Add missing authorization policies

This commit is contained in:
David 2020-06-22 15:44:11 +02:00
parent 743032f1e1
commit 5c6e9f4db5
11 changed files with 25 additions and 18 deletions

View File

@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis;
using System.Threading;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authorization;
@ -13,7 +14,7 @@ namespace Jellyfin.Api.Controllers
/// <summary>
/// Display Preferences Controller.
/// </summary>
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class DisplayPreferencesController : BaseJellyfinApiController
{
private readonly IDisplayPreferencesRepository _displayPreferencesRepository;

View File

@ -1,6 +1,7 @@
using System;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Entities.Audio;
@ -18,7 +19,7 @@ namespace Jellyfin.Api.Controllers
/// <summary>
/// Filters controller.
/// </summary>
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class FilterController : BaseJellyfinApiController
{
private readonly ILibraryManager _libraryManager;

View File

@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net.Mime;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Entities;
@ -43,7 +44,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Retrieved list of images.</response>
/// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
[HttpGet("General")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<ImageByNameInfo>> GetGeneralImages()
{
@ -88,7 +89,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Retrieved list of images.</response>
/// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
[HttpGet("Ratings")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<ImageByNameInfo>> GetRatingImages()
{
@ -121,7 +122,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Image list retrieved.</response>
/// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
[HttpGet("MediaInfo")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<ImageByNameInfo>> GetMediaInfoImages()
{

View File

@ -30,7 +30,7 @@ namespace Jellyfin.Api.Controllers
/// <summary>
/// Item lookup controller.
/// </summary>
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class ItemLookupController : BaseJellyfinApiController
{
private readonly IProviderManager _providerManager;

View File

@ -1,6 +1,7 @@
using System;
using System.ComponentModel;
using System.Diagnostics.CodeAnalysis;
using Jellyfin.Api.Constants;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Providers;
using MediaBrowser.Model.IO;
@ -15,7 +16,7 @@ namespace Jellyfin.Api.Controllers
/// </summary>
/// [Authenticated]
[Route("/Items")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class ItemRefreshController : BaseJellyfinApiController
{
private readonly ILibraryManager _libraryManager;

View File

@ -1,6 +1,7 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using Jellyfin.Api.Models.PlaylistDtos;
@ -20,7 +21,7 @@ namespace Jellyfin.Api.Controllers
/// <summary>
/// Playlists controller.
/// </summary>
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class PlaylistsController : BaseJellyfinApiController
{
private readonly IPlaylistManager _playlistManager;

View File

@ -20,7 +20,7 @@ namespace Jellyfin.Api.Controllers
/// <summary>
/// Plugins controller.
/// </summary>
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class PluginsController : BaseJellyfinApiController
{
private readonly IApplicationHost _appHost;

View File

@ -5,6 +5,7 @@ using System.Linq;
using System.Net.Mime;
using System.Threading;
using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller;
@ -25,7 +26,7 @@ namespace Jellyfin.Api.Controllers
/// Remote Images Controller.
/// </summary>
[Route("Images")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class RemoteImageController : BaseJellyfinApiController
{
private readonly IProviderManager _providerManager;

View File

@ -5,6 +5,7 @@ using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Threading;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Devices;
@ -57,7 +58,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">List of sessions returned.</response>
/// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
[HttpGet("/Sessions")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<SessionInfo>> GetSessions(
[FromQuery] Guid controllableByUserId,

View File

@ -72,7 +72,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Users returned.</response>
/// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
[HttpGet]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
public ActionResult<IEnumerable<UserDto>> GetUsers(
@ -237,7 +237,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/Password")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
@ -295,7 +295,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/EasyPassword")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
@ -337,7 +337,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="403">User update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
[HttpPost("{userId}")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -381,7 +381,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="403">User policy update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns>
[HttpPost("{userId}/Policy")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -437,7 +437,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="403">User configuration update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
[HttpPost("{userId}/Configuration")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult UpdateUserConfiguration(

View File

@ -51,7 +51,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Additional parts returned.</response>
/// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns>
[HttpGet("{itemId}/AdditionalParts")]
[Authorize]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute] Guid itemId, [FromQuery] Guid userId)
{