mirror of
https://github.com/jellyfin/jellyfin.git
synced 2026-07-04 05:12:51 +01:00
update dynamic images
This commit is contained in:
@@ -41,6 +41,8 @@ namespace MediaBrowser.Api
|
||||
public ISessionContext SessionContext { get; set; }
|
||||
public IAuthorizationContext AuthorizationContext { get; set; }
|
||||
|
||||
public IUserManager UserManager { get; set; }
|
||||
|
||||
public string GetHeader(string name)
|
||||
{
|
||||
return Request.Headers[name];
|
||||
@@ -73,6 +75,29 @@ namespace MediaBrowser.Api
|
||||
return ResultFactory.GetOptimizedResultUsingCache(Request, cacheKey, lastDateModified, cacheDuration, factoryFn);
|
||||
}
|
||||
|
||||
protected void AssertCanUpdateUser(string userId)
|
||||
{
|
||||
var auth = AuthorizationContext.GetAuthorizationInfo(Request);
|
||||
|
||||
var authenticatedUser = UserManager.GetUserById(auth.UserId);
|
||||
|
||||
// If they're going to update the record of another user, they must be an administrator
|
||||
if (!string.Equals(userId, auth.UserId, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
if (!authenticatedUser.Policy.IsAdministrator)
|
||||
{
|
||||
throw new SecurityException("Unauthorized access.");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!authenticatedUser.Policy.EnableUserPreferenceAccess)
|
||||
{
|
||||
throw new SecurityException("Unauthorized access.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// To the optimized serialized result using cache.
|
||||
/// </summary>
|
||||
|
||||
@@ -56,7 +56,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// Class UpdateItemImageIndex
|
||||
/// </summary>
|
||||
[Route("/Items/{Id}/Images/{Type}/{Index}/Index", "POST", Summary = "Updates the index for an item image")]
|
||||
[Authenticated]
|
||||
[Authenticated(Roles = "admin")]
|
||||
public class UpdateItemImageIndex : IReturnVoid
|
||||
{
|
||||
/// <summary>
|
||||
@@ -64,7 +64,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// </summary>
|
||||
/// <value>The id.</value>
|
||||
[ApiMember(Name = "Id", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
|
||||
public Guid Id { get; set; }
|
||||
public string Id { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the type of the image.
|
||||
@@ -143,7 +143,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// </summary>
|
||||
/// <value>The id.</value>
|
||||
[ApiMember(Name = "Id", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
|
||||
public Guid Id { get; set; }
|
||||
public string Id { get; set; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -151,7 +151,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// </summary>
|
||||
[Route("/Items/{Id}/Images/{Type}", "DELETE")]
|
||||
[Route("/Items/{Id}/Images/{Type}/{Index}", "DELETE")]
|
||||
[Authenticated]
|
||||
[Authenticated(Roles = "admin")]
|
||||
public class DeleteItemImage : DeleteImageRequest, IReturnVoid
|
||||
{
|
||||
/// <summary>
|
||||
@@ -159,7 +159,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// </summary>
|
||||
/// <value>The id.</value>
|
||||
[ApiMember(Name = "Id", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "DELETE")]
|
||||
public Guid Id { get; set; }
|
||||
public string Id { get; set; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -175,7 +175,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// </summary>
|
||||
/// <value>The id.</value>
|
||||
[ApiMember(Name = "Id", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "DELETE")]
|
||||
public Guid Id { get; set; }
|
||||
public string Id { get; set; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -191,7 +191,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// </summary>
|
||||
/// <value>The id.</value>
|
||||
[ApiMember(Name = "Id", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
|
||||
public Guid Id { get; set; }
|
||||
public string Id { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The raw Http Request Input Stream
|
||||
@@ -206,7 +206,7 @@ namespace MediaBrowser.Api.Images
|
||||
[Route("/Items/{Id}/Images/{Type}", "POST")]
|
||||
[Route("/Items/{Id}/Images/{Type}/{Index}", "POST")]
|
||||
[Api(Description = "Posts an item image")]
|
||||
[Authenticated]
|
||||
[Authenticated(Roles = "admin")]
|
||||
public class PostItemImage : DeleteImageRequest, IRequiresRequestStream, IReturnVoid
|
||||
{
|
||||
/// <summary>
|
||||
@@ -417,11 +417,12 @@ namespace MediaBrowser.Api.Images
|
||||
/// <param name="request">The request.</param>
|
||||
public void Post(PostUserImage request)
|
||||
{
|
||||
var id = new Guid(GetPathValue(1));
|
||||
var userId = GetPathValue(1);
|
||||
AssertCanUpdateUser(userId);
|
||||
|
||||
request.Type = (ImageType)Enum.Parse(typeof(ImageType), GetPathValue(3), true);
|
||||
|
||||
var item = _userManager.GetUserById(id);
|
||||
var item = _userManager.GetUserById(userId);
|
||||
|
||||
var task = PostImage(item, request.RequestStream, request.Type, Request.ContentType);
|
||||
|
||||
@@ -434,7 +435,7 @@ namespace MediaBrowser.Api.Images
|
||||
/// <param name="request">The request.</param>
|
||||
public void Post(PostItemImage request)
|
||||
{
|
||||
var id = new Guid(GetPathValue(1));
|
||||
var id = GetPathValue(1);
|
||||
|
||||
request.Type = (ImageType)Enum.Parse(typeof(ImageType), GetPathValue(3), true);
|
||||
|
||||
@@ -451,7 +452,10 @@ namespace MediaBrowser.Api.Images
|
||||
/// <param name="request">The request.</param>
|
||||
public void Delete(DeleteUserImage request)
|
||||
{
|
||||
var item = _userManager.GetUserById(request.Id);
|
||||
var userId = request.Id;
|
||||
AssertCanUpdateUser(userId);
|
||||
|
||||
var item = _userManager.GetUserById(userId);
|
||||
|
||||
var task = item.DeleteImage(request.Type, request.Index ?? 0);
|
||||
|
||||
@@ -492,7 +496,6 @@ namespace MediaBrowser.Api.Images
|
||||
/// <param name="currentIndex">Index of the current.</param>
|
||||
/// <param name="newIndex">The new index.</param>
|
||||
/// <returns>Task.</returns>
|
||||
/// <exception cref="System.ArgumentException">The change index operation is only applicable to backdrops and screenshots</exception>
|
||||
private Task UpdateItemIndex(IHasImages item, ImageType type, int currentIndex, int newIndex)
|
||||
{
|
||||
return item.SwapImages(type, currentIndex, newIndex);
|
||||
|
||||
@@ -41,8 +41,8 @@ namespace MediaBrowser.Api
|
||||
[ApiMember(Name = "ContentType", Description = "The content type of the item", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
|
||||
public string ContentType { get; set; }
|
||||
}
|
||||
|
||||
[Authenticated]
|
||||
|
||||
[Authenticated(Roles = "admin")]
|
||||
public class ItemUpdateService : BaseApiService
|
||||
{
|
||||
private readonly ILibraryManager _libraryManager;
|
||||
@@ -61,7 +61,7 @@ namespace MediaBrowser.Api
|
||||
public object Get(GetMetadataEditorInfo request)
|
||||
{
|
||||
var item = _libraryManager.GetItemById(request.ItemId);
|
||||
|
||||
|
||||
var info = new MetadataEditorInfo
|
||||
{
|
||||
ParentalRatingOptions = _localizationManager.GetParentalRatings().ToList(),
|
||||
@@ -131,7 +131,7 @@ namespace MediaBrowser.Api
|
||||
Value = ""
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
list.Add(new NameValuePair
|
||||
{
|
||||
Name = "FolderTypeMovies",
|
||||
@@ -406,7 +406,7 @@ namespace MediaBrowser.Api
|
||||
.Select(i => i.Name)
|
||||
.ToList();
|
||||
}
|
||||
|
||||
|
||||
var song = item as Audio;
|
||||
if (song != null)
|
||||
{
|
||||
|
||||
@@ -253,18 +253,14 @@ namespace MediaBrowser.Api
|
||||
/// The _user manager
|
||||
/// </summary>
|
||||
private readonly IUserManager _userManager;
|
||||
private readonly IDtoService _dtoService;
|
||||
private readonly ISessionManager _sessionMananger;
|
||||
private readonly IServerConfigurationManager _config;
|
||||
private readonly INetworkManager _networkManager;
|
||||
private readonly IDeviceManager _deviceManager;
|
||||
|
||||
public IAuthorizationContext AuthorizationContext { get; set; }
|
||||
|
||||
public UserService(IUserManager userManager, IDtoService dtoService, ISessionManager sessionMananger, IServerConfigurationManager config, INetworkManager networkManager, IDeviceManager deviceManager)
|
||||
public UserService(IUserManager userManager, ISessionManager sessionMananger, IServerConfigurationManager config, INetworkManager networkManager, IDeviceManager deviceManager)
|
||||
{
|
||||
_userManager = userManager;
|
||||
_dtoService = dtoService;
|
||||
_sessionMananger = sessionMananger;
|
||||
_config = config;
|
||||
_networkManager = networkManager;
|
||||
@@ -591,22 +587,6 @@ namespace MediaBrowser.Api
|
||||
Task.WaitAll(task);
|
||||
}
|
||||
|
||||
private void AssertCanUpdateUser(string userId)
|
||||
{
|
||||
var auth = AuthorizationContext.GetAuthorizationInfo(Request);
|
||||
|
||||
// If they're going to update the record of another user, they must be an administrator
|
||||
if (!string.Equals(userId, auth.UserId, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
var authenticatedUser = _userManager.GetUserById(auth.UserId);
|
||||
|
||||
if (!authenticatedUser.Policy.IsAdministrator)
|
||||
{
|
||||
throw new SecurityException("Unauthorized access.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void Post(UpdateUserPolicy request)
|
||||
{
|
||||
var task = UpdateUserPolicy(request);
|
||||
|
||||
Reference in New Issue
Block a user