| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- using System.Threading.Tasks;
- using Jellyfin.Api.Extensions;
- using Jellyfin.Extensions;
- using MediaBrowser.Common.Extensions;
- using MediaBrowser.Controller.Library;
- using Microsoft.AspNetCore.Authorization;
- namespace Jellyfin.Api.Auth.UserPermissionPolicy
- {
- /// <summary>
- /// User permission authorization handler.
- /// </summary>
- public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
- {
- private readonly IUserManager _userManager;
- /// <summary>
- /// Initializes a new instance of the <see cref="UserPermissionHandler"/> class.
- /// </summary>
- /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
- public UserPermissionHandler(IUserManager userManager)
- {
- _userManager = userManager;
- }
- /// <inheritdoc />
- protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserPermissionRequirement requirement)
- {
- // Api keys have global permissions, so just succeed the requirement.
- if (context.User.GetIsApiKey())
- {
- context.Succeed(requirement);
- }
- else
- {
- var userId = context.User.GetUserId();
- if (!userId.IsEmpty())
- {
- var user = _userManager.GetUserById(context.User.GetUserId());
- if (user is null)
- {
- throw new ResourceNotFoundException();
- }
- if (user.HasPermission(requirement.RequiredPermission))
- {
- context.Succeed(requirement);
- }
- }
- }
- return Task.CompletedTask;
- }
- }
- }
|
