diff options
Diffstat (limited to 'MediaBrowser.Api')
| -rw-r--r-- | MediaBrowser.Api/BaseApiService.cs | 4 | ||||
| -rw-r--r-- | MediaBrowser.Api/Images/ImageService.cs | 4 | ||||
| -rw-r--r-- | MediaBrowser.Api/TvShowsService.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Api/UserService.cs | 8 |
4 files changed, 9 insertions, 9 deletions
diff --git a/MediaBrowser.Api/BaseApiService.cs b/MediaBrowser.Api/BaseApiService.cs index 1f21a1dd15..a802e56af0 100644 --- a/MediaBrowser.Api/BaseApiService.cs +++ b/MediaBrowser.Api/BaseApiService.cs @@ -66,7 +66,7 @@ namespace MediaBrowser.Api return ResultFactory.GetOptimizedResult(Request, result); } - protected void AssertCanUpdateUser(IAuthorizationContext authContext, IUserManager userManager, string userId) + protected void AssertCanUpdateUser(IAuthorizationContext authContext, IUserManager userManager, string userId, bool restrictUserPreferences) { var auth = authContext.GetAuthorizationInfo(Request); @@ -80,7 +80,7 @@ namespace MediaBrowser.Api throw new SecurityException("Unauthorized access."); } } - else + else if (restrictUserPreferences) { if (!authenticatedUser.Policy.EnableUserPreferenceAccess) { diff --git a/MediaBrowser.Api/Images/ImageService.cs b/MediaBrowser.Api/Images/ImageService.cs index 392654aa25..9f144c8e45 100644 --- a/MediaBrowser.Api/Images/ImageService.cs +++ b/MediaBrowser.Api/Images/ImageService.cs @@ -427,7 +427,7 @@ namespace MediaBrowser.Api.Images public void Post(PostUserImage request) { var userId = GetPathValue(1); - AssertCanUpdateUser(_authContext, _userManager, userId); + AssertCanUpdateUser(_authContext, _userManager, userId, true); request.Type = (ImageType)Enum.Parse(typeof(ImageType), GetPathValue(3), true); @@ -462,7 +462,7 @@ namespace MediaBrowser.Api.Images public void Delete(DeleteUserImage request) { var userId = request.Id; - AssertCanUpdateUser(_authContext, _userManager, userId); + AssertCanUpdateUser(_authContext, _userManager, userId, true); var item = _userManager.GetUserById(userId); diff --git a/MediaBrowser.Api/TvShowsService.cs b/MediaBrowser.Api/TvShowsService.cs index 126f1c7539..bc2b08384e 100644 --- a/MediaBrowser.Api/TvShowsService.cs +++ b/MediaBrowser.Api/TvShowsService.cs @@ -497,7 +497,7 @@ namespace MediaBrowser.Api } else { - episodes = series.GetSeasonEpisodes(season, user); + episodes = season.GetEpisodes(user); } } else diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs index fde03e1f2c..49b7f6c15e 100644 --- a/MediaBrowser.Api/UserService.cs +++ b/MediaBrowser.Api/UserService.cs @@ -444,7 +444,7 @@ namespace MediaBrowser.Api public async Task PostAsync(UpdateUserPassword request) { - AssertCanUpdateUser(_authContext, _userManager, request.Id); + AssertCanUpdateUser(_authContext, _userManager, request.Id, true); var user = _userManager.GetUserById(request.Id); @@ -482,7 +482,7 @@ namespace MediaBrowser.Api public async Task PostAsync(UpdateUserEasyPassword request) { - AssertCanUpdateUser(_authContext, _userManager, request.Id); + AssertCanUpdateUser(_authContext, _userManager, request.Id, true); var user = _userManager.GetUserById(request.Id); @@ -518,7 +518,7 @@ namespace MediaBrowser.Api // https://code.google.com/p/servicestack/source/browse/trunk/Common/ServiceStack.Text/ServiceStack.Text/Controller/PathInfo.cs var id = GetPathValue(1); - AssertCanUpdateUser(_authContext, _userManager, id); + AssertCanUpdateUser(_authContext, _userManager, id, false); var dtoUser = request; @@ -568,7 +568,7 @@ namespace MediaBrowser.Api public void Post(UpdateUserConfiguration request) { - AssertCanUpdateUser(_authContext, _userManager, request.Id); + AssertCanUpdateUser(_authContext, _userManager, request.Id, false); var task = _userManager.UpdateConfiguration(request.Id, request); |