-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add EnableSubtitleManagement permission #10410
add EnableSubtitleManagement permission #10410
Conversation
Changes in OpenAPI specification found. Expand to see details.What's Changed
|
The endpoint used to download subtitles does not require admin: https://github.com/jellyfin/jellyfin/blob/master/Jellyfin.Api/Controllers/SubtitleController.cs#L138 I think it makes sense to restrict it. Maybe. But right now your PR is incomplete. The user policy should be set as a req on that endpoint. |
I think you either misunderstood my PR or I misunderstand your message. The fact that the subtitle controller does not check for admin rights is fine in this case. Ideally, the subtitle controller should also restrict the rights to download, but the goal of that PR is to give more rights to non-admin users, not restrict them |
You've misunderstood. The server is the authority on permissions. It doesn't make sense to make arbitrary restrictions in web if the server doesn't have the same restrictions. Anyone can edit the source in browser dev tools. The subtitlecontroller must enforce the new user policy. |
Understood, thanks, I'll see to it and update the PR |
e60d5e0
to
c3b1997
Compare
c3b1997
to
8ada8db
Compare
I believe the server not checking for admin permissions right now is a bug. To fix it in a way that allows users to upload subtitles means adding the new permission for both the backend and frontend. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems good now
Add new feature: ability for a user to "Edit subtitles" without administrator rights
Changes
Create a new Jellyfin.Data/Enums/PermissionKind: EnableSubtitleManagement
Add that permission to the UserPolicy
Related PR
TODOFix Unable to sign into the opensubtitles plugin jellyfin-plugin-opensubtitles#131 (comment) in opensubtitle pluginDone:
Issues
https://features.jellyfin.org/posts/185/non-admin-users-download-subtitles