Seting user library access from api

[Velun 1]

Hi, 

I create a user using the next steps:

1. creating the user using the /Users/New
2. setting the user pass using the /Users/{userId}/Password
3.  set access to libraries and other options using the  /Users/{userId}/Policy.

The problem is that while I set EnableAllFolders to false and set one Guid to EnabledFolders the user still gets access to all libraries. The strange part is that if I go into admin and edit the user on the access tab it only has access to one library but in the client, the user has all libraries. If I click in admin on save in the access tab and refresh the client, then the libraries disappear. So something happens when I use the admin that fixes things, but I don't know what. I even replicated the payload from the admin in my script, and it still didn't work. I've attached two images one from admin and one from the client so you can see the problem.

And this is the payload for ex: 

{'AllowCameraUpload': True, 
'AllowSharingPersonalItems': False, 
'AllowTagOrRating': False, 
'AuthenticationProviderId': 'Emby.Server.Implementations.Library.DefaultAuthenticationProvider', 
'BlockUnratedItems': [], 
'BlockedMediaFolders': [], 
'BlockedTags': [], 
'EnableAllChannels': False, 
'EnableAllDevices': True, 
'EnableAllFolders': False, 
'EnableAudioPlaybackTranscoding': True, 
'EnableContentDeletion': False, 
'EnableContentDeletionFromFolders': [], 
'EnableContentDownloading': False, 
'EnableLiveTvAccess': False, 
'EnableLiveTvManagement': False, 
'EnableMediaConversion': False, 
'EnableMediaPlayback': True, 
'EnablePlaybackRemuxing': True, 
'EnablePublicSharing': False, 
'EnableRemoteAccess': True, 
'EnableRemoteControlOfOtherUsers': False, 
'EnableSharedDeviceControl': False, 
'EnableSubtitleDownloading': False, 
'EnableSubtitleManagement': False, 
'EnableSyncTranscoding': False, 
'EnableUserPreferenceAccess': True, 
'EnableVideoPlaybackTranscoding': True, 
'EnabledChannels': [], 
'EnabledDevices': [], 
'EnabledFolders': ['0c41907140d802bb58430fed7e2cd791'], 
'ExcludedSubFolders': [], 
'IncludeTags': [], 
'InvalidLoginAttemptCount': 0, 
'IsAdministrator': False, 
'IsDisabled': False, 
'IsHidden': True, 
'IsHiddenFromUnusedDevices': False, 
'IsHiddenRemotely': True, 
'IsTagBlockingModeInclusive': False, 
'LockedOutDate': 0, 
'RemoteClientBitrateLimit': 0, 
'RestrictedFeatures': [], 
'SimultaneousStreamLimit': 1, 
'AccessSchedules': [], 
'ForceRemoteSourceTranscoding': False, 
'LoginAttemptsBeforeLockout': -1, 
'MaxActiveSessions': 0, 
'BlockedChannels': [], 
'SyncPlayAccess': 'None'}

 

 

 

[Luke 42077]

Hi, have you compared your update requests to what the web app is sending by using the browser debugger?

[Velun 1]

1 hour ago, Luke said:

Hi, have you compared your update requests to what the web app is sending by using the browser debugger?

Yes, I even replicated the exact payload, because there are some differences. For example in the browser, it sends the ExcludedSubFolders field set with the rest of the folders. What I mean is if I have 5 folders and I give access to only one in the EnabledFolders field then the rest of 4 fields are automatically added in the ExcludedSubFolders field. But I've even replicated the exact payload from the browser and the bug is still there. Once I use save tin he browser on the access tab then everything is fixed, so I think so problem is only in the API.

btw I'm using version 4.8.8.0 and thank you for responding Luke.

[hthgihwaymonk 34]

have you tried your changes using the swagger interface and the `POST /Users/{Id}/Policy` endpoint under `UserService` ?

[Velun 1]

No, but I don't see how that would help.

[hthgihwaymonk 34]

it would show you that the API call works, and possibly help you determine what in your payload is missing.

I use that endpoint when writing scripts to adjust library/folder access for a user all the time

[Velun 1]

Well, it's clear that my API call works because it makes the changes as you can see in the screenshot.  So the problem is that while it says the user only has access to one library in reality it has access to all the libraries. Why this happens I don't know, it could be a field that's not getting sent or maybe a value or something but I need a way to figure it out.  

I could try to replicate that payload to see if anything changes but I've already done this using the payload from admin so I don't know how much help it will be. Anyway, this should not happen, whatever I sent it should either apply or not. The fact that it shows that it applied and it really didn't is a problem.

Edited July 3, 2024 by Velun

[Happy2Play 9780]

@LukeI will say I can reproduce this, all libraries are visible to user but all user configs are shown correct via Users-user as shown above.  Looks like "ExcludedSubFolders": [], is required to be populated.

Looks like excludesubfolders is a little tricky or even unknown. But Devs would have to explain this library quid plus I don't know numbers.

From my testing example

    "ExcludedSubFolders": [
      "1d3923c9cd0140ca97885261bf63f73b_86067",
      "1d3923c9cd0140ca97885261bf63f73b_78440",
      "1d3923c9cd0140ca97885261bf63f73b_78441",
      "1d3923c9cd0140ca97885261bf63f73b_4",
      "1d3923c9cd0140ca97885261bf63f73b_86068",
      "1d3923c9cd0140ca97885261bf63f73b_78442",
      "1799b9feacf34da4a37dccc0d05e9bd8_5716",
      "29dda8c3ef724a06898f914b3fee1c40_7198",
      "de4e812bea044ca48d38e05aa18eb8da_71369",
      "742c9834773944228e6c16388c0aaee5_11694",
      "9df62f0105024deab7e46cdcf09491cc_18084",
      "58ad072d216f4454938e905134d46c81_18102",
      "58ad072d216f4454938e905134d46c81_18103",
      "33f772aa203b449fb1c48283858563c8_25007",
      "8e19420981d848d285509b1f411c362c_29779",
      "aa2e37b34d21481b873de9146147c37c_30475",
      "90a0d1c5fbf94315bf4487ae1a0dba58_75599",
      "cec5c487ae594426914e0b60ba980627_75662",
      "cc1d2de261ba44b3bd9aba0472dca239_78357",
      "690c5c1e9a4c4bea82621b429ebb43d6_78414",
      "b14ff28a29c944808b5d7946c4da9633_78453",
      "b14ff28a29c944808b5d7946c4da9633_78454",
      "13e60a6f91284a8e8972724e12eae3b3_84090",
      "13e60a6f91284a8e8972724e12eae3b3_84667"
    ]

My guess is it will probably be easier to create one via the UI, then when creating new users copy existing config.

[Velun 1]

That's what I thought as well, but I've tried to send the excluded folders in the payload ( I took them from admin because they have a strange format, which I'm guessing is guid_subfolderid) and it still didn't work. I will do more tests to see if I can spot anything else, but my guess is that there's a problem in the API.

[Happy2Play 9780]

1 hour ago, Velun said:

That's what I thought as well, but I've tried to send the excluded folders in the payload ( I took them from admin because they have a strange format, which I'm guessing is guid_subfolderid) and it still didn't work. I will do more tests to see if I can spot anything else, but my guess is that there's a problem in the API.

Yes I get the same but further comparing it appears related to "BlockedMediaFolders": [], as this breaks the payload.  Not sure where it came from though (okay see it in documentation), but ExcludeSubFolder is not needed.

So removing "BlockedMediaFolders": [], should resolve the issue. 

Sort of make since if you are saying do not block anything it sort of contradicts itself.

Edited July 3, 2024 by Happy2Play

[hthgihwaymonk 34]

This is how I update someone's library access - 

Get the library ID's, I do this for when family can't seem to handle 4K content.
 

def library_Ids():
    url = f"{emby_server_url}/emby/Library/SelectableMediaFolders"
    headers = {'X-Emby-Token': {emby_apikey}, 'accept': 'application/json'}
    response = requests.get(url, headers=headers)
    data = response.json()
    excludeids = [] 
    includeids = [] 
    for item in data:
        name = item["Name"]
        guid = item["Guid"]
        for subfolder in item["SubFolders"]:
            subfolder_name = subfolder["Name"]
            subfolder_id = subfolder["Id"]
            if "4k" in subfolder_name:
                excludeids.append(f"{guid}_{subfolder_id}")
            else:
                includeids.append(f"{guid}")
    exclude_ids = ",".join(excludeids)
    include_ids = ",".join(includeids)
    return exclude_ids, include_ids

and then this removes those excluded_ids from their share
 

def adjust_Libraries(args):
    exclude_ids, include_ids = library_Ids()
    url = f"{emby_server_url}/emby/Users/Query"
    headers = {'X-Emby-Token': {emby_apikey}, 'accept': 'application/json'}
    params = {'SortBy': 'Name', 'IsDisabled': 'false'}
    response = requests.get(url, headers=headers, params=params)
    if response.content:
        try:
            user_list = json.loads(response.content.decode('utf-8'))
            for user in user_list['Items']:
                if user['Name'] == args.user:
                    user_url = url.replace('/Query', '') + '/' + user['Id']
                    response = requests.get(user_url, headers=headers)
                    user_data = json.loads(response.content.decode('utf-8'))
                    user_data['Policy']['EnableAllFolders'] = "false"
                    user_data['Policy']['EnabledFolders'] = include_ids
                    user_data['Policy']['ExcludedSubFolders'] = exclude_ids
                    response = requests.post(user_url + '/Policy', headers=headers, json=user_data['Policy'])
                    print(response.text)
                    break
        except json.JSONDecodeError:
            print("Error: Response content is not valid JSON.")
    else:
        print("Error: Response content is empty.")