Use elevated access control for media folders endpoint

2022-11-10 01:04:16 -05:00 · 2022-11-10 01:04:16 -05:00 · c6dbcb661b
commit c6dbcb661b
parent 9f352ccb5b
1 changed files with 1 additions and 7 deletions
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@ -485,18 +485,12 @@ namespace Jellyfin.Api.Controllers
        /// <response code="200">Media folders returned.</response>
        /// <returns>List of user media folders.</returns>
        [HttpGet("Library/MediaFolders")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
+        [Authorize(Policy = Policies.RequiresElevation)]
        [ProducesResponseType(StatusCodes.Status200OK)]
        public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden)
        {
            var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();

-            if (!User.GetIsApiKey() && !User.IsInRole(UserRoles.Administrator))
-            {
-                var user = _userManager.GetUserById(User.GetUserId());
-                items = items.Where(i => i.IsVisible(user)).ToList();
-            }
-
            if (isHidden.HasValue)
            {
                var val = isHidden.Value;