From 8a9f16ff6ae94fe1e86d93495b4908e253f7dba2 Mon Sep 17 00:00:00 2001
From: Luke Pulverenti <luke.pulverenti@gmail.com>
Date: Mon, 29 Dec 2014 15:18:48 -0500
Subject: enable user device access

---
 .../Devices/DeviceManager.cs                       | 37 +++++++++++++
 .../HttpServer/Security/AuthService.cs             | 60 +++++++++++++++-------
 .../Library/Resolvers/Movies/BoxSetResolver.cs     |  5 --
 .../Library/Resolvers/Movies/MovieResolver.cs      | 57 +++++---------------
 .../Localization/JavaScript/javascript.json        |  4 ++
 .../Localization/Server/server.json                |  4 ++
 .../MediaBrowser.Server.Implementations.csproj     |  2 +-
 .../Session/SessionManager.cs                      |  8 +++
 .../packages.config                                |  2 +-
 9 files changed, 109 insertions(+), 70 deletions(-)

(limited to 'MediaBrowser.Server.Implementations')

diff --git a/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs b/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs
index 6cdc58118..3810fec66 100644
--- a/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs
+++ b/MediaBrowser.Server.Implementations/Devices/DeviceManager.cs
@@ -5,6 +5,7 @@ using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Events;
+using MediaBrowser.Model.Extensions;
 using MediaBrowser.Model.Logging;
 using MediaBrowser.Model.Querying;
 using MediaBrowser.Model.Session;
@@ -13,6 +14,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
+using MediaBrowser.Model.Users;
 
 namespace MediaBrowser.Server.Implementations.Devices
 {
@@ -188,6 +190,41 @@ namespace MediaBrowser.Server.Implementations.Devices
 
             EventHelper.FireEventIfNotNull(DeviceOptionsUpdated, this, new GenericEventArgs<DeviceInfo>(device), _logger);
         }
+
+        public bool CanAccessDevice(string userId, string deviceId)
+        {
+            if (string.IsNullOrWhiteSpace(userId))
+            {
+                throw new ArgumentNullException("userId");
+            }
+            if (string.IsNullOrWhiteSpace(deviceId))
+            {
+                throw new ArgumentNullException("deviceId");
+            }
+
+            var user = _userManager.GetUserById(userId);
+            if (!CanAccessDevice(user.Policy, deviceId))
+            {
+                var capabilities = GetCapabilities(deviceId);
+
+                if (capabilities.SupportsUniqueIdentifier)
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
+        private bool CanAccessDevice(UserPolicy policy, string id)
+        {
+            if (policy.EnableAllDevices)
+            {
+                return true;
+            }
+
+            return ListHelper.ContainsIgnoreCase(policy.EnabledDevices, id);
+        }
     }
 
     public class DevicesConfigStore : IConfigurationFactory
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
index 13563ce19..1d17c641d 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -1,5 +1,6 @@
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Connect;
+using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Net;
@@ -15,10 +16,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
     {
         private readonly IServerConfigurationManager _config;
 
-        public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager)
+        public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager, IDeviceManager deviceManager)
         {
             AuthorizationContext = authorizationContext;
             _config = config;
+            DeviceManager = deviceManager;
             SessionManager = sessionManager;
             ConnectManager = connectManager;
             UserManager = userManager;
@@ -28,6 +30,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
         public IAuthorizationContext AuthorizationContext { get; private set; }
         public IConnectManager ConnectManager { get; private set; }
         public ISessionManager SessionManager { get; private set; }
+        public IDeviceManager DeviceManager { get; private set; }
 
         /// <summary>
         /// Redirect the client to a specific URL if authentication failed.
@@ -68,24 +71,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
 
             if (user != null)
             {
-                if (user.Policy.IsDisabled)
-                {
-                    throw new SecurityException("User account has been disabled.")
-                    {
-                        SecurityExceptionType = SecurityExceptionType.Unauthenticated
-                    };
-                }
-
-                if (!user.Policy.IsAdministrator &&
-                    !authAttribtues.EscapeParentalControl &&
-                    !user.IsParentalScheduleAllowed())
-                {
-                    request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
-                    throw new SecurityException("This user account is not allowed access at this time.")
-                    {
-                        SecurityExceptionType = SecurityExceptionType.ParentalControl
-                    };
-                }
+                ValidateUserAccess(user, request, authAttribtues, auth);
             }
 
             if (!IsExemptFromRoles(auth, authAttribtues))
@@ -108,6 +94,42 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
             }
         }
 
+        private void ValidateUserAccess(User user, IServiceRequest request,
+            IAuthenticationAttributes authAttribtues,
+            AuthorizationInfo auth)
+        {
+            if (user.Policy.IsDisabled)
+            {
+                throw new SecurityException("User account has been disabled.")
+                {
+                    SecurityExceptionType = SecurityExceptionType.Unauthenticated
+                };
+            }
+
+            if (!user.Policy.IsAdministrator &&
+                !authAttribtues.EscapeParentalControl &&
+                !user.IsParentalScheduleAllowed())
+            {
+                request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
+
+                throw new SecurityException("This user account is not allowed access at this time.")
+                {
+                    SecurityExceptionType = SecurityExceptionType.ParentalControl
+                };
+            }
+
+            if (!string.IsNullOrWhiteSpace(auth.DeviceId))
+            {
+                if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId))
+                {
+                    throw new SecurityException("User is not allowed access from this device.")
+                    {
+                        SecurityExceptionType = SecurityExceptionType.ParentalControl
+                    };
+                }
+            }
+        }
+
         private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
         {
             if (!_config.Configuration.IsStartupWizardCompleted &&
diff --git a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs
index 390113cc8..67b9d546f 100644
--- a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs
+++ b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/BoxSetResolver.cs
@@ -25,11 +25,6 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
             // Contains [boxset] in the path
             if (args.IsDirectory)
             {
-                if (IsInvalid(args.GetCollectionType()))
-                {
-                    return null;
-                }
-                
                 var filename = Path.GetFileName(args.Path);
 
                 if (string.IsNullOrEmpty(filename))
diff --git a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs
index f7a82c5b8..587c6668c 100644
--- a/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs
+++ b/MediaBrowser.Server.Implementations/Library/Resolvers/Movies/MovieResolver.cs
@@ -1,12 +1,9 @@
-using MediaBrowser.Common.IO;
-using MediaBrowser.Controller;
-using MediaBrowser.Controller.Entities;
+using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Entities.Movies;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Providers;
 using MediaBrowser.Controller.Resolvers;
 using MediaBrowser.Model.Entities;
-using MediaBrowser.Model.Logging;
 using MediaBrowser.Naming.Common;
 using MediaBrowser.Naming.IO;
 using MediaBrowser.Naming.Video;
@@ -22,16 +19,8 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
     /// </summary>
     public class MovieResolver : BaseVideoResolver<Video>, IMultiItemResolver
     {
-        private readonly IServerApplicationPaths _applicationPaths;
-        private readonly ILogger _logger;
-        private readonly IFileSystem _fileSystem;
-
-        public MovieResolver(ILibraryManager libraryManager, IServerApplicationPaths applicationPaths, ILogger logger, IFileSystem fileSystem)
-            : base(libraryManager)
+        public MovieResolver(ILibraryManager libraryManager) : base(libraryManager)
         {
-            _applicationPaths = applicationPaths;
-            _logger = logger;
-            _fileSystem = fileSystem;
         }
 
         /// <summary>
@@ -62,12 +51,12 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
 
             if (string.Equals(collectionType, CollectionType.MusicVideos, StringComparison.OrdinalIgnoreCase))
             {
-                return ResolveVideos<MusicVideo>(parent, files, directoryService, collectionType);
+                return ResolveVideos<MusicVideo>(parent, files, directoryService, collectionType, false);
             }
 
             if (string.Equals(collectionType, CollectionType.HomeVideos, StringComparison.OrdinalIgnoreCase))
             {
-                return ResolveVideos<Video>(parent, files, directoryService, collectionType);
+                return ResolveVideos<Video>(parent, files, directoryService, collectionType, false);
             }
 
             if (string.IsNullOrEmpty(collectionType))
@@ -75,21 +64,21 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
                 // Owned items should just use the plain video type
                 if (parent == null)
                 {
-                    return ResolveVideos<Video>(parent, files, directoryService, collectionType);
+                    return ResolveVideos<Video>(parent, files, directoryService, collectionType, false);
                 }
 
-                return ResolveVideos<Video>(parent, files, directoryService, collectionType);
+                return ResolveVideos<Video>(parent, files, directoryService, collectionType, false);
             }
 
             if (string.Equals(collectionType, CollectionType.Movies, StringComparison.OrdinalIgnoreCase))
             {
-                return ResolveVideos<Movie>(parent, files, directoryService, collectionType);
+                return ResolveVideos<Movie>(parent, files, directoryService, collectionType, false);
             }
 
             return null;
         }
 
-        private MultiItemResolverResult ResolveVideos<T>(Folder parent, IEnumerable<FileSystemInfo> fileSystemEntries, IDirectoryService directoryService, string collectionType)
+        private MultiItemResolverResult ResolveVideos<T>(Folder parent, IEnumerable<FileSystemInfo> fileSystemEntries, IDirectoryService directoryService, string collectionType, bool suppportMultiEditions)
             where T : Video, new()
         {
             var files = new List<FileSystemInfo>();
@@ -115,7 +104,7 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
                 FullName = i.FullName,
                 Type = FileInfoType.File
 
-            }).ToList(), false).ToList();
+            }).ToList(), suppportMultiEditions).ToList();
 
             var result = new MultiItemResolverResult
             {
@@ -135,7 +124,8 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
                     IsInMixedFolder = isInMixedFolder,
                     ProductionYear = video.Year,
                     Name = video.Name,
-                    AdditionalParts = video.Files.Skip(1).Select(i => i.Path).ToList()
+                    AdditionalParts = video.Files.Skip(1).Select(i => i.Path).ToList(),
+                    LocalAlternateVersions = video.AlternateVersions.Select(i => i.Path).ToList()
                 };
 
                 SetVideoType(videoItem, firstVideo);
@@ -314,32 +304,11 @@ namespace MediaBrowser.Server.Implementations.Library.Resolvers.Movies
                     return movie;
                 }
             }
-            
-            var result = ResolveVideos<T>(parent, fileSystemEntries, directoryService, collectionType);
 
             var supportsMultiVersion = !string.Equals(collectionType, CollectionType.HomeVideos) &&
-                                       !string.Equals(collectionType, CollectionType.MusicVideos);
-
-            // Test for multi-editions
-            if (result.Items.Count > 1 && supportsMultiVersion)
-            {
-                var filenamePrefix = Path.GetFileName(path);
-
-                if (!string.IsNullOrWhiteSpace(filenamePrefix))
-                {
-                    if (result.Items.All(i => _fileSystem.GetFileNameWithoutExtension(i.Path).StartsWith(filenamePrefix + " - ", StringComparison.OrdinalIgnoreCase)))
-                    {
-                        var movie = (T)result.Items[0];
-                        movie.Name = filenamePrefix;
-                        movie.LocalAlternateVersions = result.Items.Skip(1).Select(i => i.Path).ToList();
-                        movie.IsInMixedFolder = false;
-
-                        _logger.Debug("Multi-version video found: " + movie.Path);
+                                    !string.Equals(collectionType, CollectionType.MusicVideos);
 
-                        return movie;
-                    }
-                }
-            }
+            var result = ResolveVideos<T>(parent, fileSystemEntries, directoryService, collectionType, supportsMultiVersion);
 
             if (result.Items.Count == 1)
             {
diff --git a/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json b/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json
index ef1c8ca6b..ca2a326ef 100644
--- a/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json
+++ b/MediaBrowser.Server.Implementations/Localization/JavaScript/javascript.json
@@ -41,6 +41,10 @@
     "LabelCancelled": "(cancelled)",
     "LabelFailed": "(failed)",
     "ButtonHelp": "Help",
+    "HeaderLibraryAccess": "Library Access",
+    "HeaderChannelAccess": "Channel Access",
+    "HeaderDeviceAccess": "Device Access",
+    "HeaderSelectDevices": "Select Devices",
     "LabelAbortedByServerShutdown": "(Aborted by server shutdown)",
     "LabelScheduledTaskLastRan": "Last ran {0}, taking {1}.",
     "HeaderDeleteTaskTrigger": "Delete Task Trigger",
diff --git a/MediaBrowser.Server.Implementations/Localization/Server/server.json b/MediaBrowser.Server.Implementations/Localization/Server/server.json
index 7f0809897..25d16f5a4 100644
--- a/MediaBrowser.Server.Implementations/Localization/Server/server.json
+++ b/MediaBrowser.Server.Implementations/Localization/Server/server.json
@@ -63,12 +63,16 @@
     "TabPreferences": "Preferences",
     "TabPassword": "Password",
     "TabLibraryAccess": "Library Access",
+    "TabAccess": "Access",
     "TabImage": "Image",
     "TabProfile": "Profile",
     "TabMetadata": "Metadata",
     "TabImages": "Images",
     "TabNotifications": "Notifications",
     "TabCollectionTitles": "Titles",
+    "HeaderDeviceAccess": "Device Access",
+    "OptionEnableAccessFromAllDevices": "Enable access from all devices",
+    "DeviceAccessHelp": "This only applies to devices that can be uniquely identified and will not prevent browser access.",
     "LabelDisplayMissingEpisodesWithinSeasons": "Display missing episodes within seasons",
     "LabelUnairedMissingEpisodesWithinSeasons": "Display unaired episodes within seasons",
     "HeaderVideoPlaybackSettings": "Video Playback Settings",
diff --git a/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj b/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj
index 59196d0bb..f9f482b96 100644
--- a/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj
+++ b/MediaBrowser.Server.Implementations/MediaBrowser.Server.Implementations.csproj
@@ -51,7 +51,7 @@
     </Reference>
     <Reference Include="MediaBrowser.Naming, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\packages\MediaBrowser.Naming.1.0.0.23\lib\portable-net45+sl4+wp71+win8+wpa81\MediaBrowser.Naming.dll</HintPath>
+      <HintPath>..\packages\MediaBrowser.Naming.1.0.0.24\lib\portable-net45+sl4+wp71+win8+wpa81\MediaBrowser.Naming.dll</HintPath>
     </Reference>
     <Reference Include="Mono.Nat, Version=1.2.21.0, Culture=neutral, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
diff --git a/MediaBrowser.Server.Implementations/Session/SessionManager.cs b/MediaBrowser.Server.Implementations/Session/SessionManager.cs
index 4c587d1ab..d9ec9b7e4 100644
--- a/MediaBrowser.Server.Implementations/Session/SessionManager.cs
+++ b/MediaBrowser.Server.Implementations/Session/SessionManager.cs
@@ -1191,6 +1191,14 @@ namespace MediaBrowser.Server.Implementations.Session
             var user = _userManager.Users
                 .FirstOrDefault(i => string.Equals(request.Username, i.Name, StringComparison.OrdinalIgnoreCase));
 
+            if (user != null && !string.IsNullOrWhiteSpace(request.DeviceId))
+            {
+                if (!_deviceManager.CanAccessDevice(user.Id.ToString("N"), request.DeviceId))
+                {
+                    throw new UnauthorizedAccessException("User is not allowed access from this device.");
+                }
+            }
+
             var result = await _userManager.AuthenticateUser(request.Username, request.PasswordSha1, request.PasswordMd5, request.RemoteEndPoint).ConfigureAwait(false);
 
             if (!result)
diff --git a/MediaBrowser.Server.Implementations/packages.config b/MediaBrowser.Server.Implementations/packages.config
index f4406913b..239bca405 100644
--- a/MediaBrowser.Server.Implementations/packages.config
+++ b/MediaBrowser.Server.Implementations/packages.config
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="MediaBrowser.Naming" version="1.0.0.23" targetFramework="net45" />
+  <package id="MediaBrowser.Naming" version="1.0.0.24" targetFramework="net45" />
   <package id="Mono.Nat" version="1.2.21.0" targetFramework="net45" />
   <package id="morelinq" version="1.1.0" targetFramework="net45" />
 </packages>
\ No newline at end of file
-- 
cgit v1.2.3