Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-07-09 03:04:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use elevated access control for media folders endpoint

Browse Source
This commit is contained in:
Bill Thornton 2022-11-10 01:04:16 -05:00
parent 4f3d562d75
commit e90031b4cc
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Jellyfin.Api/Controllers/LibraryController.cs
View File

@ -493,18 +493,12 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Media folders returned.</response> /// <response code="200">Media folders returned.</response>
/// <returns>List of user media folders.</returns> /// <returns>List of user media folders.</returns>
[HttpGet("Library/MediaFolders")] [HttpGet("Library/MediaFolders")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden) public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden)
{ {
var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList(); var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
if (!ClaimHelpers.GetIsApiKey(User) && !User.IsInRole(UserRoles.Administrator))
{
var user = _userManager.GetUserById(ClaimHelpers.GetUserId(User)!.Value);
items = items.Where(i => i.IsVisible(user)).ToList();
}
if (isHidden.HasValue) if (isHidden.HasValue)
{ {
var val = isHidden.Value; var val = isHidden.Value;