Merge remote-tracking branch 'upstream/master' into HEAD

2025-12-16 05:53:03 +03:00 · 2020-06-14 20:15:26 -06:00
parent e2b2f74b47 f026a1d721
commit 589735f60c
166 changed files with 3930 additions and 2953 deletions
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -3,10 +3,11 @@
 using System;
 using System.Linq;
 using Emby.Server.Implementations.SocketSharp;
+using Jellyfin.Data.Entities;
+using Jellyfin.Data.Enums;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
@@ -90,7 +91,8 @@ namespace Emby.Server.Implementations.HttpServer.Security
                !string.IsNullOrEmpty(auth.Client) &&
                !string.IsNullOrEmpty(auth.Device))
            {
-                _sessionManager.LogSessionActivity(auth.Client,
+                _sessionManager.LogSessionActivity(
+                    auth.Client,
                    auth.Version,
                    auth.DeviceId,
                    auth.Device,
@@ -104,21 +106,21 @@ namespace Emby.Server.Implementations.HttpServer.Security
        private void ValidateUserAccess(
            User user,
            IRequest request,
-            IAuthenticationAttributes authAttribtues,
+            IAuthenticationAttributes authAttributes,
            AuthorizationInfo auth)
        {
-            if (user.Policy.IsDisabled)
+            if (user.HasPermission(PermissionKind.IsDisabled))
            {
                throw new SecurityException("User account has been disabled.");
            }

-            if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(request.RemoteIp))
+            if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !_networkManager.IsInLocalNetwork(request.RemoteIp))
            {
                throw new SecurityException("User account has been disabled.");
            }

-            if (!user.Policy.IsAdministrator
-                && !authAttribtues.EscapeParentalControl
+            if (!user.HasPermission(PermissionKind.IsAdministrator)
+                && !authAttributes.EscapeParentalControl
                && !user.IsParentalScheduleAllowed())
            {
                request.Response.Headers.Add("X-Application-Error-Code", "ParentalControl");
@@ -186,7 +188,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
        {
            if (roles.Contains("admin", StringComparer.OrdinalIgnoreCase))
            {
-                if (user == null || !user.Policy.IsAdministrator)
+                if (user == null || !user.HasPermission(PermissionKind.IsAdministrator))
                {
                    throw new SecurityException("User does not have admin access.");
                }
@@ -194,7 +196,7 @@ namespace Emby.Server.Implementations.HttpServer.Security

            if (roles.Contains("delete", StringComparer.OrdinalIgnoreCase))
            {
-                if (user == null || !user.Policy.EnableContentDeletion)
+                if (user == null || !user.HasPermission(PermissionKind.EnableContentDeletion))
                {
                    throw new SecurityException("User does not have delete access.");
                }
@@ -202,7 +204,7 @@ namespace Emby.Server.Implementations.HttpServer.Security

            if (roles.Contains("download", StringComparer.OrdinalIgnoreCase))
            {
-                if (user == null || !user.Policy.EnableContentDownloading)
+                if (user == null || !user.HasPermission(PermissionKind.EnableContentDownloading))
                {
                    throw new SecurityException("User does not have download access.");
                }