github-mirrors/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-04-23 21:47:14 -04:00
Code Issues Projects Releases Packages Wiki Activity

Use elevated access control for media folders endpoint

Browse source
This commit is contained in:
Bill Thornton 2022-11-10 01:04:16 -05:00
parent 4f3d562d75
commit e90031b4cc
1 changed files with 1 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Jellyfin.Api/Controllers/LibraryController.cs
View file

@ -493,18 +493,12 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Media folders returned.</response>
/// <returns>List of user media folders.</returns>
[HttpGet("Library/MediaFolders")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetMediaFolders([FromQuery] bool? isHidden)
{
var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
if (!ClaimHelpers.GetIsApiKey(User) && !User.IsInRole(UserRoles.Administrator))
{
var user = _userManager.GetUserById(ClaimHelpers.GetUserId(User)!.Value);
items = items.Where(i => i.IsVisible(user)).ToList();
}
if (isHidden.HasValue)
{
var val = isHidden.Value;