From 47f2b3b6d07d2ebb0d978925265d56cb8b52a9d5 Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Wed, 3 Jun 2026 19:26:34 +0200 Subject: [PATCH] Enforce parental filtering on additional endpoints --- Jellyfin.Api/Controllers/TvShowsController.cs | 6 +++--- Jellyfin.Api/Controllers/UserLibraryController.cs | 10 ++-------- Jellyfin.Api/Controllers/VideosController.cs | 2 +- MediaBrowser.Controller/Entities/BaseItem.cs | 14 ++++++++------ MediaBrowser.Controller/Entities/Video.cs | 7 ++++--- 5 files changed, 18 insertions(+), 21 deletions(-) diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs index e45a100b77..340a54e13b 100644 --- a/Jellyfin.Api/Controllers/TvShowsController.cs +++ b/Jellyfin.Api/Controllers/TvShowsController.cs @@ -232,7 +232,7 @@ public class TvShowsController : BaseJellyfinApiController if (seasonId.HasValue) // Season id was supplied. Get episodes by season id. { - var item = _libraryManager.GetItemById(seasonId.Value); + var item = _libraryManager.GetItemById(seasonId.Value, user); if (item is not Season seasonItem) { return NotFound("No season exists with Id " + seasonId); @@ -242,7 +242,7 @@ public class TvShowsController : BaseJellyfinApiController } else if (season.HasValue) // Season number was supplied. Get episodes by season number { - var series = _libraryManager.GetItemById(seriesId); + var series = _libraryManager.GetItemById(seriesId, user); if (series is null) { return NotFound("Series not found"); @@ -258,7 +258,7 @@ public class TvShowsController : BaseJellyfinApiController } else // No season number or season id was supplied. Returning all episodes. { - if (_libraryManager.GetItemById(seriesId) is not Series series) + if (_libraryManager.GetItemById(seriesId, user) is not Series series) { return NotFound("Series not found"); } diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs index 9e3933f2d4..25f781e496 100644 --- a/Jellyfin.Api/Controllers/UserLibraryController.cs +++ b/Jellyfin.Api/Controllers/UserLibraryController.cs @@ -429,14 +429,8 @@ public class UserLibraryController : BaseJellyfinApiController } var dtoOptions = new DtoOptions(); - if (item is IHasTrailers hasTrailers) - { - var trailers = hasTrailers.LocalTrailers; - return Ok(_dtoService.GetBaseItemDtos(trailers, dtoOptions, user, item).AsEnumerable()); - } - return Ok(item.GetExtras() - .Where(e => e.ExtraType == ExtraType.Trailer) + return Ok(item.GetExtras([ExtraType.Trailer], user) .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item))); } @@ -487,7 +481,7 @@ public class UserLibraryController : BaseJellyfinApiController var dtoOptions = new DtoOptions(); return Ok(item - .GetExtras() + .GetExtras(user) .Where(i => i.ExtraType.HasValue && BaseItem.DisplayExtraTypes.Contains(i.ExtraType.Value)) .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, item))); } diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs index ed6d3f5bde..29a92cdb90 100644 --- a/Jellyfin.Api/Controllers/VideosController.cs +++ b/Jellyfin.Api/Controllers/VideosController.cs @@ -116,7 +116,7 @@ public class VideosController : BaseJellyfinApiController BaseItemDto[] items; if (item is Video video) { - items = video.GetAdditionalParts() + items = video.GetAdditionalParts(user) .Select(i => _dtoService.GetBaseItemDto(i, dtoOptions, user, video)) .ToArray(); } diff --git a/MediaBrowser.Controller/Entities/BaseItem.cs b/MediaBrowser.Controller/Entities/BaseItem.cs index d4e56772aa..21304768bd 100644 --- a/MediaBrowser.Controller/Entities/BaseItem.cs +++ b/MediaBrowser.Controller/Entities/BaseItem.cs @@ -2718,7 +2718,7 @@ namespace MediaBrowser.Controller.Entities public IReadOnlyList GetThemeSongs(User user, IEnumerable<(ItemSortBy SortBy, SortOrder SortOrder)> orderBy) { - return LibraryManager.Sort(GetExtras().Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeSong), user, orderBy).ToArray(); + return LibraryManager.Sort(GetExtras(user).Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeSong), user, orderBy).ToArray(); } public IReadOnlyList GetThemeVideos(User user = null) @@ -2728,16 +2728,17 @@ namespace MediaBrowser.Controller.Entities public IReadOnlyList GetThemeVideos(User user, IEnumerable<(ItemSortBy SortBy, SortOrder SortOrder)> orderBy) { - return LibraryManager.Sort(GetExtras().Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeVideo), user, orderBy).ToArray(); + return LibraryManager.Sort(GetExtras(user).Where(e => e.ExtraType == Model.Entities.ExtraType.ThemeVideo), user, orderBy).ToArray(); } /// /// Get all extras associated with this item, sorted by . /// + /// The user to apply parental restrictions for, or null to skip restriction checks. /// An enumerable containing the items. - public IEnumerable GetExtras() + public IEnumerable GetExtras(User user = null) { - return LibraryManager.GetItemList(new InternalItemsQuery() + return LibraryManager.GetItemList(new InternalItemsQuery(user) { OwnerIds = [Id], OrderBy = [(ItemSortBy.SortName, SortOrder.Ascending)] @@ -2748,10 +2749,11 @@ namespace MediaBrowser.Controller.Entities /// Get all extras with specific types that are associated with this item. /// /// The types of extras to retrieve. + /// The user to apply parental restrictions for, or null to skip restriction checks. /// An enumerable containing the extras. - public IEnumerable GetExtras(IReadOnlyCollection extraTypes) + public IEnumerable GetExtras(IReadOnlyCollection extraTypes, User user = null) { - return LibraryManager.GetItemList(new InternalItemsQuery() + return LibraryManager.GetItemList(new InternalItemsQuery(user) { OwnerIds = [Id], ExtraTypes = extraTypes.ToArray(), diff --git a/MediaBrowser.Controller/Entities/Video.cs b/MediaBrowser.Controller/Entities/Video.cs index 44cae5197a..e7a5672ebd 100644 --- a/MediaBrowser.Controller/Entities/Video.cs +++ b/MediaBrowser.Controller/Entities/Video.cs @@ -10,6 +10,7 @@ using System.Text.Json.Serialization; using System.Threading; using System.Threading.Tasks; using Jellyfin.Data.Enums; +using Jellyfin.Database.Implementations.Entities; using Jellyfin.Extensions; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.LiveTv; @@ -390,13 +391,13 @@ namespace MediaBrowser.Controller.Entities /// /// Gets the additional parts. /// + /// The user to apply parental restrictions for, or null to skip restriction checks. /// IEnumerable{Video}. - public IOrderedEnumerable