Enforce parental filtering on additional endpoints

2026-06-06 07:48:50 +01:00 · 2026-06-03 19:26:34 +02:00
parent cf88058099
commit 47f2b3b6d0
5 changed files with 18 additions and 21 deletions
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -232,7 +232,7 @@ public class TvShowsController : BaseJellyfinApiController

        if (seasonId.HasValue) // Season id was supplied. Get episodes by season id.
        {
-            var item = _libraryManager.GetItemById<BaseItem>(seasonId.Value);
+            var item = _libraryManager.GetItemById<BaseItem>(seasonId.Value, user);
            if (item is not Season seasonItem)
            {
                return NotFound("No season exists with Id " + seasonId);
@@ -242,7 +242,7 @@ public class TvShowsController : BaseJellyfinApiController
        }
        else if (season.HasValue) // Season number was supplied. Get episodes by season number
        {
-            var series = _libraryManager.GetItemById<Series>(seriesId);
+            var series = _libraryManager.GetItemById<Series>(seriesId, user);
            if (series is null)
            {
                return NotFound("Series not found");
@@ -258,7 +258,7 @@ public class TvShowsController : BaseJellyfinApiController
        }
        else // No season number or season id was supplied. Returning all episodes.
        {
-            if (_libraryManager.GetItemById<BaseItem>(seriesId) is not Series series)
+            if (_libraryManager.GetItemById<BaseItem>(seriesId, user) is not Series series)
            {
                return NotFound("Series not found");
            }
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -429,14 +429,8 @@ public class UserLibraryController : BaseJellyfinApiController
        }

        var dtoOptions = new DtoOptions();
-        if (item is IHasTrailers hasTrailers)
-        {
-            var trailers = hasTrailers.LocalTrailers;
-            return Ok(_dtoService.GetBaseItemDtos(trailers, dtoOptions, user, item).AsEnumerable());
-        }

-        return Ok(item.GetExtras()
-            .Where(e => e.ExtraType == ExtraType.Trailer)
+        return Ok(item.GetExtras([ExtraType.Trailer], user)
            .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item)));
    }

@@ -487,7 +481,7 @@ public class UserLibraryController : BaseJellyfinApiController
        var dtoOptions = new DtoOptions();

        return Ok(item
-            .GetExtras()
+            .GetExtras(user)
            .Where(i => i.ExtraType.HasValue && BaseItem.DisplayExtraTypes.Contains(i.ExtraType.Value))
            .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item)));
    }
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -116,7 +116,7 @@ public class VideosController : BaseJellyfinApiController
        BaseItemDto[] items;
        if (item is Video video)
        {
-            items = video.GetAdditionalParts()
+            items = video.GetAdditionalParts(user)
                .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, video))
                .ToArray();
        }
--- a/MediaBrowser.Controller/Entities/BaseItem.cs
+++ b/MediaBrowser.Controller/Entities/BaseItem.cs
@@ -2718,7 +2718,7 @@ namespace MediaBrowser.Controller.Entities

        public IReadOnlyList<BaseItem> GetThemeSongs(User user, IEnumerable<(ItemSortBy SortBy, SortOrder SortOrder)> orderBy)
        {
-            return LibraryManager.Sort(GetExtras().Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeSong), user, orderBy).ToArray();
+            return LibraryManager.Sort(GetExtras(user).Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeSong), user, orderBy).ToArray();
        }

        public IReadOnlyList<BaseItem> GetThemeVideos(User user = null)
@@ -2728,16 +2728,17 @@ namespace MediaBrowser.Controller.Entities

        public IReadOnlyList<BaseItem> GetThemeVideos(User user, IEnumerable<(ItemSortBy SortBy, SortOrder SortOrder)> orderBy)
        {
-            return LibraryManager.Sort(GetExtras().Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeVideo), user, orderBy).ToArray();
+            return LibraryManager.Sort(GetExtras(user).Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeVideo), user, orderBy).ToArray();
        }

        /// <summary>
        /// Get all extras associated with this item, sorted by <see cref="SortName"/>.
        /// </summary>
+        /// <param name="user">The user to apply parental restrictions for, or <c>null</c> to skip restriction checks.</param>
        /// <returns>An enumerable containing the items.</returns>
-        public IEnumerable<BaseItem> GetExtras()
+        public IEnumerable<BaseItem> GetExtras(User user = null)
        {
-            return LibraryManager.GetItemList(new InternalItemsQuery()
+            return LibraryManager.GetItemList(new InternalItemsQuery(user)
            {
                OwnerIds = [Id],
                OrderBy = [(ItemSortBy.SortName, SortOrder.Ascending)]
@@ -2748,10 +2749,11 @@ namespace MediaBrowser.Controller.Entities
        /// Get all extras with specific types that are associated with this item.
        /// </summary>
        /// <param name="extraTypes">The types of extras to retrieve.</param>
+        /// <param name="user">The user to apply parental restrictions for, or <c>null</c> to skip restriction checks.</param>
        /// <returns>An enumerable containing the extras.</returns>
-        public IEnumerable<BaseItem> GetExtras(IReadOnlyCollection<ExtraType> extraTypes)
+        public IEnumerable<BaseItem> GetExtras(IReadOnlyCollection<ExtraType> extraTypes, User user = null)
        {
-            return LibraryManager.GetItemList(new InternalItemsQuery()
+            return LibraryManager.GetItemList(new InternalItemsQuery(user)
            {
                OwnerIds = [Id],
                ExtraTypes = extraTypes.ToArray(),
--- a/MediaBrowser.Controller/Entities/Video.cs
+++ b/MediaBrowser.Controller/Entities/Video.cs
@@ -10,6 +10,7 @@ using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Data.Enums;
+using Jellyfin.Database.Implementations.Entities;
 using Jellyfin.Extensions;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.LiveTv;
@@ -390,13 +391,13 @@ namespace MediaBrowser.Controller.Entities
        /// <summary>
        /// Gets the additional parts.
        /// </summary>
+        /// <param name="user">The user to apply parental restrictions for, or <c>null</c> to skip restriction checks.</param>
        /// <returns>IEnumerable{Video}.</returns>
-        public IOrderedEnumerable<Video> GetAdditionalParts()
+        public IOrderedEnumerable<Video> GetAdditionalParts(User user = null)
        {
            return GetAdditionalPartIds()
-                .Select(i => LibraryManager.GetItemById(i))
+                .Select(i => LibraryManager.GetItemById<Video>(i, user))
                .Where(i => i is not null)
-                .OfType<Video>()
                .OrderBy(i => i.SortName);
        }