| | | 1 | | using System; |
| | | 2 | | using System.Collections.Generic; |
| | | 3 | | using System.Linq; |
| | | 4 | | using System.Security.Claims; |
| | | 5 | | using System.Threading.Tasks; |
| | | 6 | | using Jellyfin.Api.Constants; |
| | | 7 | | using Jellyfin.Api.Extensions; |
| | | 8 | | using Jellyfin.Data.Enums; |
| | | 9 | | using Jellyfin.Database.Implementations.Entities; |
| | | 10 | | using Jellyfin.Database.Implementations.Enums; |
| | | 11 | | using Jellyfin.Extensions; |
| | | 12 | | using MediaBrowser.Common.Extensions; |
| | | 13 | | using MediaBrowser.Controller.Dto; |
| | | 14 | | using MediaBrowser.Controller.Entities; |
| | | 15 | | using MediaBrowser.Controller.Library; |
| | | 16 | | using MediaBrowser.Controller.Net; |
| | | 17 | | using MediaBrowser.Controller.Session; |
| | | 18 | | using MediaBrowser.Model.Dto; |
| | | 19 | | using MediaBrowser.Model.Querying; |
| | | 20 | | using Microsoft.AspNetCore.Http; |
| | | 21 | | |
| | | 22 | | namespace Jellyfin.Api.Helpers; |
| | | 23 | | |
| | | 24 | | /// <summary> |
| | | 25 | | /// Request Extensions. |
| | | 26 | | /// </summary> |
| | | 27 | | public static class RequestHelpers |
| | | 28 | | { |
| | | 29 | | /// <summary> |
| | | 30 | | /// Get Order By. |
| | | 31 | | /// </summary> |
| | | 32 | | /// <param name="sortBy">Sort By. Comma delimited string.</param> |
| | | 33 | | /// <param name="requestedSortOrder">Sort Order. Comma delimited string.</param> |
| | | 34 | | /// <returns>Order By.</returns> |
| | | 35 | | public static (ItemSortBy, SortOrder)[] GetOrderBy(IReadOnlyList<ItemSortBy> sortBy, IReadOnlyList<SortOrder> reques |
| | | 36 | | { |
| | 3 | 37 | | if (sortBy.Count == 0) |
| | | 38 | | { |
| | 1 | 39 | | return Array.Empty<(ItemSortBy, SortOrder)>(); |
| | | 40 | | } |
| | | 41 | | |
| | 2 | 42 | | var result = new (ItemSortBy, SortOrder)[sortBy.Count]; |
| | 2 | 43 | | var i = 0; |
| | | 44 | | // Add elements which have a SortOrder specified |
| | 4 | 45 | | for (; i < requestedSortOrder.Count; i++) |
| | | 46 | | { |
| | 1 | 47 | | result[i] = (sortBy[i], requestedSortOrder[i]); |
| | | 48 | | } |
| | | 49 | | |
| | | 50 | | // Add remaining elements with the first specified SortOrder |
| | | 51 | | // or the default one if no SortOrders are specified |
| | 2 | 52 | | var order = requestedSortOrder.Count > 0 ? requestedSortOrder[0] : SortOrder.Ascending; |
| | 8 | 53 | | for (; i < sortBy.Count; i++) |
| | | 54 | | { |
| | 3 | 55 | | result[i] = (sortBy[i], order); |
| | | 56 | | } |
| | | 57 | | |
| | 2 | 58 | | return result; |
| | | 59 | | } |
| | | 60 | | |
| | | 61 | | /// <summary> |
| | | 62 | | /// Checks if the user can access a user. |
| | | 63 | | /// </summary> |
| | | 64 | | /// <param name="claimsPrincipal">The <see cref="ClaimsPrincipal"/> for the current request.</param> |
| | | 65 | | /// <param name="userId">The user id.</param> |
| | | 66 | | /// <returns>A <see cref="bool"/> whether the user can access the user.</returns> |
| | | 67 | | internal static Guid GetUserId(ClaimsPrincipal claimsPrincipal, Guid? userId) |
| | | 68 | | { |
| | 42 | 69 | | var authenticatedUserId = claimsPrincipal.GetUserId(); |
| | | 70 | | |
| | | 71 | | // UserId not provided, fall back to authenticated user id. |
| | 42 | 72 | | if (userId.IsNullOrEmpty()) |
| | | 73 | | { |
| | 16 | 74 | | return authenticatedUserId; |
| | | 75 | | } |
| | | 76 | | |
| | | 77 | | // User must be administrator to access another user. |
| | 26 | 78 | | var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator); |
| | 26 | 79 | | if (!userId.Value.Equals(authenticatedUserId) && !isAdministrator) |
| | | 80 | | { |
| | 1 | 81 | | throw new SecurityException("Forbidden"); |
| | | 82 | | } |
| | | 83 | | |
| | 25 | 84 | | return userId.Value; |
| | | 85 | | } |
| | | 86 | | |
| | | 87 | | /// <summary> |
| | | 88 | | /// Checks if the user can update an entry. |
| | | 89 | | /// </summary> |
| | | 90 | | /// <param name="claimsPrincipal">The <see cref="ClaimsPrincipal"/> for the current request.</param> |
| | | 91 | | /// <param name="user">The user id.</param> |
| | | 92 | | /// <param name="restrictUserPreferences">Whether to restrict the user preferences.</param> |
| | | 93 | | /// <returns>A <see cref="bool"/> whether the user can update the entry.</returns> |
| | | 94 | | internal static bool AssertCanUpdateUser(ClaimsPrincipal claimsPrincipal, User user, bool restrictUserPreferences) |
| | | 95 | | { |
| | 2 | 96 | | var authenticatedUserId = claimsPrincipal.GetUserId(); |
| | 2 | 97 | | var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator); |
| | | 98 | | |
| | | 99 | | // If they're going to update the record of another user, they must be an administrator |
| | 2 | 100 | | if (!user.Id.Equals(authenticatedUserId) && !isAdministrator) |
| | | 101 | | { |
| | 0 | 102 | | return false; |
| | | 103 | | } |
| | | 104 | | |
| | | 105 | | // TODO the EnableUserPreferenceAccess policy does not seem to be used elsewhere |
| | 2 | 106 | | if (!restrictUserPreferences || isAdministrator) |
| | | 107 | | { |
| | 2 | 108 | | return true; |
| | | 109 | | } |
| | | 110 | | |
| | 0 | 111 | | return user.EnableUserPreferenceAccess; |
| | | 112 | | } |
| | | 113 | | |
| | | 114 | | internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IUserManager userManager, HttpCon |
| | | 115 | | { |
| | | 116 | | userId ??= httpContext.User.GetUserId(); |
| | | 117 | | User? user = null; |
| | | 118 | | if (!userId.IsNullOrEmpty()) |
| | | 119 | | { |
| | | 120 | | user = userManager.GetUserById(userId.Value); |
| | | 121 | | } |
| | | 122 | | |
| | | 123 | | var session = await sessionManager.LogSessionActivity( |
| | | 124 | | httpContext.User.GetClient(), |
| | | 125 | | httpContext.User.GetVersion(), |
| | | 126 | | httpContext.User.GetDeviceId(), |
| | | 127 | | httpContext.User.GetDevice(), |
| | | 128 | | httpContext.GetNormalizedRemoteIP().ToString(), |
| | | 129 | | user).ConfigureAwait(false); |
| | | 130 | | |
| | | 131 | | if (session is null) |
| | | 132 | | { |
| | | 133 | | throw new ResourceNotFoundException("Session not found."); |
| | | 134 | | } |
| | | 135 | | |
| | | 136 | | return session; |
| | | 137 | | } |
| | | 138 | | |
| | | 139 | | internal static async Task<string> GetSessionId(ISessionManager sessionManager, IUserManager userManager, HttpContex |
| | | 140 | | { |
| | | 141 | | var session = await GetSession(sessionManager, userManager, httpContext).ConfigureAwait(false); |
| | | 142 | | |
| | | 143 | | return session.Id; |
| | | 144 | | } |
| | | 145 | | |
| | | 146 | | internal static QueryResult<BaseItemDto> CreateQueryResult( |
| | | 147 | | QueryResult<(BaseItem Item, ItemCounts ItemCounts)> result, |
| | | 148 | | DtoOptions dtoOptions, |
| | | 149 | | IDtoService dtoService, |
| | | 150 | | bool includeItemTypes, |
| | | 151 | | User? user) |
| | | 152 | | { |
| | 0 | 153 | | var dtos = result.Items.Select(i => |
| | 0 | 154 | | { |
| | 0 | 155 | | var (baseItem, counts) = i; |
| | 0 | 156 | | var dto = dtoService.GetItemByNameDto(baseItem, dtoOptions, null, user); |
| | 0 | 157 | | |
| | 0 | 158 | | if (includeItemTypes) |
| | 0 | 159 | | { |
| | 0 | 160 | | dto.ChildCount = counts.ItemCount; |
| | 0 | 161 | | dto.ProgramCount = counts.ProgramCount; |
| | 0 | 162 | | dto.SeriesCount = counts.SeriesCount; |
| | 0 | 163 | | dto.EpisodeCount = counts.EpisodeCount; |
| | 0 | 164 | | dto.MovieCount = counts.MovieCount; |
| | 0 | 165 | | dto.TrailerCount = counts.TrailerCount; |
| | 0 | 166 | | dto.AlbumCount = counts.AlbumCount; |
| | 0 | 167 | | dto.SongCount = counts.SongCount; |
| | 0 | 168 | | dto.ArtistCount = counts.ArtistCount; |
| | 0 | 169 | | } |
| | 0 | 170 | | |
| | 0 | 171 | | return dto; |
| | 0 | 172 | | }); |
| | | 173 | | |
| | 0 | 174 | | return new QueryResult<BaseItemDto>( |
| | 0 | 175 | | result.StartIndex, |
| | 0 | 176 | | result.TotalRecordCount, |
| | 0 | 177 | | dtos.ToArray()); |
| | | 178 | | } |
| | | 179 | | } |