mirror of
https://github.com/jellyfin/jellyfin.git
synced 2025-05-24 02:02:29 -04:00
9a1a588857
Fix FirstTimeSetupPolicy allowing guest access Original-merge: 2cb052a119a43edbdeaba33f77d929a5ee4b405c Merged-by: crobibero <cody@robibe.ro> Backported-by: Joshua M. Boniface <joshua@boniface.me>
49 lines
1.7 KiB
C#
49 lines
1.7 KiB
C#
using System.Threading.Tasks;
|
|
using Jellyfin.Api.Constants;
|
|
using MediaBrowser.Common.Configuration;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
|
|
{
|
|
/// <summary>
|
|
/// Authorization handler for requiring first time setup or default privileges.
|
|
/// </summary>
|
|
public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
|
|
{
|
|
private readonly IConfigurationManager _configurationManager;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
|
|
/// </summary>
|
|
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
|
|
public FirstTimeSetupHandler(IConfigurationManager configurationManager)
|
|
{
|
|
_configurationManager = configurationManager;
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
|
|
{
|
|
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
|
|
{
|
|
context.Succeed(requirement);
|
|
}
|
|
else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
|
|
{
|
|
context.Fail();
|
|
}
|
|
else if (!requirement.RequireAdmin && context.User.IsInRole(UserRoles.Guest))
|
|
{
|
|
context.Fail();
|
|
}
|
|
else
|
|
{
|
|
// Any user-specific checks are handled in the DefaultAuthorizationHandler.
|
|
context.Succeed(requirement);
|
|
}
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
}
|
|
}
|