mirror of
https://github.com/jellyfin/jellyfin.git
synced 2025-12-17 22:43:07 +03:00
Validate item access (#11171)
This commit is contained in:
Cody Robibero
@@ -8,8 +8,10 @@ using Jellyfin.Api.Attributes;
|
||||
using Jellyfin.Api.Extensions;
|
||||
using Jellyfin.Api.Helpers;
|
||||
using Jellyfin.Api.Models.MediaInfoDtos;
|
||||
using Jellyfin.Extensions;
|
||||
using MediaBrowser.Common.Extensions;
|
||||
using MediaBrowser.Controller.Devices;
|
||||
using MediaBrowser.Controller.Entities;
|
||||
using MediaBrowser.Controller.Library;
|
||||
using MediaBrowser.Model.MediaInfo;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@@ -32,6 +34,7 @@ public class MediaInfoController : BaseJellyfinApiController
|
||||
private readonly ILibraryManager _libraryManager;
|
||||
private readonly ILogger<MediaInfoController> _logger;
|
||||
private readonly MediaInfoHelper _mediaInfoHelper;
|
||||
private readonly IUserManager _userManager;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="MediaInfoController"/> class.
|
||||
@@ -41,18 +44,21 @@ public class MediaInfoController : BaseJellyfinApiController
|
||||
/// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
|
||||
/// <param name="logger">Instance of the <see cref="ILogger{MediaInfoController}"/> interface.</param>
|
||||
/// <param name="mediaInfoHelper">Instance of the <see cref="MediaInfoHelper"/>.</param>
|
||||
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface..</param>
|
||||
public MediaInfoController(
|
||||
IMediaSourceManager mediaSourceManager,
|
||||
IDeviceManager deviceManager,
|
||||
ILibraryManager libraryManager,
|
||||
ILogger<MediaInfoController> logger,
|
||||
MediaInfoHelper mediaInfoHelper)
|
||||
MediaInfoHelper mediaInfoHelper,
|
||||
IUserManager userManager)
|
||||
{
|
||||
_mediaSourceManager = mediaSourceManager;
|
||||
_deviceManager = deviceManager;
|
||||
_libraryManager = libraryManager;
|
||||
_logger = logger;
|
||||
_mediaInfoHelper = mediaInfoHelper;
|
||||
_userManager = userManager;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -61,16 +67,24 @@ public class MediaInfoController : BaseJellyfinApiController
|
||||
/// <param name="itemId">The item id.</param>
|
||||
/// <param name="userId">The user id.</param>
|
||||
/// <response code="200">Playback info returned.</response>
|
||||
/// <response code="404">Item not found.</response>
|
||||
/// <returns>A <see cref="Task"/> containing a <see cref="PlaybackInfoResponse"/> with the playback information.</returns>
|
||||
[HttpGet("Items/{itemId}/PlaybackInfo")]
|
||||
[ProducesResponseType(StatusCodes.Status200OK)]
|
||||
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
||||
public async Task<ActionResult<PlaybackInfoResponse>> GetPlaybackInfo([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
|
||||
{
|
||||
userId = RequestHelpers.GetUserId(User, userId);
|
||||
return await _mediaInfoHelper.GetPlaybackInfo(
|
||||
itemId,
|
||||
userId)
|
||||
.ConfigureAwait(false);
|
||||
var user = userId.IsNullOrEmpty()
|
||||
? null
|
||||
: _userManager.GetUserById(userId.Value);
|
||||
var item = _libraryManager.GetItemById<BaseItem>(itemId, user);
|
||||
if (item is null)
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
return await _mediaInfoHelper.GetPlaybackInfo(item, user).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -97,9 +111,11 @@ public class MediaInfoController : BaseJellyfinApiController
|
||||
/// <param name="allowAudioStreamCopy">Whether to allow to copy the audio stream. Default: true.</param>
|
||||
/// <param name="playbackInfoDto">The playback info.</param>
|
||||
/// <response code="200">Playback info returned.</response>
|
||||
/// <response code="404">Item not found.</response>
|
||||
/// <returns>A <see cref="Task"/> containing a <see cref="PlaybackInfoResponse"/> with the playback info.</returns>
|
||||
[HttpPost("Items/{itemId}/PlaybackInfo")]
|
||||
[ProducesResponseType(StatusCodes.Status200OK)]
|
||||
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
||||
public async Task<ActionResult<PlaybackInfoResponse>> GetPostedPlaybackInfo(
|
||||
[FromRoute, Required] Guid itemId,
|
||||
[FromQuery, ParameterObsolete] Guid? userId,
|
||||
@@ -148,9 +164,19 @@ public class MediaInfoController : BaseJellyfinApiController
|
||||
allowVideoStreamCopy ??= playbackInfoDto?.AllowVideoStreamCopy ?? true;
|
||||
allowAudioStreamCopy ??= playbackInfoDto?.AllowAudioStreamCopy ?? true;
|
||||
|
||||
userId = RequestHelpers.GetUserId(User, userId);
|
||||
var user = userId.IsNullOrEmpty()
|
||||
? null
|
||||
: _userManager.GetUserById(userId.Value);
|
||||
var item = _libraryManager.GetItemById<BaseItem>(itemId, user);
|
||||
if (item is null)
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
|
||||
var info = await _mediaInfoHelper.GetPlaybackInfo(
|
||||
itemId,
|
||||
userId,
|
||||
item,
|
||||
user,
|
||||
mediaSourceId,
|
||||
liveStreamId)
|
||||
.ConfigureAwait(false);
|
||||
@@ -163,8 +189,6 @@ public class MediaInfoController : BaseJellyfinApiController
|
||||
if (profile is not null)
|
||||
{
|
||||
// set device specific data
|
||||
var item = _libraryManager.GetItemById(itemId);
|
||||
|
||||
foreach (var mediaSource in info.MediaSources)
|
||||
{
|
||||
_mediaInfoHelper.SetDeviceSpecificData(
|
||||
|
||||
Reference in New Issue
Block a user