Add missing authorization policies

Jellyfin.Api/Controllers/DisplayPreferencesController.cs

@@ -1,6 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using System.Diagnostics.CodeAnalysis;
 using System.Threading;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Persistence;
 using MediaBrowser.Model.Entities;
 using Microsoft.AspNetCore.Authorization;
@@ -13,7 +14,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Display Preferences Controller.
     /// </summary>
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class DisplayPreferencesController : BaseJellyfinApiController
     {
         private readonly IDisplayPreferencesRepository _displayPreferencesRepository;

Jellyfin.Api/Controllers/FilterController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Linq;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Dto;
 using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Entities.Audio;
@@ -18,7 +19,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Filters controller.
     /// </summary>
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class FilterController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;

Jellyfin.Api/Controllers/ImageByNameController.cs

@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Net.Mime;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Entities;
@@ -43,7 +44,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Retrieved list of images.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
         [HttpGet("General")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<ImageByNameInfo>> GetGeneralImages()
         {
@@ -88,7 +89,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Retrieved list of images.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
         [HttpGet("Ratings")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<ImageByNameInfo>> GetRatingImages()
         {
@@ -121,7 +122,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Image list retrieved.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of images.</returns>
         [HttpGet("MediaInfo")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<ImageByNameInfo>> GetMediaInfoImages()
         {

Jellyfin.Api/Controllers/ItemLookupController.cs

@@ -30,7 +30,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Item lookup controller.
     /// </summary>
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class ItemLookupController : BaseJellyfinApiController
     {
         private readonly IProviderManager _providerManager;

Jellyfin.Api/Controllers/ItemRefreshController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Providers;
 using MediaBrowser.Model.IO;
@@ -15,7 +16,7 @@ namespace Jellyfin.Api.Controllers
     /// </summary>
     /// [Authenticated]
     [Route("/Items")]
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class ItemRefreshController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;

Jellyfin.Api/Controllers/PlaylistsController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.PlaylistDtos;
@@ -20,7 +21,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Playlists controller.
     /// </summary>
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class PlaylistsController : BaseJellyfinApiController
     {
         private readonly IPlaylistManager _playlistManager;

Jellyfin.Api/Controllers/PluginsController.cs

@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Plugins controller.
     /// </summary>
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class PluginsController : BaseJellyfinApiController
     {
         private readonly IApplicationHost _appHost;

Jellyfin.Api/Controllers/RemoteImageController.cs

@@ -5,6 +5,7 @@ using System.Linq;
 using System.Net.Mime;
 using System.Threading;
 using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller;
@@ -25,7 +26,7 @@ namespace Jellyfin.Api.Controllers
     /// Remote Images Controller.
     /// </summary>
     [Route("Images")]
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class RemoteImageController : BaseJellyfinApiController
     {
         private readonly IProviderManager _providerManager;

Jellyfin.Api/Controllers/SessionController.cs

@@ -5,6 +5,7 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Devices;
@@ -57,7 +58,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">List of sessions returned.</response>
         /// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
         [HttpGet("/Sessions")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<SessionInfo>> GetSessions(
             [FromQuery] Guid controllableByUserId,

Jellyfin.Api/Controllers/UserController.cs

@@ -72,7 +72,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Users returned.</response>
         /// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
         [HttpGet]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
         public ActionResult<IEnumerable<UserDto>> GetUsers(
@@ -237,7 +237,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
         [HttpPost("{userId}/Password")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -295,7 +295,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
         [HttpPost("{userId}/EasyPassword")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -337,7 +337,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="403">User update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
         [HttpPost("{userId}")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -381,7 +381,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="403">User policy update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns>
         [HttpPost("{userId}/Policy")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
@@ -437,7 +437,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="403">User configuration update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("{userId}/Configuration")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public ActionResult UpdateUserConfiguration(

Jellyfin.Api/Controllers/VideosController.cs

@@ -51,7 +51,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Additional parts returned.</response>
         /// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns>
         [HttpGet("{itemId}/AdditionalParts")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute] Guid itemId, [FromQuery] Guid userId)
         {