Home Esplora Aiuto
Accedi
mirrors
/
jellyfin
mirror da https://github.com/jellyfin/jellyfin
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Added access validation to view item user data.

ArabCoders 1 anno fa
parent
2a25c5a2e3
commit
faa036aa7b
1 ha cambiato i file con 5 aggiunte e 0 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 5 0
      Jellyfin.Api/Controllers/ItemsController.cs

+ 5 - 0
Jellyfin.Api/Controllers/ItemsController.cs
Vedi File 

@@ -902,6 +902,11 @@ public class ItemsController : BaseJellyfinApiController
 
         [FromRoute, Required] Guid userId,
 
         [FromRoute, Required] Guid itemId)
 
     {
 
+        if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true))
 
+        {
 
+            return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to view this item user data.");
 
+        }
 
+
 
         var user = _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException();
 
         var item = _libraryManager.GetItemById(itemId);