From f4a7583c46e25c5146953bef144f91f0c4c4519e Mon Sep 17 00:00:00 2001
From: cvium <clausvium@gmail.com>
Date: Thu, 9 Feb 2023 12:51:20 +0100
Subject: [PATCH] fix empty user id check for api keys

---
 .../DefaultAuthorizationHandler.cs                           | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
index 0f3c69abc8..2d9ce0631f 100644
--- a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
@@ -38,9 +38,10 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirement requirement)
         {
+            var isApiKey = context.User.GetIsApiKey();
             var userId = context.User.GetUserId();
             // This likely only happens during the wizard, so skip the default checks and let any other handlers do it
-            if (userId.Equals(default))
+            if (!isApiKey && userId.Equals(default))
             {
                 return Task.CompletedTask;
             }
@@ -56,7 +57,7 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
             }
 
             // Admins can do everything
-            if (context.User.GetIsApiKey() || context.User.IsInRole(UserRoles.Administrator))
+            if (isApiKey || context.User.IsInRole(UserRoles.Administrator))
             {
                 context.Succeed(requirement);
                 return Task.CompletedTask;