2020-06-07 13:41:49 +00:00
|
|
|
|
using System;
|
2021-01-24 00:32:13 +00:00
|
|
|
|
using System.Collections.Generic;
|
2020-04-23 14:54:28 +00:00
|
|
|
|
using System.Linq;
|
2022-10-06 11:57:47 +00:00
|
|
|
|
using System.Security.Claims;
|
2021-04-10 20:57:25 +00:00
|
|
|
|
using System.Threading.Tasks;
|
2022-10-06 11:57:47 +00:00
|
|
|
|
using Jellyfin.Api.Constants;
|
|
|
|
|
using Jellyfin.Api.Extensions;
|
2020-11-05 11:27:22 +00:00
|
|
|
|
using Jellyfin.Data.Entities;
|
2020-06-18 16:09:58 +00:00
|
|
|
|
using Jellyfin.Data.Enums;
|
2020-09-10 12:16:41 +00:00
|
|
|
|
using MediaBrowser.Common.Extensions;
|
2020-11-05 11:27:22 +00:00
|
|
|
|
using MediaBrowser.Controller.Dto;
|
|
|
|
|
using MediaBrowser.Controller.Entities;
|
2022-10-06 11:57:47 +00:00
|
|
|
|
using MediaBrowser.Controller.Library;
|
2023-02-17 22:16:08 +00:00
|
|
|
|
using MediaBrowser.Controller.Net;
|
2020-06-12 16:54:25 +00:00
|
|
|
|
using MediaBrowser.Controller.Session;
|
2020-11-05 11:27:22 +00:00
|
|
|
|
using MediaBrowser.Model.Dto;
|
2020-06-24 16:54:25 +00:00
|
|
|
|
using MediaBrowser.Model.Querying;
|
2020-06-19 11:03:53 +00:00
|
|
|
|
using Microsoft.AspNetCore.Http;
|
2020-04-23 14:54:28 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
namespace Jellyfin.Api.Helpers;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Request Extensions.
|
|
|
|
|
/// </summary>
|
|
|
|
|
public static class RequestHelpers
|
2020-04-23 14:54:28 +00:00
|
|
|
|
{
|
|
|
|
|
/// <summary>
|
2023-01-31 11:18:10 +00:00
|
|
|
|
/// Get Order By.
|
2020-04-23 14:54:28 +00:00
|
|
|
|
/// </summary>
|
2023-01-31 11:18:10 +00:00
|
|
|
|
/// <param name="sortBy">Sort By. Comma delimited string.</param>
|
|
|
|
|
/// <param name="requestedSortOrder">Sort Order. Comma delimited string.</param>
|
|
|
|
|
/// <returns>Order By.</returns>
|
|
|
|
|
public static (string, SortOrder)[] GetOrderBy(IReadOnlyList<string> sortBy, IReadOnlyList<SortOrder> requestedSortOrder)
|
2020-04-23 14:54:28 +00:00
|
|
|
|
{
|
2023-01-31 11:18:10 +00:00
|
|
|
|
if (sortBy.Count == 0)
|
2020-04-23 14:54:28 +00:00
|
|
|
|
{
|
2023-01-31 11:18:10 +00:00
|
|
|
|
return Array.Empty<(string, SortOrder)>();
|
|
|
|
|
}
|
2020-04-23 14:54:28 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
var result = new (string, SortOrder)[sortBy.Count];
|
|
|
|
|
var i = 0;
|
|
|
|
|
// Add elements which have a SortOrder specified
|
|
|
|
|
for (; i < requestedSortOrder.Count; i++)
|
|
|
|
|
{
|
|
|
|
|
result[i] = (sortBy[i], requestedSortOrder[i]);
|
2020-04-23 14:54:28 +00:00
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
// Add remaining elements with the first specified SortOrder
|
|
|
|
|
// or the default one if no SortOrders are specified
|
|
|
|
|
var order = requestedSortOrder.Count > 0 ? requestedSortOrder[0] : SortOrder.Ascending;
|
|
|
|
|
for (; i < sortBy.Count; i++)
|
2020-06-18 16:09:58 +00:00
|
|
|
|
{
|
2023-01-31 11:18:10 +00:00
|
|
|
|
result[i] = (sortBy[i], order);
|
|
|
|
|
}
|
2020-06-18 16:09:58 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
return result;
|
|
|
|
|
}
|
2020-06-18 16:09:58 +00:00
|
|
|
|
|
2023-02-17 22:16:08 +00:00
|
|
|
|
/// <summary>
|
|
|
|
|
/// Checks if the user can access a user.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="claimsPrincipal">The <see cref="ClaimsPrincipal"/> for the current request.</param>
|
|
|
|
|
/// <param name="userId">The user id.</param>
|
|
|
|
|
/// <returns>A <see cref="bool"/> whether the user can access the user.</returns>
|
|
|
|
|
internal static Guid GetUserId(ClaimsPrincipal claimsPrincipal, Guid? userId)
|
|
|
|
|
{
|
|
|
|
|
var authenticatedUserId = claimsPrincipal.GetUserId();
|
|
|
|
|
|
|
|
|
|
// UserId not provided, fall back to authenticated user id.
|
|
|
|
|
if (userId is null || userId.Value.Equals(default))
|
|
|
|
|
{
|
|
|
|
|
return authenticatedUserId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// User must be administrator to access another user.
|
|
|
|
|
var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator);
|
|
|
|
|
if (!userId.Value.Equals(authenticatedUserId) && !isAdministrator)
|
|
|
|
|
{
|
|
|
|
|
throw new SecurityException("Forbidden");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return userId.Value;
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
/// <summary>
|
|
|
|
|
/// Checks if the user can update an entry.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="userManager">An instance of the <see cref="IUserManager"/> interface.</param>
|
|
|
|
|
/// <param name="claimsPrincipal">The <see cref="ClaimsPrincipal"/> for the current request.</param>
|
|
|
|
|
/// <param name="userId">The user id.</param>
|
|
|
|
|
/// <param name="restrictUserPreferences">Whether to restrict the user preferences.</param>
|
|
|
|
|
/// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
|
|
|
|
|
internal static bool AssertCanUpdateUser(IUserManager userManager, ClaimsPrincipal claimsPrincipal, Guid userId, bool restrictUserPreferences)
|
|
|
|
|
{
|
|
|
|
|
var authenticatedUserId = claimsPrincipal.GetUserId();
|
|
|
|
|
var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator);
|
2022-10-06 11:57:47 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
// If they're going to update the record of another user, they must be an administrator
|
|
|
|
|
if (!userId.Equals(authenticatedUserId) && !isAdministrator)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
2020-06-18 16:09:58 +00:00
|
|
|
|
}
|
2020-06-20 18:45:16 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
// TODO the EnableUserPreferenceAccess policy does not seem to be used elsewhere
|
|
|
|
|
if (!restrictUserPreferences || isAdministrator)
|
2020-06-12 16:54:25 +00:00
|
|
|
|
{
|
2023-01-31 11:18:10 +00:00
|
|
|
|
return true;
|
2020-06-12 16:54:25 +00:00
|
|
|
|
}
|
2020-06-20 22:03:19 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
var user = userManager.GetUserById(userId);
|
2023-02-04 16:56:12 +00:00
|
|
|
|
if (user is null)
|
|
|
|
|
{
|
|
|
|
|
throw new ResourceNotFoundException();
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
return user.EnableUserPreferenceAccess;
|
|
|
|
|
}
|
2021-04-10 20:57:25 +00:00
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IUserManager userManager, HttpContext httpContext)
|
|
|
|
|
{
|
|
|
|
|
var userId = httpContext.User.GetUserId();
|
|
|
|
|
var user = userManager.GetUserById(userId);
|
|
|
|
|
var session = await sessionManager.LogSessionActivity(
|
|
|
|
|
httpContext.User.GetClient(),
|
|
|
|
|
httpContext.User.GetVersion(),
|
|
|
|
|
httpContext.User.GetDeviceId(),
|
|
|
|
|
httpContext.User.GetDevice(),
|
|
|
|
|
httpContext.GetNormalizedRemoteIp().ToString(),
|
|
|
|
|
user).ConfigureAwait(false);
|
|
|
|
|
|
|
|
|
|
if (session is null)
|
|
|
|
|
{
|
2023-02-04 16:56:12 +00:00
|
|
|
|
throw new ResourceNotFoundException("Session not found.");
|
2021-04-10 20:57:25 +00:00
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 11:18:10 +00:00
|
|
|
|
return session;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static async Task<string> GetSessionId(ISessionManager sessionManager, IUserManager userManager, HttpContext httpContext)
|
|
|
|
|
{
|
|
|
|
|
var session = await GetSession(sessionManager, userManager, httpContext).ConfigureAwait(false);
|
|
|
|
|
|
|
|
|
|
return session.Id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static QueryResult<BaseItemDto> CreateQueryResult(
|
|
|
|
|
QueryResult<(BaseItem Item, ItemCounts ItemCounts)> result,
|
|
|
|
|
DtoOptions dtoOptions,
|
|
|
|
|
IDtoService dtoService,
|
|
|
|
|
bool includeItemTypes,
|
|
|
|
|
User? user)
|
|
|
|
|
{
|
|
|
|
|
var dtos = result.Items.Select(i =>
|
2020-11-05 11:27:22 +00:00
|
|
|
|
{
|
2023-01-31 11:18:10 +00:00
|
|
|
|
var (baseItem, counts) = i;
|
|
|
|
|
var dto = dtoService.GetItemByNameDto(baseItem, dtoOptions, null, user);
|
|
|
|
|
|
|
|
|
|
if (includeItemTypes)
|
2020-11-05 11:27:22 +00:00
|
|
|
|
{
|
2023-01-31 11:18:10 +00:00
|
|
|
|
dto.ChildCount = counts.ItemCount;
|
|
|
|
|
dto.ProgramCount = counts.ProgramCount;
|
|
|
|
|
dto.SeriesCount = counts.SeriesCount;
|
|
|
|
|
dto.EpisodeCount = counts.EpisodeCount;
|
|
|
|
|
dto.MovieCount = counts.MovieCount;
|
|
|
|
|
dto.TrailerCount = counts.TrailerCount;
|
|
|
|
|
dto.AlbumCount = counts.AlbumCount;
|
|
|
|
|
dto.SongCount = counts.SongCount;
|
|
|
|
|
dto.ArtistCount = counts.ArtistCount;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return dto;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return new QueryResult<BaseItemDto>(
|
|
|
|
|
result.StartIndex,
|
|
|
|
|
result.TotalRecordCount,
|
|
|
|
|
dtos.ToArray());
|
2020-04-23 14:54:28 +00:00
|
|
|
|
}
|
|
|
|
|
}
|