lgladsden/jellyfin-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3420 from Ullmie02/api-missing-policy

Browse Source 
Add missing authorization policies (new Web Api)
This commit is contained in:
Patrick Barron 2020-06-23 01:33:13 +00:00 committed by GitHub
commit 57bf8c17d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Jellyfin.Api/Controllers/DisplayPreferencesController.cs
View File

@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Threading; using System.Threading;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Persistence; using MediaBrowser.Controller.Persistence;
using MediaBrowser.Model.Entities; using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
@ -13,7 +14,7 @@ namespace Jellyfin.Api.Controllers
/// <summary> /// <summary>
/// Display Preferences Controller. /// Display Preferences Controller.
/// </summary> /// </summary>
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class DisplayPreferencesController : BaseJellyfinApiController public class DisplayPreferencesController : BaseJellyfinApiController
{ {
private readonly IDisplayPreferencesRepository _displayPreferencesRepository; private readonly IDisplayPreferencesRepository _displayPreferencesRepository;

3
Jellyfin.Api/Controllers/FilterController.cs
View File

@ -1,6 +1,7 @@
using System; using System;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Dto; using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Entities.Audio; using MediaBrowser.Controller.Entities.Audio;
@ -18,7 +19,7 @@ namespace Jellyfin.Api.Controllers
/// <summary> /// <summary>
/// Filters controller. /// Filters controller.
/// </summary> /// </summary>
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class FilterController : BaseJellyfinApiController public class FilterController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

7
Jellyfin.Api/Controllers/ImageByNameController.cs
View File

@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Net.Mime; using System.Net.Mime;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller; using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Entities;
@ -43,7 +44,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Retrieved list of images.</response> /// <response code="200">Retrieved list of images.</response>
/// <returns>An <see cref="OkResult"/> containing the list of images.</returns> /// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
[HttpGet("General")] [HttpGet("General")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<ImageByNameInfo>> GetGeneralImages() public ActionResult<IEnumerable<ImageByNameInfo>> GetGeneralImages()
{ {
@ -88,7 +89,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Retrieved list of images.</response> /// <response code="200">Retrieved list of images.</response>
/// <returns>An <see cref="OkResult"/> containing the list of images.</returns> /// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
[HttpGet("Ratings")] [HttpGet("Ratings")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<ImageByNameInfo>> GetRatingImages() public ActionResult<IEnumerable<ImageByNameInfo>> GetRatingImages()
{ {
@ -121,7 +122,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Image list retrieved.</response> /// <response code="200">Image list retrieved.</response>
/// <returns>An <see cref="OkResult"/> containing the list of images.</returns> /// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
[HttpGet("MediaInfo")] [HttpGet("MediaInfo")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<ImageByNameInfo>> GetMediaInfoImages() public ActionResult<IEnumerable<ImageByNameInfo>> GetMediaInfoImages()
{ {

2
Jellyfin.Api/Controllers/ItemLookupController.cs
View File

@ -30,7 +30,7 @@ namespace Jellyfin.Api.Controllers
/// <summary> /// <summary>
/// Item lookup controller. /// Item lookup controller.
/// </summary> /// </summary>
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class ItemLookupController : BaseJellyfinApiController public class ItemLookupController : BaseJellyfinApiController
{ {
private readonly IProviderManager _providerManager; private readonly IProviderManager _providerManager;

3
Jellyfin.Api/Controllers/ItemRefreshController.cs
View File

@ -1,6 +1,7 @@
using System; using System;
using System.ComponentModel; using System.ComponentModel;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Providers; using MediaBrowser.Controller.Providers;
using MediaBrowser.Model.IO; using MediaBrowser.Model.IO;
@ -15,7 +16,7 @@ namespace Jellyfin.Api.Controllers
/// </summary> /// </summary>
/// [Authenticated] /// [Authenticated]
[Route("/Items")] [Route("/Items")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class ItemRefreshController : BaseJellyfinApiController public class ItemRefreshController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

3
Jellyfin.Api/Controllers/PlaylistsController.cs
View File

@ -1,6 +1,7 @@
using System; using System;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.Models.PlaylistDtos; using Jellyfin.Api.Models.PlaylistDtos;
@ -20,7 +21,7 @@ namespace Jellyfin.Api.Controllers
/// <summary> /// <summary>
/// Playlists controller. /// Playlists controller.
/// </summary> /// </summary>
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class PlaylistsController : BaseJellyfinApiController public class PlaylistsController : BaseJellyfinApiController
{ {
private readonly IPlaylistManager _playlistManager; private readonly IPlaylistManager _playlistManager;

2
Jellyfin.Api/Controllers/PluginsController.cs
View File

@ -20,7 +20,7 @@ namespace Jellyfin.Api.Controllers
/// <summary> /// <summary>
/// Plugins controller. /// Plugins controller.
/// </summary> /// </summary>
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class PluginsController : BaseJellyfinApiController public class PluginsController : BaseJellyfinApiController
{ {
private readonly IApplicationHost _appHost; private readonly IApplicationHost _appHost;

3
Jellyfin.Api/Controllers/RemoteImageController.cs
View File

@ -5,6 +5,7 @@ using System.Linq;
using System.Net.Mime; using System.Net.Mime;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using MediaBrowser.Controller; using MediaBrowser.Controller;
@ -25,7 +26,7 @@ namespace Jellyfin.Api.Controllers
/// Remote Images Controller. /// Remote Images Controller.
/// </summary> /// </summary>
[Route("Images")] [Route("Images")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
public class RemoteImageController : BaseJellyfinApiController public class RemoteImageController : BaseJellyfinApiController
{ {
private readonly IProviderManager _providerManager; private readonly IProviderManager _providerManager;

3
Jellyfin.Api/Controllers/SessionController.cs
View File

@ -5,6 +5,7 @@ using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using System.Threading; using System.Threading;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Devices; using MediaBrowser.Controller.Devices;
@ -57,7 +58,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">List of sessions returned.</response> /// <response code="200">List of sessions returned.</response>
/// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns> /// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
[HttpGet("/Sessions")] [HttpGet("/Sessions")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<SessionInfo>> GetSessions( public ActionResult<IEnumerable<SessionInfo>> GetSessions(
[FromQuery] Guid controllableByUserId, [FromQuery] Guid controllableByUserId,

12
Jellyfin.Api/Controllers/UserController.cs
View File

@ -72,7 +72,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Users returned.</response> /// <response code="200">Users returned.</response>
/// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns> /// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
[HttpGet] [HttpGet]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
public ActionResult<IEnumerable<UserDto>> GetUsers( public ActionResult<IEnumerable<UserDto>> GetUsers(
@ -237,7 +237,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="404">User not found.</response> /// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/Password")] [HttpPost("{userId}/Password")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
@ -295,7 +295,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="404">User not found.</response> /// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/EasyPassword")] [HttpPost("{userId}/EasyPassword")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
@ -337,7 +337,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="403">User update forbidden.</response> /// <response code="403">User update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
[HttpPost("{userId}")] [HttpPost("{userId}")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -381,7 +381,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="403">User policy update forbidden.</response> /// <response code="403">User policy update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns>
[HttpPost("{userId}/Policy")] [HttpPost("{userId}/Policy")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -437,7 +437,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="403">User configuration update forbidden.</response> /// <response code="403">User configuration update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
[HttpPost("{userId}/Configuration")] [HttpPost("{userId}/Configuration")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult UpdateUserConfiguration( public ActionResult UpdateUserConfiguration(

2
Jellyfin.Api/Controllers/VideosController.cs
View File

@ -51,7 +51,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Additional parts returned.</response> /// <response code="200">Additional parts returned.</response>
/// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns> /// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns>
[HttpGet("{itemId}/AdditionalParts")] [HttpGet("{itemId}/AdditionalParts")]
[Authorize] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute] Guid itemId, [FromQuery] Guid userId) public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute] Guid itemId, [FromQuery] Guid userId)
{ {