Merge pull request #930 from fruhnow/AuthorizationCheck
checking user-permission in GetQueryResult
This commit is contained in:
commit
60df855b26
|
@ -19,6 +19,7 @@
|
||||||
- [LogicalPhallacy](https://github.com/LogicalPhallacy/)
|
- [LogicalPhallacy](https://github.com/LogicalPhallacy/)
|
||||||
- [RazeLighter777](https://github.com/RazeLighter777)
|
- [RazeLighter777](https://github.com/RazeLighter777)
|
||||||
- [WillWill56](https://github.com/WillWill56)
|
- [WillWill56](https://github.com/WillWill56)
|
||||||
|
- [fruhnow](https://github.com/fruhnow)
|
||||||
|
|
||||||
# Emby Contributors
|
# Emby Contributors
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ using MediaBrowser.Model.Entities;
|
||||||
using MediaBrowser.Model.Globalization;
|
using MediaBrowser.Model.Globalization;
|
||||||
using MediaBrowser.Model.Querying;
|
using MediaBrowser.Model.Querying;
|
||||||
using MediaBrowser.Model.Services;
|
using MediaBrowser.Model.Services;
|
||||||
|
using Microsoft.Extensions.Logging;
|
||||||
|
|
||||||
namespace MediaBrowser.Api.UserLibrary
|
namespace MediaBrowser.Api.UserLibrary
|
||||||
{
|
{
|
||||||
|
@ -224,6 +225,16 @@ namespace MediaBrowser.Api.UserLibrary
|
||||||
request.IncludeItemTypes = "Playlist";
|
request.IncludeItemTypes = "Playlist";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!user.Policy.EnableAllFolders && !user.Policy.EnabledFolders.Any(i => new Guid(i) == item.Id))
|
||||||
|
{
|
||||||
|
Logger.LogWarning("{UserName} is not permitted to access Library {ItemName}.", user.Name, item.Name);
|
||||||
|
return new QueryResult<BaseItem>
|
||||||
|
{
|
||||||
|
Items = Array.Empty<BaseItem>(),
|
||||||
|
TotalRecordCount = 0
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
if (request.Recursive || !string.IsNullOrEmpty(request.Ids) || user == null)
|
if (request.Recursive || !string.IsNullOrEmpty(request.Ids) || user == null)
|
||||||
{
|
{
|
||||||
return folder.GetItems(GetItemsQuery(request, dtoOptions, user));
|
return folder.GetItems(GetItemsQuery(request, dtoOptions, user));
|
||||||
|
|
Loading…
Reference in New Issue
Block a user