탐색 도움말
로그인
mirrors
/
jellyfin
의 미러 https://github.com/jellyfin/jellyfin
2
0
포크 0
파일 이슈 0 위키
소스 검색

Add userId parameter to AuthorizeQuickConnect

Niels van Velzen 2 년 전
부모
db2c0d4c91
커밋
fd73f346dc
1개의 변경된 파일9개의 추가작업 그리고 5개의 파일을 삭제
분할 보기 변경상태 보기
  1. 9 5
      Jellyfin.Api/Controllers/QuickConnectController.cs

+ 9 - 5
Jellyfin.Api/Controllers/QuickConnectController.cs
파일 보기 

@@ -1,3 +1,4 @@
 
+using System;
 
 using System.ComponentModel.DataAnnotations;
 
 using System.Threading.Tasks;
 
 using Jellyfin.Api.Constants;
 
@@ -96,6 +97,7 @@ namespace Jellyfin.Api.Controllers
 
         /// Authorizes a pending quick connect request.
 
         /// </summary>
 
         /// <param name="code">Quick connect code to authorize.</param>
 
+        /// <param name="userId">The user the authorize. Access to the requested user is required.</param>
 
         /// <response code="200">Quick connect result authorized successfully.</response>
 
         /// <response code="403">Unknown user id.</response>
 
         /// <returns>Boolean indicating if the authorization was successful.</returns>
 
@@ -103,17 +105,19 @@ namespace Jellyfin.Api.Controllers
 
         [Authorize(Policy = Policies.DefaultAuthorization)]
 
         [ProducesResponseType(StatusCodes.Status200OK)]
 
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
 
-        public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code)
 
+        public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)
 
         {
 
-            var userId = User.GetUserId();
 
-            if (userId.Equals(default))
 
+            var currentUserId = User.GetUserId();
 
+            var actualUserId = userId ?? currentUserId;
 
+
 
+            if (actualUserId.Equals(default) || (!userId.Equals(currentUserId) && !User.IsInRole(UserRoles.Administrator)))
 
             {
 
-                return StatusCode(StatusCodes.Status403Forbidden, "Unknown user id");
 
+                return Forbid("Unknown user id");
 
             }
 
 
             try
 
             {
 
-                return await _quickConnect.AuthorizeRequest(userId, code).ConfigureAwait(false);
 
+                return await _quickConnect.AuthorizeRequest(actualUserId, code).ConfigureAwait(false);
 
             }
 
             catch (AuthenticationException)
 
             {