< Summary - Jellyfin

Information
Class: Jellyfin.Api.Auth.DefaultAuthorizationPolicy.DefaultAuthorizationHandler
Assembly: Jellyfin.Api
File(s): /srv/git/jellyfin/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
Line coverage
90%
Covered lines: 29
Uncovered lines: 3
Coverable lines: 32
Total lines: 96
Line coverage: 90.6%
Branch coverage
86%
Covered branches: 19
Total branches: 22
Branch coverage: 86.3%
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100

Metrics

MethodBranch coverage Crap Score Cyclomatic complexity Line coverage
.ctor(...)100%11100%
HandleRequirementAsync(...)81.81%242283.33%

File(s)

/srv/git/jellyfin/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs

#LineLine coverage
 1using System.Threading.Tasks;
 2using Jellyfin.Api.Constants;
 3using Jellyfin.Api.Extensions;
 4using Jellyfin.Data;
 5using Jellyfin.Database.Implementations.Enums;
 6using Jellyfin.Extensions;
 7using MediaBrowser.Common.Extensions;
 8using MediaBrowser.Common.Net;
 9using MediaBrowser.Controller.Library;
 10using Microsoft.AspNetCore.Authorization;
 11using Microsoft.AspNetCore.Http;
 12
 13namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
 14{
 15    /// <summary>
 16    /// Default authorization handler.
 17    /// </summary>
 18    public class DefaultAuthorizationHandler : AuthorizationHandler<DefaultAuthorizationRequirement>
 19    {
 20        private readonly IUserManager _userManager;
 21        private readonly INetworkManager _networkManager;
 22        private readonly IHttpContextAccessor _httpContextAccessor;
 23
 24        /// <summary>
 25        /// Initializes a new instance of the <see cref="DefaultAuthorizationHandler"/> class.
 26        /// </summary>
 27        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
 28        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
 29        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
 3830        public DefaultAuthorizationHandler(
 3831            IUserManager userManager,
 3832            INetworkManager networkManager,
 3833            IHttpContextAccessor httpContextAccessor)
 34        {
 3835            _userManager = userManager;
 3836            _networkManager = networkManager;
 3837            _httpContextAccessor = httpContextAccessor;
 3838        }
 39
 40        /// <inheritdoc />
 41        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirem
 42        {
 14243            var isApiKey = context.User.GetIsApiKey();
 14244            var userId = context.User.GetUserId();
 45            // This likely only happens during the wizard, so skip the default checks and let any other handlers do it
 14246            if (!isApiKey && userId.IsEmpty())
 47            {
 4048                return Task.CompletedTask;
 49            }
 50
 10251            if (isApiKey)
 52            {
 53                // Api keys are unrestricted.
 154                context.Succeed(requirement);
 155                return Task.CompletedTask;
 56            }
 57
 10158            var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
 10159                                   && _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRem
 10160            var user = _userManager.GetUserById(userId);
 10161            if (user is null)
 62            {
 063                throw new ResourceNotFoundException();
 64            }
 65
 66            // User cannot access remotely and user is remote
 10167            if (!isInLocalNetwork && !user.HasPermission(PermissionKind.EnableRemoteAccess))
 68            {
 069                context.Fail();
 070                return Task.CompletedTask;
 71            }
 72
 73            // Admins can do everything
 10174            if (context.User.IsInRole(UserRoles.Administrator))
 75            {
 9076                context.Succeed(requirement);
 9077                return Task.CompletedTask;
 78            }
 79
 80            // It's not great to have this check, but parental schedule must usually be honored except in a few rare cas
 1181            if (requirement.ValidateParentalSchedule && !user.IsParentalScheduleAllowed())
 82            {
 183                context.Fail();
 184                return Task.CompletedTask;
 85            }
 86
 87            // Only succeed if the requirement isn't a subclass as any subclassed requirement will handle success in its
 1088            if (requirement.GetType() == typeof(DefaultAuthorizationRequirement))
 89            {
 490                context.Succeed(requirement);
 91            }
 92
 1093            return Task.CompletedTask;
 94        }
 95    }
 96}