Add permission for collection management
This commit is contained in:
Shadowghost
parent
1c72a8e006
commit
b7418d6e9e
|
|
@ -1,5 +1,4 @@
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Jellyfin.Api.Auth.DownloadPolicy;
|
|
||||||
using Jellyfin.Api.Extensions;
|
using Jellyfin.Api.Extensions;
|
||||||
using MediaBrowser.Common.Extensions;
|
using MediaBrowser.Common.Extensions;
|
||||||
using MediaBrowser.Controller.Library;
|
using MediaBrowser.Controller.Library;
|
||||||
|
|
@ -8,7 +7,7 @@ using Microsoft.AspNetCore.Authorization;
|
||||||
namespace Jellyfin.Api.Auth.UserPermissionPolicy
|
namespace Jellyfin.Api.Auth.UserPermissionPolicy
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Download authorization handler.
|
/// User permission authorization handler.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
|
public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
||||||
using Jellyfin.Data.Enums;
|
using Jellyfin.Data.Enums;
|
||||||
|
|
||||||
namespace Jellyfin.Api.Auth.DownloadPolicy
|
namespace Jellyfin.Api.Auth.UserPermissionPolicy
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The user permission requirement.
|
/// The user permission requirement.
|
||||||
|
|
|
||||||
|
|
@ -69,4 +69,9 @@ public static class Policies
|
||||||
/// Policy name for accessing a SyncPlay group.
|
/// Policy name for accessing a SyncPlay group.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public const string SyncPlayIsInGroup = "SyncPlayIsInGroup";
|
public const string SyncPlayIsInGroup = "SyncPlayIsInGroup";
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Policy name for accessing collection management.
|
||||||
|
/// </summary>
|
||||||
|
public const string CollectionManagement = "CollectionManagement";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.ComponentModel.DataAnnotations;
|
using System.ComponentModel.DataAnnotations;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
using Jellyfin.Api.Constants;
|
||||||
using Jellyfin.Api.Extensions;
|
using Jellyfin.Api.Extensions;
|
||||||
using Jellyfin.Api.ModelBinders;
|
using Jellyfin.Api.ModelBinders;
|
||||||
using MediaBrowser.Controller.Collections;
|
using MediaBrowser.Controller.Collections;
|
||||||
|
|
@ -16,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
|
||||||
/// The collection controller.
|
/// The collection controller.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
[Route("Collections")]
|
[Route("Collections")]
|
||||||
[Authorize]
|
[Authorize(Policy = Policies.CollectionManagement)]
|
||||||
public class CollectionController : BaseJellyfinApiController
|
public class CollectionController : BaseJellyfinApiController
|
||||||
{
|
{
|
||||||
private readonly ICollectionManager _collectionManager;
|
private readonly ICollectionManager _collectionManager;
|
||||||
|
|
|
||||||
|
|
@ -508,6 +508,7 @@ namespace Jellyfin.Data.Entities
|
||||||
Permissions.Add(new Permission(PermissionKind.EnableVideoPlaybackTranscoding, true));
|
Permissions.Add(new Permission(PermissionKind.EnableVideoPlaybackTranscoding, true));
|
||||||
Permissions.Add(new Permission(PermissionKind.ForceRemoteSourceTranscoding, false));
|
Permissions.Add(new Permission(PermissionKind.ForceRemoteSourceTranscoding, false));
|
||||||
Permissions.Add(new Permission(PermissionKind.EnableRemoteControlOfOtherUsers, false));
|
Permissions.Add(new Permission(PermissionKind.EnableRemoteControlOfOtherUsers, false));
|
||||||
|
Permissions.Add(new Permission(PermissionKind.EnableCollectionManagement, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
|
||||||
|
|
@ -108,6 +108,11 @@ namespace Jellyfin.Data.Enums
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Whether the server should force transcoding on remote connections for the user.
|
/// Whether the server should force transcoding on remote connections for the user.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
ForceRemoteSourceTranscoding = 20
|
ForceRemoteSourceTranscoding = 20,
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Whether the user can create, modify and delete collections.
|
||||||
|
/// </summary>
|
||||||
|
EnableCollectionManagement = 21
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -369,6 +369,7 @@ namespace Jellyfin.Server.Implementations.Users
|
||||||
EnablePlaybackRemuxing = user.HasPermission(PermissionKind.EnablePlaybackRemuxing),
|
EnablePlaybackRemuxing = user.HasPermission(PermissionKind.EnablePlaybackRemuxing),
|
||||||
ForceRemoteSourceTranscoding = user.HasPermission(PermissionKind.ForceRemoteSourceTranscoding),
|
ForceRemoteSourceTranscoding = user.HasPermission(PermissionKind.ForceRemoteSourceTranscoding),
|
||||||
EnablePublicSharing = user.HasPermission(PermissionKind.EnablePublicSharing),
|
EnablePublicSharing = user.HasPermission(PermissionKind.EnablePublicSharing),
|
||||||
|
EnableCollectionManagement = user.HasPermission(PermissionKind.EnableCollectionManagement),
|
||||||
AccessSchedules = user.AccessSchedules.ToArray(),
|
AccessSchedules = user.AccessSchedules.ToArray(),
|
||||||
BlockedTags = user.GetPreference(PreferenceKind.BlockedTags),
|
BlockedTags = user.GetPreference(PreferenceKind.BlockedTags),
|
||||||
AllowedTags = user.GetPreference(PreferenceKind.AllowedTags),
|
AllowedTags = user.GetPreference(PreferenceKind.AllowedTags),
|
||||||
|
|
@ -685,6 +686,7 @@ namespace Jellyfin.Server.Implementations.Users
|
||||||
user.SetPermission(PermissionKind.EnableAllFolders, policy.EnableAllFolders);
|
user.SetPermission(PermissionKind.EnableAllFolders, policy.EnableAllFolders);
|
||||||
user.SetPermission(PermissionKind.EnableRemoteControlOfOtherUsers, policy.EnableRemoteControlOfOtherUsers);
|
user.SetPermission(PermissionKind.EnableRemoteControlOfOtherUsers, policy.EnableRemoteControlOfOtherUsers);
|
||||||
user.SetPermission(PermissionKind.EnablePlaybackRemuxing, policy.EnablePlaybackRemuxing);
|
user.SetPermission(PermissionKind.EnablePlaybackRemuxing, policy.EnablePlaybackRemuxing);
|
||||||
|
user.SetPermission(PermissionKind.EnableCollectionManagement, policy.EnableCollectionManagement);
|
||||||
user.SetPermission(PermissionKind.ForceRemoteSourceTranscoding, policy.ForceRemoteSourceTranscoding);
|
user.SetPermission(PermissionKind.ForceRemoteSourceTranscoding, policy.ForceRemoteSourceTranscoding);
|
||||||
user.SetPermission(PermissionKind.EnablePublicSharing, policy.EnablePublicSharing);
|
user.SetPermission(PermissionKind.EnablePublicSharing, policy.EnablePublicSharing);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,6 @@ using Emby.Server.Implementations;
|
||||||
using Jellyfin.Api.Auth;
|
using Jellyfin.Api.Auth;
|
||||||
using Jellyfin.Api.Auth.AnonymousLanAccessPolicy;
|
using Jellyfin.Api.Auth.AnonymousLanAccessPolicy;
|
||||||
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
||||||
using Jellyfin.Api.Auth.DownloadPolicy;
|
|
||||||
using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
|
using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
|
||||||
using Jellyfin.Api.Auth.SyncPlayAccessPolicy;
|
using Jellyfin.Api.Auth.SyncPlayAccessPolicy;
|
||||||
using Jellyfin.Api.Auth.UserPermissionPolicy;
|
using Jellyfin.Api.Auth.UserPermissionPolicy;
|
||||||
|
|
@ -75,6 +74,7 @@ namespace Jellyfin.Server.Extensions
|
||||||
options.AddPolicy(Policies.SyncPlayCreateGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
|
options.AddPolicy(Policies.SyncPlayCreateGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
|
||||||
options.AddPolicy(Policies.SyncPlayJoinGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
|
options.AddPolicy(Policies.SyncPlayJoinGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
|
||||||
options.AddPolicy(Policies.SyncPlayIsInGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
|
options.AddPolicy(Policies.SyncPlayIsInGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
|
||||||
|
options.AddPolicy(Policies.CollectionManagement, new UserPermissionRequirement(PermissionKind.EnableCollectionManagement));
|
||||||
options.AddPolicy(Policies.AnonymousLanAccessPolicy, new AnonymousLanAccessRequirement());
|
options.AddPolicy(Policies.AnonymousLanAccessPolicy, new AnonymousLanAccessRequirement());
|
||||||
options.AddPolicy(
|
options.AddPolicy(
|
||||||
Policies.RequiresElevation,
|
Policies.RequiresElevation,
|
||||||
|
|
|
||||||
|
|
@ -163,6 +163,7 @@ namespace Jellyfin.Server.Migrations.Routines
|
||||||
user.SetPermission(PermissionKind.EnablePlaybackRemuxing, policy.EnablePlaybackRemuxing);
|
user.SetPermission(PermissionKind.EnablePlaybackRemuxing, policy.EnablePlaybackRemuxing);
|
||||||
user.SetPermission(PermissionKind.ForceRemoteSourceTranscoding, policy.ForceRemoteSourceTranscoding);
|
user.SetPermission(PermissionKind.ForceRemoteSourceTranscoding, policy.ForceRemoteSourceTranscoding);
|
||||||
user.SetPermission(PermissionKind.EnablePublicSharing, policy.EnablePublicSharing);
|
user.SetPermission(PermissionKind.EnablePublicSharing, policy.EnablePublicSharing);
|
||||||
|
user.SetPermission(PermissionKind.EnableCollectionManagement, policy.EnableCollectionManagement);
|
||||||
|
|
||||||
foreach (var policyAccessSchedule in policy.AccessSchedules)
|
foreach (var policyAccessSchedule in policy.AccessSchedules)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -104,7 +104,7 @@ namespace MediaBrowser.Controller.Entities.Movies
|
||||||
|
|
||||||
public override bool IsAuthorizedToDelete(User user, List<Folder> allCollectionFolders)
|
public override bool IsAuthorizedToDelete(User user, List<Folder> allCollectionFolders)
|
||||||
{
|
{
|
||||||
return true;
|
return user.HasPermission(PermissionKind.IsAdministrator) || user.HasPermission(PermissionKind.EnableCollectionManagement);
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool IsSaveLocalMetadataEnabled()
|
public override bool IsSaveLocalMetadataEnabled()
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ namespace MediaBrowser.Model.Users
|
||||||
public UserPolicy()
|
public UserPolicy()
|
||||||
{
|
{
|
||||||
IsHidden = true;
|
IsHidden = true;
|
||||||
|
EnableCollectionManagement = false;
|
||||||
|
|
||||||
EnableContentDeletion = false;
|
EnableContentDeletion = false;
|
||||||
EnableContentDeletionFromFolders = Array.Empty<string>();
|
EnableContentDeletionFromFolders = Array.Empty<string>();
|
||||||
|
|
@ -73,6 +74,12 @@ namespace MediaBrowser.Model.Users
|
||||||
/// <value><c>true</c> if this instance is hidden; otherwise, <c>false</c>.</value>
|
/// <value><c>true</c> if this instance is hidden; otherwise, <c>false</c>.</value>
|
||||||
public bool IsHidden { get; set; }
|
public bool IsHidden { get; set; }
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Gets or sets a value indicating whether this instance can manage collections.
|
||||||
|
/// </summary>
|
||||||
|
/// <value><c>true</c> if this instance is hidden; otherwise, <c>false</c>.</value>
|
||||||
|
public bool EnableCollectionManagement { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Gets or sets a value indicating whether this instance is disabled.
|
/// Gets or sets a value indicating whether this instance is disabled.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user