< Summary - Jellyfin

Information
Class: Jellyfin.Api.Auth.DefaultAuthorizationPolicy.DefaultAuthorizationHandler
Assembly: Jellyfin.Api
File(s): /srv/git/jellyfin/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
Line coverage
90%
Covered lines: 29
Uncovered lines: 3
Coverable lines: 32
Total lines: 95
Line coverage: 90.6%
Branch coverage
86%
Covered branches: 19
Total branches: 22
Branch coverage: 86.3%
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100

Metrics

MethodBranch coverage Crap Score Cyclomatic complexity Line coverage
.ctor(...)100%11100%
HandleRequirementAsync(...)81.81%24.242283.33%

File(s)

/srv/git/jellyfin/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs

#LineLine coverage
 1using System.Threading.Tasks;
 2using Jellyfin.Api.Constants;
 3using Jellyfin.Api.Extensions;
 4using Jellyfin.Data.Enums;
 5using Jellyfin.Extensions;
 6using MediaBrowser.Common.Extensions;
 7using MediaBrowser.Common.Net;
 8using MediaBrowser.Controller.Library;
 9using Microsoft.AspNetCore.Authorization;
 10using Microsoft.AspNetCore.Http;
 11
 12namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
 13{
 14    /// <summary>
 15    /// Default authorization handler.
 16    /// </summary>
 17    public class DefaultAuthorizationHandler : AuthorizationHandler<DefaultAuthorizationRequirement>
 18    {
 19        private readonly IUserManager _userManager;
 20        private readonly INetworkManager _networkManager;
 21        private readonly IHttpContextAccessor _httpContextAccessor;
 22
 23        /// <summary>
 24        /// Initializes a new instance of the <see cref="DefaultAuthorizationHandler"/> class.
 25        /// </summary>
 26        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
 27        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
 28        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
 3929        public DefaultAuthorizationHandler(
 3930            IUserManager userManager,
 3931            INetworkManager networkManager,
 3932            IHttpContextAccessor httpContextAccessor)
 33        {
 3934            _userManager = userManager;
 3935            _networkManager = networkManager;
 3936            _httpContextAccessor = httpContextAccessor;
 3937        }
 38
 39        /// <inheritdoc />
 40        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirem
 41        {
 15642            var isApiKey = context.User.GetIsApiKey();
 15643            var userId = context.User.GetUserId();
 44            // This likely only happens during the wizard, so skip the default checks and let any other handlers do it
 15645            if (!isApiKey && userId.IsEmpty())
 46            {
 4247                return Task.CompletedTask;
 48            }
 49
 11450            if (isApiKey)
 51            {
 52                // Api keys are unrestricted.
 153                context.Succeed(requirement);
 154                return Task.CompletedTask;
 55            }
 56
 11357            var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
 11358                                   && _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRem
 11359            var user = _userManager.GetUserById(userId);
 11360            if (user is null)
 61            {
 062                throw new ResourceNotFoundException();
 63            }
 64
 65            // User cannot access remotely and user is remote
 11366            if (!isInLocalNetwork && !user.HasPermission(PermissionKind.EnableRemoteAccess))
 67            {
 068                context.Fail();
 069                return Task.CompletedTask;
 70            }
 71
 72            // Admins can do everything
 11373            if (context.User.IsInRole(UserRoles.Administrator))
 74            {
 10275                context.Succeed(requirement);
 10276                return Task.CompletedTask;
 77            }
 78
 79            // It's not great to have this check, but parental schedule must usually be honored except in a few rare cas
 1180            if (requirement.ValidateParentalSchedule && !user.IsParentalScheduleAllowed())
 81            {
 182                context.Fail();
 183                return Task.CompletedTask;
 84            }
 85
 86            // Only succeed if the requirement isn't a subclass as any subclassed requirement will handle success in its
 1087            if (requirement.GetType() == typeof(DefaultAuthorizationRequirement))
 88            {
 489                context.Succeed(requirement);
 90            }
 91
 1092            return Task.CompletedTask;
 93        }
 94    }
 95}
Generated by: ReportGenerator 5.3.8.0
9/19/2024 - 12:16:35 AM
GitHub | reportgenerator.io

Methods/Properties

.ctor(MediaBrowser.Controller.Library.IUserManager,MediaBrowser.Common.Net.INetworkManager,Microsoft.AspNetCore.Http.IHttpContextAccessor)
HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext,Jellyfin.Api.Auth.DefaultAuthorizationPolicy.DefaultAuthorizationRequirement)