starred/jellyfin-jellyfin-1
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-12-17 22:43:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix media folders endpoint access control

Browse Source
This commit is contained in:
Bill Thornton
2022-11-09 18:31:30 -05:00
parent 6c8b40f413
commit 4f3d562d75
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Jellyfin.Api/Controllers/LibraryController.cs
View File

@@ -11,6 +11,7 @@ using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Api.Models.LibraryDtos; using Jellyfin.Api.Models.LibraryDtos;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
@@ -498,6 +499,12 @@ namespace Jellyfin.Api.Controllers
{ {
var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList(); var items = _libraryManager.GetUserRootFolder().Children.Concat(_libraryManager.RootFolder.VirtualChildren).OrderBy(i => i.SortName).ToList();
if (!ClaimHelpers.GetIsApiKey(User) && !User.IsInRole(UserRoles.Administrator))
{
var user = _userManager.GetUserById(ClaimHelpers.GetUserId(User)!.Value);
items = items.Where(i => i.IsVisible(user)).ToList();
}
if (isHidden.HasValue) if (isHidden.HasValue)
{ {
var val = isHidden.Value; var val = isHidden.Value;