin.Api/Controllers/DynamicHlsController.cs
@@ -9,7 +9,6 @@ using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.PlaybackDtos;
 using Jellyfin.Api.Models.StreamingDtos;
@@ -36,7 +35,7 @@ namespace Jellyfin.Api.Controllers;
 /// Dynamic hls controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class DynamicHlsController : BaseJellyfinApiController
 {
     private const string DefaultVodEncoderPreset = "veryfast";
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index 2378aada5..dd64ff903 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Dto;
@@ -18,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
 /// Filters controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class FilterController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/GenresController.cs b/Jellyfin.Api/Controllers/GenresController.cs
index 28ebe2047..711fb4aef 100644
--- a/Jellyfin.Api/Controllers/GenresController.cs
+++ b/Jellyfin.Api/Controllers/GenresController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// The genres controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class GenresController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
@@ -132,7 +131,7 @@ public class GenresController : BaseJellyfinApiController
         QueryResult<(BaseItem, ItemCounts)> result;
         if (parentItem is ICollectionFolder parentCollectionFolder
             && (string.Equals(parentCollectionFolder.CollectionType, CollectionType.Music, StringComparison.Ordinal)
-            || string.Equals(parentCollectionFolder.CollectionType, CollectionType.MusicVideos, StringComparison.Ordinal)))
+                || string.Equals(parentCollectionFolder.CollectionType, CollectionType.MusicVideos, StringComparison.Ordinal)))
         {
             result = _libraryManager.GetMusicGenres(query);
         }
diff --git a/Jellyfin.Api/Controllers/HlsSegmentController.cs b/Jellyfin.Api/Controllers/HlsSegmentController.cs
index 085115e1c..d7cec865e 100644
--- a/Jellyfin.Api/Controllers/HlsSegmentController.cs
+++ b/Jellyfin.Api/Controllers/HlsSegmentController.cs
@@ -4,7 +4,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using MediaBrowser.Common.Configuration;
 using MediaBrowser.Controller.Configuration;
@@ -80,7 +79,7 @@ public class HlsSegmentController : BaseJellyfinApiController
     /// <response code="200">Hls video playlist returned.</response>
     /// <returns>A <see cref="FileStreamResult"/> containing the playlist.</returns>
     [HttpGet("Videos/{itemId}/hls/{playlistId}/stream.m3u8")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesPlaylistFile]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "itemId", Justification = "Required for ServiceStack")]
@@ -106,7 +105,7 @@ public class HlsSegmentController : BaseJellyfinApiController
     /// <response code="204">Encoding stopped successfully.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
     [HttpDelete("Videos/ActiveEncodings")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult StopEncodingProcess(
         [FromQuery, Required] string deviceId,
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index cc824c65a..b2adb6a2d 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -88,7 +88,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Users/{userId}/Images/{imageType}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [AcceptsImageFile]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -137,7 +137,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Users/{userId}/Images/{imageType}/{index}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [AcceptsImageFile]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -186,7 +186,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Users/{userId}/Images/{imageType}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
@@ -230,7 +230,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="403">User does not have permission to delete the image.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Users/{userId}/Images/{imageType}/{index}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
@@ -432,7 +432,7 @@ public class ImageController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The list of image infos on success, or <see cref="NotFoundResult"/> if item not found.</returns>
     [HttpGet("Items/{itemId}/Images")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<IEnumerable<ImageInfo>>> GetItemImageInfos([FromRoute, Required] Guid itemId)
@@ -1930,10 +1930,10 @@ public class ImageController : BaseJellyfinApiController
         }
 
         var responseHeaders = new Dictionary<string, string>
-            {
-                { "transferMode.dlna.org", "Interactive" },
-                { "realTimeInfo.dlna.org", "DLNA.ORG_TLAG=*" }
-            };
+        {
+            { "transferMode.dlna.org", "Interactive" },
+            { "realTimeInfo.dlna.org", "DLNA.ORG_TLAG=*" }
+        };
 
         if (!imageInfo.IsLocalFile && item is not null)
         {
diff --git a/Jellyfin.Api/Controllers/InstantMixController.cs b/Jellyfin.Api/Controllers/InstantMixController.cs
index 89592bade..43f09b49a 100644
--- a/Jellyfin.Api/Controllers/InstantMixController.cs
+++ b/Jellyfin.Api/Controllers/InstantMixController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
@@ -22,7 +21,7 @@ namespace Jellyfin.Api.Controllers;
 /// The instant mix controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class InstantMixController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/ItemLookupController.cs b/Jellyfin.Api/Controllers/ItemLookupController.cs
index c2ce4e67e..b030e74dd 100644
--- a/Jellyfin.Api/Controllers/ItemLookupController.cs
+++ b/Jellyfin.Api/Controllers/ItemLookupController.cs
@@ -23,7 +23,7 @@ namespace Jellyfin.Api.Controllers;
 /// Item lookup controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ItemLookupController : BaseJellyfinApiController
 {
     private readonly IProviderManager _providerManager;
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 134974dbe..97922d5db 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// The items controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class ItemsController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 830f84849..e1ad87412 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -95,7 +95,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>A <see cref="FileStreamResult"/> with the original file.</returns>
     [HttpGet("Items/{itemId}/File")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     [ProducesFile("video/*", "audio/*")]
@@ -116,7 +116,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="200">Critic reviews returned.</response>
     /// <returns>The list of critic reviews.</returns>
     [HttpGet("Items/{itemId}/CriticReviews")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetCriticReviews()
@@ -134,7 +134,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The item theme songs.</returns>
     [HttpGet("Items/{itemId}/ThemeSongs")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<ThemeMediaResult> GetThemeSongs(
@@ -200,7 +200,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The item theme videos.</returns>
     [HttpGet("Items/{itemId}/ThemeVideos")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<ThemeMediaResult> GetThemeVideos(
@@ -266,7 +266,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>The item theme videos.</returns>
     [HttpGet("Items/{itemId}/ThemeMedia")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<AllThemeMediaResult> GetThemeMedia(
         [FromRoute, Required] Guid itemId,
@@ -321,7 +321,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="401">Unauthorized access.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Items/{itemId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
     public ActionResult DeleteItem(Guid itemId)
@@ -350,7 +350,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="401">Unauthorized access.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Items")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
     public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
@@ -392,7 +392,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="200">Item counts returned.</response>
     /// <returns>Item counts.</returns>
     [HttpGet("Items/Counts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<ItemCounts> GetItemCounts(
         [FromQuery] Guid? userId,
@@ -426,7 +426,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>Item parents.</returns>
     [HttpGet("Items/{itemId}/Ancestors")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
@@ -509,7 +509,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Library/Series/Added", Name = "PostAddedSeries")]
     [HttpPost("Library/Series/Updated")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId)
     {
@@ -539,7 +539,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Library/Movies/Added", Name = "PostAddedMovies")]
     [HttpPost("Library/Movies/Updated")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult PostUpdatedMovies([FromQuery] string? tmdbId, [FromQuery] string? imdbId)
     {
@@ -580,7 +580,7 @@ public class LibraryController : BaseJellyfinApiController
     /// <response code="204">Report success.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Library/Media/Updated")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto dto)
     {
@@ -657,7 +657,7 @@ public class LibraryController : BaseJellyfinApiController
     [HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows")]
     [HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies")]
     [HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
         [FromRoute, Required] Guid itemId,
@@ -802,32 +802,32 @@ public class LibraryController : BaseJellyfinApiController
                 Type = type,
 
                 MetadataFetchers = plugins
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
-                .Select(i => new LibraryOptionInfoDto
-                {
-                    Name = i.Name,
-                    DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
-                })
-                .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray(),
+                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                    .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
+                    .Select(i => new LibraryOptionInfoDto
+                    {
+                        Name = i.Name,
+                        DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
+                    })
+                    .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray(),
 
                 ImageFetchers = plugins
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
-                .Select(i => new LibraryOptionInfoDto
-                {
-                    Name = i.Name,
-                    DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
-                })
-                .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
-                .ToArray(),
+                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                    .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
+                    .Select(i => new LibraryOptionInfoDto
+                    {
+                        Name = i.Name,
+                        DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
+                    })
+                    .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray(),
 
                 SupportedImageTypes = plugins
-                .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
-                .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
-                .Distinct()
-                .ToArray(),
+                    .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
+                    .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
+                    .Distinct()
+                    .ToArray(),
 
                 DefaultImageOptions = defaultImageOptions ?? Array.Empty<ImageOption>()
             });
@@ -920,13 +920,13 @@ public class LibraryController : BaseJellyfinApiController
             if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
             {
                 return !(string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
-                     || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
-                     || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
+                         || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
+                         || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
             }
 
             return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
-               || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
-               || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
+                   || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
+                   || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
         }
 
         var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
@@ -934,7 +934,7 @@ public class LibraryController : BaseJellyfinApiController
             .ToArray();
 
         return metadataOptions.Length == 0
-           || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
+               || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
     }
 
     private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary)
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 21b424346..c1f5d74cd 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -10,7 +10,6 @@ using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -95,7 +94,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Info")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<LiveTvInfo> GetLiveTvInfo()
     {
         return _liveTvManager.GetLiveTvInfo(CancellationToken.None);
@@ -131,7 +130,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Channels")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels(
         [FromQuery] ChannelType? type,
         [FromQuery] Guid? userId,
@@ -210,7 +209,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns>
     [HttpGet("Channels/{channelId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -251,7 +250,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
     [HttpGet("Recordings")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordings(
         [FromQuery] string? channelId,
         [FromQuery] Guid? userId,
@@ -322,7 +321,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
     [HttpGet("Recordings/Series")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
@@ -365,7 +364,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the recording groups.</returns>
     [HttpGet("Recordings/Groups")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId)
@@ -381,7 +380,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the recording folders.</returns>
     [HttpGet("Recordings/Folders")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -403,7 +402,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns>
     [HttpGet("Recordings/{recordingId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -425,7 +424,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Tuners/{tunerId}/Reset")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
     {
         await AssertUserCanManageLiveTv().ConfigureAwait(false);
@@ -443,7 +442,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers/{timerId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId)
     {
         return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false);
@@ -459,7 +458,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers/Defaults")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId)
     {
         return string.IsNullOrEmpty(programId)
@@ -479,7 +478,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers(
         [FromQuery] string? channelId,
         [FromQuery] string? seriesTimerId,
@@ -533,7 +532,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Programs")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms(
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds,
         [FromQuery] Guid? userId,
@@ -616,7 +615,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpPost("Programs")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body)
     {
         var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId);
@@ -682,7 +681,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Recommended epgs returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns>
     [HttpGet("Programs/Recommended")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms(
         [FromQuery] Guid? userId,
@@ -734,7 +733,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Program returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the livetv program.</returns>
     [HttpGet("Programs/{programId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<BaseItemDto>> GetProgram(
         [FromRoute, Required] string programId,
@@ -755,7 +754,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns>
     [HttpDelete("Recordings/{recordingId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
@@ -783,7 +782,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Timers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
     {
@@ -800,7 +799,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Timers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
@@ -817,7 +816,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer created.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Timers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
     {
@@ -834,7 +833,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="404">Series timer not found.</response>
     /// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns>
     [HttpGet("SeriesTimers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId)
@@ -856,7 +855,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Timers returned.</response>
     /// <returns>An <see cref="OkResult"/> of live tv series timers.</returns>
     [HttpGet("SeriesTimers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder)
     {
@@ -876,7 +875,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer cancelled.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("SeriesTimers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
     {
@@ -893,7 +892,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Series timer updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("SeriesTimers/{timerId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
@@ -910,7 +909,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Series timer info created.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("SeriesTimers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
     {
@@ -925,7 +924,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <param name="groupId">Group id.</param>
     /// <returns>A <see cref="NotFoundResult"/>.</returns>
     [HttpGet("Recordings/Groups/{groupId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     [Obsolete("This endpoint is obsolete.")]
     public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId)
@@ -939,7 +938,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Guid info returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the guide info.</returns>
     [HttpGet("GuideInfo")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<GuideInfo> GetGuideInfo()
     {
@@ -953,7 +952,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created tuner host returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns>
     [HttpPost("TunerHosts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo)
     {
@@ -967,7 +966,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Tuner host deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("TunerHosts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult DeleteTunerHost([FromQuery] string? id)
     {
@@ -983,7 +982,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Default listings provider info returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns>
     [HttpGet("ListingProviders/Default")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<ListingsProviderInfo> GetDefaultListingProvider()
     {
@@ -1000,7 +999,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created listings provider returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns>
     [HttpPost("ListingProviders")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider(
@@ -1026,7 +1025,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Listing provider deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("ListingProviders")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult DeleteListingProvider([FromQuery] string? id)
     {
@@ -1044,7 +1043,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Available lineups returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the available lineups.</returns>
     [HttpGet("ListingProviders/Lineups")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups(
         [FromQuery] string? id,
@@ -1061,7 +1060,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Available countries returned.</response>
     /// <returns>A <see cref="FileResult"/> containing the available countries.</returns>
     [HttpGet("ListingProviders/SchedulesDirect/Countries")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesFile(MediaTypeNames.Application.Json)]
     public async Task<ActionResult> GetSchedulesDirectCountries()
@@ -1082,7 +1081,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Channel mapping options returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns>
     [HttpGet("ChannelMappingOptions")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId)
     {
@@ -1120,7 +1119,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created channel mapping returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns>
     [HttpPost("ChannelMappings")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto)
     {
@@ -1133,7 +1132,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Tuner host types returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns>
     [HttpGet("TunerHosts/Types")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes()
     {
@@ -1148,7 +1147,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the tuners.</returns>
     [HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")]
     [HttpGet("Tuners/Discover")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false)
     {
diff --git a/Jellyfin.Api/Controllers/MediaInfoController.cs b/Jellyfin.Api/Controllers/MediaInfoController.cs
index eee7df3af..ea10dd771 100644
--- a/Jellyfin.Api/Controllers/MediaInfoController.cs
+++ b/Jellyfin.Api/Controllers/MediaInfoController.cs
@@ -5,7 +5,6 @@ using System.Linq;
 using System.Net.Mime;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.MediaInfoDtos;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// The media info controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class MediaInfoController : BaseJellyfinApiController
 {
     private readonly IMediaSourceManager _mediaSourceManager;
diff --git a/Jellyfin.Api/Controllers/MoviesController.cs b/Jellyfin.Api/Controllers/MoviesController.cs
index 4c30dd2b3..a9336f6d2 100644
--- a/Jellyfin.Api/Controllers/MoviesController.cs
+++ b/Jellyfin.Api/Controllers/MoviesController.cs
@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Movies controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class MoviesController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/MusicGenresController.cs b/Jellyfin.Api/Controllers/MusicGenresController.cs
index 302f138eb..da1a6e832 100644
--- a/Jellyfin.Api/Controllers/MusicGenresController.cs
+++ b/Jellyfin.Api/Controllers/MusicGenresController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// The music genres controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class MusicGenresController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 3cb3caadb..0ba5e995f 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -17,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
 /// Package Controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PackageController : BaseJellyfinApiController
 {
     private readonly IInstallationManager _installationManager;
diff --git a/Jellyfin.Api/Controllers/PersonsController.cs b/Jellyfin.Api/Controllers/PersonsController.cs
index 9fb6da527..5310f50b1 100644
--- a/Jellyfin.Api/Controllers/PersonsController.cs
+++ b/Jellyfin.Api/Controllers/PersonsController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Entities;
@@ -20,7 +19,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Persons controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PersonsController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index 11e589301..79c0d3c7b 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -4,7 +4,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.PlaylistDtos;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Playlists controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PlaylistsController : BaseJellyfinApiController
 {
     private readonly IPlaylistManager _playlistManager;
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index 18d6ebf1e..11f3ddbb0 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -2,7 +2,6 @@ using System;
 using System.ComponentModel.DataAnnotations;
 using System.Diagnostics.CodeAnalysis;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// Playstate controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PlaystateController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index 5a037d7a6..4726cf066 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -21,7 +21,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Plugins controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class PluginsController : BaseJellyfinApiController
 {
     private readonly IInstallationManager _installationManager;
diff --git a/Jellyfin.Api/Controllers/QuickConnectController.cs b/Jellyfin.Api/Controllers/QuickConnectController.cs
index a58e85b2b..503b9d372 100644
--- a/Jellyfin.Api/Controllers/QuickConnectController.cs
+++ b/Jellyfin.Api/Controllers/QuickConnectController.cs
@@ -111,7 +111,7 @@ public class QuickConnectController : BaseJellyfinApiController
     /// <response code="403">Unknown user id.</response>
     /// <returns>Boolean indicating if the authorization was successful.</returns>
     [HttpPost("Authorize")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
index 445c5594f..5c77db240 100644
--- a/Jellyfin.Api/Controllers/RemoteImageController.cs
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -56,7 +56,7 @@ public class RemoteImageController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>Remote Image Result.</returns>
     [HttpGet("Items/{itemId}/RemoteImages")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<RemoteImageResult>> GetRemoteImages(
@@ -121,7 +121,7 @@ public class RemoteImageController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>List of remote image providers.</returns>
     [HttpGet("Items/{itemId}/RemoteImages/Providers")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute, Required] Guid itemId)
diff --git a/Jellyfin.Api/Controllers/SearchController.cs b/Jellyfin.Api/Controllers/SearchController.cs
index 46b4920ca..a25b43345 100644
--- a/Jellyfin.Api/Controllers/SearchController.cs
+++ b/Jellyfin.Api/Controllers/SearchController.cs
@@ -3,7 +3,6 @@ using System.ComponentModel;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using Jellyfin.Extensions;
@@ -26,7 +25,7 @@ namespace Jellyfin.Api.Controllers;
 /// Search controller.
 /// </summary>
 [Route("Search/Hints")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class SearchController : BaseJellyfinApiController
 {
     private readonly ISearchEngine _searchEngine;
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index ef3364478..bae8e0a49 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -56,7 +56,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="200">List of sessions returned.</response>
     /// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
     [HttpGet("Sessions")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<SessionInfo>> GetSessions(
         [FromQuery] Guid? controllableByUserId,
@@ -119,7 +119,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Instruction sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Viewing")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> DisplayContent(
         [FromRoute, Required] string sessionId,
@@ -158,7 +158,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Instruction sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Playing")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> Play(
         [FromRoute, Required] string sessionId,
@@ -201,7 +201,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Playstate command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Playing/{command}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendPlaystateCommand(
         [FromRoute, Required] string sessionId,
@@ -232,7 +232,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">System command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/System/{command}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendSystemCommand(
         [FromRoute, Required] string sessionId,
@@ -258,7 +258,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">General command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Command/{command}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendGeneralCommand(
         [FromRoute, Required] string sessionId,
@@ -286,7 +286,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Full general command sent to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Command")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendFullGeneralCommand(
         [FromRoute, Required] string sessionId,
@@ -316,7 +316,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Message sent.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/Message")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> SendMessageCommand(
         [FromRoute, Required] string sessionId,
@@ -345,7 +345,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">User added to session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/{sessionId}/User/{userId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult AddUserToSession(
         [FromRoute, Required] string sessionId,
@@ -363,7 +363,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">User removed from session.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Sessions/{sessionId}/User/{userId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult RemoveUserFromSession(
         [FromRoute, Required] string sessionId,
@@ -385,7 +385,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Capabilities posted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Capabilities")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> PostCapabilities(
         [FromQuery] string? id,
@@ -419,7 +419,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Capabilities updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Capabilities/Full")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> PostFullCapabilities(
         [FromQuery] string? id,
@@ -443,7 +443,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Session reported to server.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Viewing")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> ReportViewing(
         [FromQuery] string? sessionId,
@@ -461,7 +461,7 @@ public class SessionController : BaseJellyfinApiController
     /// <response code="204">Session end reported to server.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Sessions/Logout")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> ReportSessionEnded()
     {
diff --git a/Jellyfin.Api/Controllers/StudiosController.cs b/Jellyfin.Api/Controllers/StudiosController.cs
index 799be2ae8..21965e956 100644
--- a/Jellyfin.Api/Controllers/StudiosController.cs
+++ b/Jellyfin.Api/Controllers/StudiosController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.ComponentModel.DataAnnotations;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -21,7 +20,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Studios controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class StudiosController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index fd0a71f9e..e38421338 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -114,7 +114,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Subtitles retrieved.</response>
     /// <returns>An array of <see cref="RemoteSubtitleInfo"/>.</returns>
     [HttpGet("Items/{itemId}/RemoteSearch/Subtitles/{language}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
         [FromRoute, Required] Guid itemId,
@@ -134,7 +134,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="204">Subtitle downloaded.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Items/{itemId}/RemoteSearch/Subtitles/{subtitleId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> DownloadRemoteSubtitles(
         [FromRoute, Required] Guid itemId,
@@ -164,7 +164,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">File returned.</response>
     /// <returns>A <see cref="FileStreamResult"/> with the subtitle file.</returns>
     [HttpGet("Providers/Subtitles/Subtitles/{id}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [Produces(MediaTypeNames.Application.Octet)]
     [ProducesFile("text/*")]
@@ -322,7 +322,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Subtitle playlist retrieved.</response>
     /// <returns>A <see cref="FileContentResult"/> with the HLS subtitle playlist.</returns>
     [HttpGet("Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesPlaylistFile]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
@@ -463,7 +463,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Information retrieved.</response>
     /// <returns>An array of <see cref="FontFile"/> with the available font files.</returns>
     [HttpGet("FallbackFont/Fonts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public IEnumerable<FontFile> GetFallbackFontList()
     {
@@ -514,7 +514,7 @@ public class SubtitleController : BaseJellyfinApiController
     /// <response code="200">Fallback font file retrieved.</response>
     /// <returns>The fallback font file.</returns>
     [HttpGet("FallbackFont/Fonts/{name}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesFile("font/*")]
     public ActionResult GetFallbackFont([FromRoute, Required] string name)
diff --git a/Jellyfin.Api/Controllers/SuggestionsController.cs b/Jellyfin.Api/Controllers/SuggestionsController.cs
index c5c429757..5b808f257 100644
--- a/Jellyfin.Api/Controllers/SuggestionsController.cs
+++ b/Jellyfin.Api/Controllers/SuggestionsController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.ComponentModel.DataAnnotations;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -19,7 +18,7 @@ namespace Jellyfin.Api.Controllers;
 /// The suggestions controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class SuggestionsController : BaseJellyfinApiController
 {
     private readonly IDtoService _dtoService;
diff --git a/Jellyfin.Api/Controllers/SystemController.cs b/Jellyfin.Api/Controllers/SystemController.cs
index b0b2e2d6d..4ab705f40 100644
--- a/Jellyfin.Api/Controllers/SystemController.cs
+++ b/Jellyfin.Api/Controllers/SystemController.cs
@@ -172,7 +172,7 @@ public class SystemController : BaseJellyfinApiController
     /// <response code="200">Information retrieved.</response>
     /// <returns><see cref="EndPointInfo"/> with information about the endpoint.</returns>
     [HttpGet("Endpoint")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<EndPointInfo> GetEndpointInfo()
     {
@@ -210,7 +210,7 @@ public class SystemController : BaseJellyfinApiController
     /// <response code="200">Information retrieved.</response>
     /// <returns>An <see cref="IEnumerable{WakeOnLanInfo}"/> with the WakeOnLan infos.</returns>
     [HttpGet("WakeOnLanInfo")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [Obsolete("This endpoint is obsolete.")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<WakeOnLanInfo>> GetWakeOnLanInfo()
diff --git a/Jellyfin.Api/Controllers/TrailersController.cs b/Jellyfin.Api/Controllers/TrailersController.cs
index 115efcd8f..b5b640620 100644
--- a/Jellyfin.Api/Controllers/TrailersController.cs
+++ b/Jellyfin.Api/Controllers/TrailersController.cs
@@ -1,5 +1,4 @@
 using System;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Model.Dto;
@@ -14,7 +13,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// The trailers controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class TrailersController : BaseJellyfinApiController
 {
     private readonly ItemsController _itemsController;
diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs
index 2be32095e..b0760f97c 100644
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
 /// The tv shows controller.
 /// </summary>
 [Route("Shows")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class TvShowsController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/UniversalAudioController.cs b/Jellyfin.Api/Controllers/UniversalAudioController.cs
index 6946caa2b..345521597 100644
--- a/Jellyfin.Api/Controllers/UniversalAudioController.cs
+++ b/Jellyfin.Api/Controllers/UniversalAudioController.cs
@@ -5,7 +5,6 @@ using System.Globalization;
 using System.Linq;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -82,7 +81,7 @@ public class UniversalAudioController : BaseJellyfinApiController
     /// <returns>A <see cref="Task"/> containing the audio file.</returns>
     [HttpGet("Audio/{itemId}/universal")]
     [HttpHead("Audio/{itemId}/universal", Name = "HeadUniversalAudioStream")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status302Found)]
     [ProducesAudioFile]
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 7f184f31e..d9ea96f2d 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -81,7 +81,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="200">Users returned.</response>
     /// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
     [HttpGet]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<UserDto>> GetUsers(
         [FromQuery] bool? isHidden,
@@ -251,7 +251,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="404">User not found.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
     [HttpPost("{userId}/Password")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -312,7 +312,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="404">User not found.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
     [HttpPost("{userId}/EasyPassword")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -354,7 +354,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="403">User update forbidden.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
     [HttpPost("{userId}")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status400BadRequest)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -440,7 +440,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="403">User configuration update forbidden.</response>
     /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
     [HttpPost("{userId}/Configuration")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     public async Task<ActionResult> UpdateUserConfiguration(
@@ -526,7 +526,7 @@ public class UserController : BaseJellyfinApiController
     /// <response code="400">Token is not owned by a user.</response>
     /// <returns>A <see cref="UserDto"/> for the authenticated user.</returns>
     [HttpGet("Me")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status400BadRequest)]
     public ActionResult<UserDto> GetCurrentUser()
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 556cf3894..93312b817 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -4,7 +4,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
@@ -28,7 +27,7 @@ namespace Jellyfin.Api.Controllers;
 /// User library controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class UserLibraryController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/UserViewsController.cs b/Jellyfin.Api/Controllers/UserViewsController.cs
index aa7ba8891..838b43234 100644
--- a/Jellyfin.Api/Controllers/UserViewsController.cs
+++ b/Jellyfin.Api/Controllers/UserViewsController.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.UserViewDtos;
@@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
 /// User views controller.
 /// </summary>
 [Route("")]
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class UserViewsController : BaseJellyfinApiController
 {
     private readonly IUserManager _userManager;
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 01a319879..929999196 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -100,7 +100,7 @@ public class VideosController : BaseJellyfinApiController
     /// <response code="200">Additional parts returned.</response>
     /// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns>
     [HttpGet("{itemId}/AdditionalParts")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
     {
diff --git a/Jellyfin.Api/Controllers/YearsController.cs b/Jellyfin.Api/Controllers/YearsController.cs
index 2e5fdc146..def37cb97 100644
--- a/Jellyfin.Api/Controllers/YearsController.cs
+++ b/Jellyfin.Api/Controllers/YearsController.cs
@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
-using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -24,7 +23,7 @@ namespace Jellyfin.Api.Controllers;
 /// <summary>
 /// Years controller.
 /// </summary>
-[Authorize(Policy = Policies.DefaultAuthorization)]
+[Authorize]
 public class YearsController : BaseJellyfinApiController
 {
     private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs b/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs
index 7b05351e3..9c2194faf 100644
--- a/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs
+++ b/Jellyfin.Api/Middleware/LanFilteringMiddleware.cs
@@ -1,6 +1,6 @@
-using System.Net;
 using System.Threading.Tasks;
 using Jellyfin.Networking.Configuration;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Configuration;
 using Microsoft.AspNetCore.Http;
@@ -32,9 +32,14 @@ public class LanFilteringMiddleware
     /// <returns>The async task.</returns>
     public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
     {
-        var host = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
+        if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
+        {
+            await _next(httpContext).ConfigureAwait(false);
+            return;
+        }
 
-        if (!networkManager.IsInLocalNetwork(host) && !serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
+        var host = httpContext.GetNormalizedRemoteIp();
+        if (!networkManager.IsInLocalNetwork(host))
         {
             return;
         }
diff --git a/Jellyfin.Data/DayOfWeekHelper.cs b/Jellyfin.Data/DayOfWeekHelper.cs
index b7ba30180..d1ce8185f 100644
--- a/Jellyfin.Data/DayOfWeekHelper.cs
+++ b/Jellyfin.Data/DayOfWeekHelper.cs
@@ -17,5 +17,16 @@ namespace Jellyfin.Data
                 _ => new[] { (DayOfWeek)day }
             };
         }
+
+        public static bool Contains(this DynamicDayOfWeek dynamicDayOfWeek, DayOfWeek dayOfWeek)
+        {
+            return dynamicDayOfWeek switch
+            {
+                DynamicDayOfWeek.Everyday => true,
+                DynamicDayOfWeek.Weekday => dayOfWeek is > DayOfWeek.Sunday and <= DayOfWeek.Friday,
+                DynamicDayOfWeek.Weekend => dayOfWeek is DayOfWeek.Saturday or DayOfWeek.Sunday,
+                _ => (DayOfWeek)dynamicDayOfWeek == dayOfWeek
+            };
+        }
     }
 }
diff --git a/Jellyfin.Data/Entities/User.cs b/Jellyfin.Data/Entities/User.cs
index eb59e70f3..4ce581749 100644
--- a/Jellyfin.Data/Entities/User.cs
+++ b/Jellyfin.Data/Entities/User.cs
@@ -525,8 +525,9 @@ namespace Jellyfin.Data.Entities
         {
             var localTime = date.ToLocalTime();
             var hour = localTime.TimeOfDay.TotalHours;
+            var currentDayOfWeek = localTime.DayOfWeek;
 
-            return DayOfWeekHelper.GetDaysOfWeek(schedule.DayOfWeek).Contains(localTime.DayOfWeek)
+            return schedule.DayOfWeek.Contains(currentDayOfWeek)
                    && hour >= schedule.StartHour
                    && hour <= schedule.EndHour;
         }
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index e9af1cf83..e2dcaf5f5 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -5,19 +5,15 @@ using System.Linq;
 using System.Net;
 using System.Net.Sockets;
 using System.Reflection;
+using System.Security.Claims;
 using Emby.Server.Implementations;
 using Jellyfin.Api.Auth;
 using Jellyfin.Api.Auth.AnonymousLanAccessPolicy;
 using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Auth.DownloadPolicy;
-using Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy;
-using Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy;
-using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
-using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
-using Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy;
-using Jellyfin.Api.Auth.LocalAccessPolicy;
-using Jellyfin.Api.Auth.RequiresElevationPolicy;
+using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
 using Jellyfin.Api.Auth.SyncPlayAccessPolicy;
+using Jellyfin.Api.Auth.UserPermissionPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Controllers;
 using Jellyfin.Api.Formatters;
@@ -56,117 +52,34 @@ namespace Jellyfin.Server.Extensions
         /// <returns>The updated service collection.</returns>
         public static IServiceCollection AddJellyfinApiAuthorization(this IServiceCollection serviceCollection)
         {
+            // The default handler must be first so that it is evaluated first
             serviceCollection.AddSingleton<IAuthorizationHandler, DefaultAuthorizationHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, DownloadHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrDefaultHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeOrIgnoreParentalControlSetupHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, UserPermissionHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, AnonymousLanAccessHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessOrRequiresElevationHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, SyncPlayAccessHandler>();
+
             return serviceCollection.AddAuthorizationCore(options =>
             {
-                options.AddPolicy(
-                    Policies.DefaultAuthorization,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new DefaultAuthorizationRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.Download,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new DownloadRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.FirstTimeSetupOrDefault,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new FirstTimeSetupOrDefaultRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.FirstTimeSetupOrElevated,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.IgnoreParentalControl,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new IgnoreParentalControlRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.FirstTimeSetupOrIgnoreParentalControl,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new FirstTimeOrIgnoreParentalControlSetupRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.LocalAccessOnly,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new LocalAccessRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.LocalAccessOrRequiresElevation,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new LocalAccessOrRequiresElevationRequirement());
-                    });
+                options.DefaultPolicy = new AuthorizationPolicyBuilder()
+                    .AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
+                    .RequireAuthenticatedUser()
+                    .Build();
+
+                options.AddPolicy(Policies.Download, new UserPermissionRequirement(PermissionKind.EnableContentDownloading));
+                options.AddPolicy(Policies.FirstTimeSetupOrDefault, new FirstTimeSetupRequirement());
+                options.AddPolicy(Policies.FirstTimeSetupOrElevated, new FirstTimeSetupRequirement(requireAdmin: true));
+                options.AddPolicy(Policies.FirstTimeSetupOrIgnoreParentalControl, new FirstTimeSetupRequirement(validateParentalSchedule: false));
+                options.AddPolicy(Policies.IgnoreParentalControl, new DefaultAuthorizationRequirement(validateParentalSchedule: false));
+                options.AddPolicy(Policies.SyncPlayHasAccess, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.HasAccess));
+                options.AddPolicy(Policies.SyncPlayCreateGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
+                options.AddPolicy(Policies.SyncPlayJoinGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
+                options.AddPolicy(Policies.SyncPlayIsInGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
+                options.AddPolicy(Policies.AnonymousLanAccessPolicy, new AnonymousLanAccessRequirement());
                 options.AddPolicy(
                     Policies.RequiresElevation,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new RequiresElevationRequirement());
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayHasAccess,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.HasAccess));
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayCreateGroup,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayJoinGroup,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
-                    });
-                options.AddPolicy(
-                    Policies.SyncPlayIsInGroup,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
-                    });
-                options.AddPolicy(
-                    Policies.AnonymousLanAccessPolicy,
-                    policy =>
-                    {
-                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new AnonymousLanAccessRequirement());
-                    });
+                    policy => policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
+                        .RequireClaim(ClaimTypes.Role, UserRoles.Administrator));
             });
         }
 
@@ -334,6 +247,14 @@ namespace Jellyfin.Server.Extensions
             });
         }
 
+        private static void AddPolicy(this AuthorizationOptions authorizationOptions, string policyName, IAuthorizationRequirement authorizationRequirement)
+        {
+            authorizationOptions.AddPolicy(policyName, policy =>
+            {
+                policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication).AddRequirements(authorizationRequirement);
+            });
+        }
+
         /// <summary>
         /// Sets up the proxy configuration based on the addresses in <paramref name="allowedProxies"/>.
         /// </summary>
diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs
deleted file mode 100644
index ee42216e4..000000000
--- a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs
+++ /dev/null
@@ -1,71 +0,0 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using AutoFixture;
-using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Moq;
-using Xunit;
-
-namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy
-{
-    public class FirstTimeSetupOrElevatedHandlerTests
-    {
-        private readonly Mock<IConfigurationManager> _configurationManagerMock;
-        private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly FirstTimeSetupOrElevatedHandler _sut;
-        private readonly Mock<IUserManager> _userManagerMock;
-        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
-
-        public FirstTimeSetupOrElevatedHandlerTests()
-        {
-            var fixture = new Fixture().Customize(new AutoMoqCustomization());
-            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new FirstTimeSetupOrElevatedRequirement() };
-            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
-            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
-
-            _sut = fixture.Create<FirstTimeSetupOrElevatedHandler>();
-        }
-
-        [Theory]
-        [InlineData(UserRoles.Administrator)]
-        [InlineData(UserRoles.Guest)]
-        [InlineData(UserRoles.User)]
-        public async Task ShouldSucceedIfStartupWizardIncomplete(string userRole)
-        {
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, false);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                userRole);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-
-            await _sut.HandleAsync(context);
-            Assert.True(context.HasSucceeded);
-        }
-
-        [Theory]
-        [InlineData(UserRoles.Administrator, true)]
-        [InlineData(UserRoles.Guest, false)]
-        [InlineData(UserRoles.User, false)]
-        public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
-        {
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                userRole);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-
-            await _sut.HandleAsync(context);
-            Assert.Equal(shouldSucceed, context.HasSucceeded);
-        }
-    }
-}
diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
new file mode 100644
index 000000000..6669a6689
--- /dev/null
+++ b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
@@ -0,0 +1,72 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using AutoFixture;
+using AutoFixture.AutoMoq;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
+using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
+using Jellyfin.Api.Constants;
+using MediaBrowser.Common.Configuration;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Moq;
+using Xunit;
+
+namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
+{
+    public class FirstTimeSetupHandlerTests
+    {
+        private readonly Mock<IConfigurationManager> _configurationManagerMock;
+        private readonly List<IAuthorizationRequirement> _requirements;
+        private readonly FirstTimeSetupHandler _firstTimeSetupHandler;
+        private readonly Mock<IUserManager> _userManagerMock;
+        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
+
+        public FirstTimeSetupHandlerTests()
+        {
+            var fixture = new Fixture().Customize(new AutoMoqCustomization());
+            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
+            _requirements = new List<IAuthorizationRequirement> { new FirstTimeSetupRequirement() };
+            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
+            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
+
+            _firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>();
+        }
+
+        [Theory]
+        [InlineData(UserRoles.Administrator)]
+        [InlineData(UserRoles.Guest)]
+        [InlineData(UserRoles.User)]
+        public async Task ShouldSucceedIfStartupWizardIncomplete(string userRole)
+        {
+            TestHelpers.SetupConfigurationManager(_configurationManagerMock, false);
+            var claims = TestHelpers.SetupUser(
+                _userManagerMock,
+                _httpContextAccessor,
+                userRole);
+
+            var context = new AuthorizationHandlerContext(_requirements, claims, null);
+
+            await _firstTimeSetupHandler.HandleAsync(context);
+            Assert.True(context.HasSucceeded);
+        }
+
+        [Theory]
+        [InlineData(UserRoles.Administrator, true)]
+        [InlineData(UserRoles.Guest, false)]
+        [InlineData(UserRoles.User, false)]
+        public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
+        {
+            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
+            var claims = TestHelpers.SetupUser(
+                _userManagerMock,
+                _httpContextAccessor,
+                userRole);
+
+            var context = new AuthorizationHandlerContext(_requirements, claims, null);
+
+            await _firstTimeSetupHandler.HandleAsync(context);
+            Assert.Equal(shouldSucceed, context.HasSucceeded);
+        }
+    }
+}
diff --git a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
index 7150c90bb..9cf8f8548 100644
--- a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
@@ -3,7 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using AutoFixture;
 using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
     {
         private readonly Mock<IConfigurationManager> _configurationManagerMock;
         private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly IgnoreParentalControlHandler _sut;
+        private readonly DefaultAuthorizationHandler _sut;
         private readonly Mock<IUserManager> _userManagerMock;
         private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
 
@@ -33,11 +33,11 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
         {
             var fixture = new Fixture().Customize(new AutoMoqCustomization());
             _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new IgnoreParentalControlRequirement() };
+            _requirements = new List<IAuthorizationRequirement> { new DefaultAuthorizationRequirement(validateParentalSchedule: false) };
             _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
             _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
 
-            _sut = fixture.Create<IgnoreParentalControlHandler>();
+            _sut = fixture.Create<DefaultAuthorizationHandler>();
         }
 
         [Theory]
diff --git a/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs
deleted file mode 100644
index 5b3d784ff..000000000
--- a/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-using System.Collections.Generic;
-using System.Net;
-using System.Threading.Tasks;
-using AutoFixture;
-using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.LocalAccessPolicy;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Moq;
-using Xunit;
-
-namespace Jellyfin.Api.Tests.Auth.LocalAccessPolicy
-{
-    public class LocalAccessHandlerTests
-    {
-        private readonly Mock<IConfigurationManager> _configurationManagerMock;
-        private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly LocalAccessHandler _sut;
-        private readonly Mock<IUserManager> _userManagerMock;
-        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
-        private readonly Mock<INetworkManager> _networkManagerMock;
-
-        public LocalAccessHandlerTests()
-        {
-            var fixture = new Fixture().Customize(new AutoMoqCustomization());
-            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new LocalAccessRequirement() };
-            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
-            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
-            _networkManagerMock = fixture.Freeze<Mock<INetworkManager>>();
-
-            _sut = fixture.Create<LocalAccessHandler>();
-        }
-
-        [Theory]
-        [InlineData(true, true)]
-        [InlineData(false, false)]
-        public async Task LocalAccessOnly(bool isInLocalNetwork, bool shouldSucceed)
-        {
-            _networkManagerMock
-                .Setup(n => n.IsInLocalNetwork(It.IsAny<IPAddress>()))
-                .Returns(isInLocalNetwork);
-
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                UserRoles.User);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-            await _sut.HandleAsync(context);
-            Assert.Equal(shouldSucceed, context.HasSucceeded);
-        }
-    }
-}
diff --git a/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs
deleted file mode 100644
index ffe88fcde..000000000
--- a/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs
+++ /dev/null
@@ -1,53 +0,0 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using AutoFixture;
-using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.RequiresElevationPolicy;
-using Jellyfin.Api.Constants;
-using MediaBrowser.Common.Configuration;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Moq;
-using Xunit;
-
-namespace Jellyfin.Api.Tests.Auth.RequiresElevationPolicy
-{
-    public class RequiresElevationHandlerTests
-    {
-        private readonly Mock<IConfigurationManager> _configurationManagerMock;
-        private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly RequiresElevationHandler _sut;
-        private readonly Mock<IUserManager> _userManagerMock;
-        private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
-
-        public RequiresElevationHandlerTests()
-        {
-            var fixture = new Fixture().Customize(new AutoMoqCustomization());
-            _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new RequiresElevationRequirement() };
-            _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
-            _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
-
-            _sut = fixture.Create<RequiresElevationHandler>();
-        }
-
-        [Theory]
-        [InlineData(UserRoles.Administrator, true)]
-        [InlineData(UserRoles.User, false)]
-        [InlineData(UserRoles.Guest, false)]
-        public async Task ShouldHandleRolesCorrectly(string role, bool shouldSucceed)
-        {
-            TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
-            var claims = TestHelpers.SetupUser(
-                _userManagerMock,
-                _httpContextAccessor,
-                role);
-
-            var context = new AuthorizationHandlerContext(_requirements, claims, null);
-
-            await _sut.HandleAsync(context);
-            Assert.Equal(shouldSucceed, context.HasSucceeded);
-        }
-    }
-}
-- 
cgit v1.2.3


From eeb0f7af6c1d3f422b66128e5a91830a3682e331 Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Mon, 13 Feb 2023 15:38:18 +0100
Subject: Add permissions for LiveTV access and management

---
 Jellyfin.Api/Constants/Policies.cs                 |  10 ++
 Jellyfin.Api/Controllers/LiveTvController.cs       | 112 ++++++++-------------
 .../Extensions/ApiServiceCollectionExtensions.cs   |   3 +-
 3 files changed, 52 insertions(+), 73 deletions(-)

(limited to 'Jellyfin.Api/Controllers/LiveTvController.cs')

diff --git a/Jellyfin.Api/Constants/Policies.cs b/Jellyfin.Api/Constants/Policies.cs
index 1ef38ca07..53841b0c4 100644
--- a/Jellyfin.Api/Constants/Policies.cs
+++ b/Jellyfin.Api/Constants/Policies.cs
@@ -74,4 +74,14 @@ public static class Policies
     /// Policy name for accessing collection management.
     /// </summary>
     public const string CollectionManagement = "CollectionManagement";
+
+    /// <summary>
+    /// Policy name for accessing LiveTV.
+    /// </summary>
+    public const string LiveTvAccess = "LiveTvAccess";
+
+    /// <summary>
+    /// Policy name for managing LiveTV.
+    /// </summary>
+    public const string LiveTvManagement = "LiveTvManagement";
 }
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 3425c8589..318ed5c67 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -10,20 +10,19 @@ using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Api.Attributes;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.LiveTvDtos;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Common.Configuration;
-using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Entities.TV;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.LiveTv;
-using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
@@ -94,7 +93,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Info")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<LiveTvInfo> GetLiveTvInfo()
     {
         return _liveTvManager.GetLiveTvInfo(CancellationToken.None);
@@ -130,7 +129,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Channels")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels(
         [FromQuery] ChannelType? type,
         [FromQuery] Guid? userId,
@@ -209,7 +208,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns>
     [HttpGet("Channels/{channelId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -250,7 +249,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
     [HttpGet("Recordings")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordings(
         [FromQuery] string? channelId,
         [FromQuery] Guid? userId,
@@ -321,7 +320,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
     [HttpGet("Recordings/Series")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [Obsolete("This endpoint is obsolete.")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
@@ -364,7 +363,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the recording groups.</returns>
     [HttpGet("Recordings/Groups")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [Obsolete("This endpoint is obsolete.")]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId)
@@ -380,7 +379,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the recording folders.</returns>
     [HttpGet("Recordings/Folders")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -402,7 +401,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns>
     [HttpGet("Recordings/{recordingId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
     {
         var user = userId is null || userId.Value.Equals(default)
@@ -424,10 +423,9 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Tuners/{tunerId}/Reset")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.ResetTuner(tunerId, CancellationToken.None).ConfigureAwait(false);
         return NoContent();
     }
@@ -442,7 +440,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers/{timerId}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId)
     {
         return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false);
@@ -458,7 +456,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers/Defaults")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId)
     {
         return string.IsNullOrEmpty(programId)
@@ -478,7 +476,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Timers")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers(
         [FromQuery] string? channelId,
         [FromQuery] string? seriesTimerId,
@@ -532,7 +530,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpGet("Programs")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms(
         [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds,
         [FromQuery] Guid? userId,
@@ -615,7 +613,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// </returns>
     [HttpPost("Programs")]
     [ProducesResponseType(StatusCodes.Status200OK)]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body)
     {
         var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId);
@@ -681,7 +679,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Recommended epgs returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns>
     [HttpGet("Programs/Recommended")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms(
         [FromQuery] Guid? userId,
@@ -733,7 +731,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Program returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the livetv program.</returns>
     [HttpGet("Programs/{programId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<BaseItemDto>> GetProgram(
         [FromRoute, Required] string programId,
@@ -754,13 +752,11 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="404">Item not found.</response>
     /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns>
     [HttpDelete("Recordings/{recordingId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
-    public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
+    public ActionResult DeleteRecording([FromRoute, Required] Guid recordingId)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
-
         var item = _libraryManager.GetItemById(recordingId);
         if (item is null)
         {
@@ -782,11 +778,10 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("Timers/{timerId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.CancelTimer(timerId).ConfigureAwait(false);
         return NoContent();
     }
@@ -799,12 +794,11 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Timers/{timerId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.UpdateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
         return NoContent();
     }
@@ -816,11 +810,10 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer created.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("Timers")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.CreateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
         return NoContent();
     }
@@ -833,7 +826,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="404">Series timer not found.</response>
     /// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns>
     [HttpGet("SeriesTimers/{timerId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId)
@@ -855,7 +848,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Timers returned.</response>
     /// <returns>An <see cref="OkResult"/> of live tv series timers.</returns>
     [HttpGet("SeriesTimers")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder)
     {
@@ -875,11 +868,10 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Timer cancelled.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("SeriesTimers/{timerId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.CancelSeriesTimer(timerId).ConfigureAwait(false);
         return NoContent();
     }
@@ -892,12 +884,11 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Series timer updated.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("SeriesTimers/{timerId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.UpdateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
         return NoContent();
     }
@@ -909,11 +900,10 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Series timer info created.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpPost("SeriesTimers")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
     {
-        await AssertUserCanManageLiveTv().ConfigureAwait(false);
         await _liveTvManager.CreateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
         return NoContent();
     }
@@ -924,7 +914,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <param name="groupId">Group id.</param>
     /// <returns>A <see cref="NotFoundResult"/>.</returns>
     [HttpGet("Recordings/Groups/{groupId}")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     [Obsolete("This endpoint is obsolete.")]
     public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId)
@@ -938,7 +928,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Guid info returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the guide info.</returns>
     [HttpGet("GuideInfo")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<GuideInfo> GetGuideInfo()
     {
@@ -952,7 +942,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created tuner host returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns>
     [HttpPost("TunerHosts")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo)
     {
@@ -966,7 +956,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Tuner host deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("TunerHosts")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult DeleteTunerHost([FromQuery] string? id)
     {
@@ -982,7 +972,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Default listings provider info returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns>
     [HttpGet("ListingProviders/Default")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<ListingsProviderInfo> GetDefaultListingProvider()
     {
@@ -999,7 +989,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created listings provider returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns>
     [HttpPost("ListingProviders")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")]
     public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider(
@@ -1025,7 +1015,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="204">Listing provider deleted.</response>
     /// <returns>A <see cref="NoContentResult"/>.</returns>
     [HttpDelete("ListingProviders")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult DeleteListingProvider([FromQuery] string? id)
     {
@@ -1043,7 +1033,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Available lineups returned.</response>
     /// <returns>A <see cref="OkResult"/> containing the available lineups.</returns>
     [HttpGet("ListingProviders/Lineups")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups(
         [FromQuery] string? id,
@@ -1060,7 +1050,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Available countries returned.</response>
     /// <returns>A <see cref="FileResult"/> containing the available countries.</returns>
     [HttpGet("ListingProviders/SchedulesDirect/Countries")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesFile(MediaTypeNames.Application.Json)]
     public async Task<ActionResult> GetSchedulesDirectCountries()
@@ -1081,7 +1071,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Channel mapping options returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns>
     [HttpGet("ChannelMappingOptions")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId)
     {
@@ -1119,7 +1109,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Created channel mapping returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns>
     [HttpPost("ChannelMappings")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto)
     {
@@ -1132,7 +1122,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <response code="200">Tuner host types returned.</response>
     /// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns>
     [HttpGet("TunerHosts/Types")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvAccess)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes()
     {
@@ -1147,7 +1137,7 @@ public class LiveTvController : BaseJellyfinApiController
     /// <returns>An <see cref="OkResult"/> containing the tuners.</returns>
     [HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")]
     [HttpGet("Tuners/Discover")]
-    [Authorize]
+    [Authorize(Policy = Policies.LiveTvManagement)]
     [ProducesResponseType(StatusCodes.Status200OK)]
     public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false)
     {
@@ -1207,26 +1197,4 @@ public class LiveTvController : BaseJellyfinApiController
         var liveStream = new ProgressiveFileStream(liveStreamInfo.GetStream());
         return new FileStreamResult(liveStream, MimeTypes.GetMimeType("file." + container));
     }
-
-    private async Task AssertUserCanManageLiveTv()
-    {
-        var user = _userManager.GetUserById(User.GetUserId()) ?? throw new ResourceNotFoundException();
-        var session = await _sessionManager.LogSessionActivity(
-            User.GetClient(),
-            User.GetVersion(),
-            User.GetDeviceId(),
-            User.GetDevice(),
-            HttpContext.GetNormalizedRemoteIp().ToString(),
-            user).ConfigureAwait(false);
-
-        if (session.UserId.Equals(default))
-        {
-            throw new SecurityException("Anonymous live tv management is not allowed.");
-        }
-
-        if (!user.HasPermission(PermissionKind.EnableLiveTvManagement))
-        {
-            throw new SecurityException("The current user does not have permission to manage live tv.");
-        }
-    }
 }
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index dffcfbba8..61957b4ea 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -75,7 +75,8 @@ namespace Jellyfin.Server.Extensions
                 options.AddPolicy(Policies.SyncPlayJoinGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
                 options.AddPolicy(Policies.SyncPlayIsInGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
                 options.AddPolicy(Policies.CollectionManagement, new UserPermissionRequirement(PermissionKind.EnableCollectionManagement));
-                options.AddPolicy(Policies.AnonymousLanAccessPolicy, new AnonymousLanAccessRequirement());
+                options.AddPolicy(Policies.LiveTvAccess, new UserPermissionRequirement(PermissionKind.EnableLiveTvAccess));
+                options.AddPolicy(Policies.LiveTvManagement, new UserPermissionRequirement(PermissionKind.EnableLiveTvManagement));
                 options.AddPolicy(
                     Policies.RequiresElevation,
                     policy => policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
-- 
cgit v1.2.3