From 7a2427bf07f9036d62c88a75855cd6dc7e8e3064 Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Thu, 5 Sep 2024 12:55:15 +0200 Subject: Add SessionInfoDto, DeviceInfoDto and implement JsonDelimitedArrayConverter.Write --- Jellyfin.Api/Controllers/SessionController.cs | 85 ++++----------------------- 1 file changed, 12 insertions(+), 73 deletions(-) (limited to 'Jellyfin.Api/Controllers/SessionController.cs') diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs index 942bdeb9e..91a879b8e 100644 --- a/Jellyfin.Api/Controllers/SessionController.cs +++ b/Jellyfin.Api/Controllers/SessionController.cs @@ -1,18 +1,13 @@ using System; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; -using System.Linq; using System.Threading; using System.Threading.Tasks; -using Jellyfin.Api.Constants; using Jellyfin.Api.Extensions; using Jellyfin.Api.Helpers; using Jellyfin.Api.ModelBinders; -using Jellyfin.Api.Models.SessionDtos; using Jellyfin.Data.Enums; -using Jellyfin.Extensions; using MediaBrowser.Common.Api; -using MediaBrowser.Controller.Devices; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Session; using MediaBrowser.Model.Dto; @@ -32,22 +27,18 @@ public class SessionController : BaseJellyfinApiController { private readonly ISessionManager _sessionManager; private readonly IUserManager _userManager; - private readonly IDeviceManager _deviceManager; /// /// Initializes a new instance of the class. /// /// Instance of interface. /// Instance of interface. - /// Instance of interface. public SessionController( ISessionManager sessionManager, - IUserManager userManager, - IDeviceManager deviceManager) + IUserManager userManager) { _sessionManager = sessionManager; _userManager = userManager; - _deviceManager = deviceManager; } /// @@ -57,77 +48,25 @@ public class SessionController : BaseJellyfinApiController /// Filter by device Id. /// Optional. Filter by sessions that were active in the last n seconds. /// List of sessions returned. - /// An with the available sessions. + /// An with the available sessions. [HttpGet("Sessions")] [Authorize] [ProducesResponseType(StatusCodes.Status200OK)] - public ActionResult> GetSessions( + public ActionResult> GetSessions( [FromQuery] Guid? controllableByUserId, [FromQuery] string? deviceId, [FromQuery] int? activeWithinSeconds) { - var result = _sessionManager.Sessions; - var isRequestingFromAdmin = User.IsInRole(UserRoles.Administrator); - - if (!string.IsNullOrEmpty(deviceId)) - { - result = result.Where(i => string.Equals(i.DeviceId, deviceId, StringComparison.OrdinalIgnoreCase)); - } - - if (!controllableByUserId.IsNullOrEmpty()) + Guid? controllableUserToCheck = controllableByUserId is null ? null : RequestHelpers.GetUserId(User, controllableByUserId); + var result = _sessionManager.GetSessions( + User.GetUserId(), + deviceId, + activeWithinSeconds, + controllableUserToCheck); + + if (result.Count == 0) { - result = result.Where(i => i.SupportsRemoteControl); - - var user = _userManager.GetUserById(controllableByUserId.Value); - if (user is null) - { - return NotFound(); - } - - if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers)) - { - // User cannot control other user's sessions, validate user id. - result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(RequestHelpers.GetUserId(User, controllableByUserId))); - } - - if (!user.HasPermission(PermissionKind.EnableSharedDeviceControl)) - { - result = result.Where(i => !i.UserId.IsEmpty()); - } - - result = result.Where(i => - { - if (!string.IsNullOrWhiteSpace(i.DeviceId)) - { - if (!_deviceManager.CanAccessDevice(user, i.DeviceId)) - { - return false; - } - } - - return true; - }); - } - else if (!isRequestingFromAdmin) - { - // Request isn't from administrator, limit to "own" sessions. - result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(User.GetUserId())); - } - - if (activeWithinSeconds.HasValue && activeWithinSeconds.Value > 0) - { - var minActiveDate = DateTime.UtcNow.AddSeconds(0 - activeWithinSeconds.Value); - result = result.Where(i => i.LastActivityDate >= minActiveDate); - } - - // Request isn't from administrator, don't report acceleration type. - if (!isRequestingFromAdmin) - { - result = result.Select(r => - { - r.TranscodingInfo.HardwareAccelerationType = HardwareAccelerationType.none; - return r; - }); + return NotFound(); } return Ok(result); -- cgit v1.2.3 From 0a982e2bfdd6f72dbe9c0bcb09db9890a314a7af Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Wed, 18 Sep 2024 16:04:29 +0200 Subject: Return empty response instead of not found --- Jellyfin.Api/Controllers/SessionController.cs | 5 ----- 1 file changed, 5 deletions(-) (limited to 'Jellyfin.Api/Controllers/SessionController.cs') diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs index 91a879b8e..72eb93eff 100644 --- a/Jellyfin.Api/Controllers/SessionController.cs +++ b/Jellyfin.Api/Controllers/SessionController.cs @@ -64,11 +64,6 @@ public class SessionController : BaseJellyfinApiController activeWithinSeconds, controllableUserToCheck); - if (result.Count == 0) - { - return NotFound(); - } - return Ok(result); } -- cgit v1.2.3 From 75bbd3029613829a9b55ac01e27093583fc8cf52 Mon Sep 17 00:00:00 2001 From: gnattu Date: Tue, 24 Sep 2024 22:15:53 +0800 Subject: Fix get sessions with api key (#12696) --- .../Session/SessionManager.cs | 44 ++++++++++++++++++---- Jellyfin.Api/Controllers/SessionController.cs | 3 +- MediaBrowser.Controller/Session/ISessionManager.cs | 3 +- 3 files changed, 40 insertions(+), 10 deletions(-) (limited to 'Jellyfin.Api/Controllers/SessionController.cs') diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs index 55e485669..6a8ad2bdc 100644 --- a/Emby.Server.Implementations/Session/SessionManager.cs +++ b/Emby.Server.Implementations/Session/SessionManager.cs @@ -1858,15 +1858,38 @@ namespace Emby.Server.Implementations.Session Guid userId, string deviceId, int? activeWithinSeconds, - Guid? controllableUserToCheck) + Guid? controllableUserToCheck, + bool isApiKey) { var result = Sessions; - var user = _userManager.GetUserById(userId); if (!string.IsNullOrEmpty(deviceId)) { result = result.Where(i => string.Equals(i.DeviceId, deviceId, StringComparison.OrdinalIgnoreCase)); } + var userCanControlOthers = false; + var userIsAdmin = false; + User user = null; + + if (isApiKey) + { + userCanControlOthers = true; + userIsAdmin = true; + } + else if (!userId.IsEmpty()) + { + user = _userManager.GetUserById(userId); + if (user is not null) + { + userCanControlOthers = user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers); + userIsAdmin = user.HasPermission(PermissionKind.IsAdministrator); + } + else + { + return []; + } + } + if (!controllableUserToCheck.IsNullOrEmpty()) { result = result.Where(i => i.SupportsRemoteControl); @@ -1883,29 +1906,34 @@ namespace Emby.Server.Implementations.Session result = result.Where(i => !i.UserId.IsEmpty()); } - if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers)) + if (!userCanControlOthers) { // User cannot control other user's sessions, validate user id. - result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(user.Id)); + result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(userId)); } result = result.Where(i => { - if (!string.IsNullOrWhiteSpace(i.DeviceId) && !_deviceManager.CanAccessDevice(user, i.DeviceId)) + if (isApiKey) + { + return true; + } + + if (user is null) { return false; } - return true; + return string.IsNullOrWhiteSpace(i.DeviceId) || _deviceManager.CanAccessDevice(user, i.DeviceId); }); } - else if (!user.HasPermission(PermissionKind.IsAdministrator)) + else if (!userIsAdmin) { // Request isn't from administrator, limit to "own" sessions. result = result.Where(i => i.UserId.IsEmpty() || i.ContainsUser(userId)); } - if (!user.HasPermission(PermissionKind.IsAdministrator)) + if (!userIsAdmin) { // Don't report acceleration type for non-admin users. result = result.Select(r => diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs index 72eb93eff..2f9e9f091 100644 --- a/Jellyfin.Api/Controllers/SessionController.cs +++ b/Jellyfin.Api/Controllers/SessionController.cs @@ -62,7 +62,8 @@ public class SessionController : BaseJellyfinApiController User.GetUserId(), deviceId, activeWithinSeconds, - controllableUserToCheck); + controllableUserToCheck, + User.GetIsApiKey()); return Ok(result); } diff --git a/MediaBrowser.Controller/Session/ISessionManager.cs b/MediaBrowser.Controller/Session/ISessionManager.cs index f2e98dd78..462a62455 100644 --- a/MediaBrowser.Controller/Session/ISessionManager.cs +++ b/MediaBrowser.Controller/Session/ISessionManager.cs @@ -300,8 +300,9 @@ namespace MediaBrowser.Controller.Session /// The device id. /// Active within session limit. /// Filter for sessions remote controllable for this user. + /// Is the request authenticated with API key. /// IReadOnlyList{SessionInfoDto}. - IReadOnlyList GetSessions(Guid userId, string deviceId, int? activeWithinSeconds, Guid? controllableUserToCheck); + IReadOnlyList GetSessions(Guid userId, string deviceId, int? activeWithinSeconds, Guid? controllableUserToCheck, bool isApiKey); /// /// Gets the session by authentication token. -- cgit v1.2.3