Jump to content


Photo

Deny access to libraries and videos via direct urls

access security user

  • Please log in to reply
3 replies to this topic

#1 johannes OFFLINE  

johannes

    Newbie

  • Members
  • 2 posts
  • Local time: 12:31 PM

Posted 04 February 2019 - 02:03 PM

I have created multiple libraries targeted for different set of users.

I have granted access to one or more libraries for a given user, and no access to other libraries.

 

The libraries where the user has no access, are not available from his dashboard, however, a direct link to the library or a movie within the library, will allow the user access. Is this somehow possible to prevent?

 

Regards

Johannes



#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 140578 posts
  • Local time: 05:31 AM

Posted 04 February 2019 - 03:53 PM

Not at this time but it's something that needs review in the future, thanks. We allow this so that a user with greater permissions could remote control to a session where a restricted user is currently logged in. It's something we can improve in the future though. Thanks.



#3 johannes OFFLINE  

johannes

    Newbie

  • Members
  • 2 posts
  • Local time: 12:31 PM

Posted 16 March 2019 - 11:24 AM

Not at this time but it's something that needs review in the future, thanks. We allow this so that a user with greater permissions could remote control to a session where a restricted user is currently logged in. It's something we can improve in the future though. Thanks.

 

Would it be possible to add more extension points to the server, so I could implement this as a custom plugin? It seems like MediaBrowser.Common and MediaBrowser.Server.Core is not open sourced, otherwise I could try to make a PR for it. I would like to be able to hook into the pipeline after a library has been prepared, and further filter the results before returned to the browser based on the logged in user. I would also like to hook into the pipeline just before a media is about to be streamed, so that I could verify access.



#4 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 140578 posts
  • Local time: 05:31 AM

Posted 16 March 2019 - 12:07 PM

It's not that simple. It would break the ability for an admin user to play content to another device when a lesser user is logged in. So we have to figure out how to close the loop while still preserving that. That's why it is still waiting. Thanks.





Also tagged with one or more of these keywords: access, security, user

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users