DVR: Apply DVR All ACL rule also for autorec/timerec entries, fixes #2888

author Jaroslav Kysela <perex@perex.cz>

Mon, 25 May 2015 11:13:33 +0000 (13:13 +0200)

committer Jaroslav Kysela <perex@perex.cz>

Mon, 25 May 2015 11:14:02 +0000 (13:14 +0200)
author Jaroslav Kysela <perex@perex.cz>
Mon, 25 May 2015 11:13:33 +0000 (13:13 +0200)
committer Jaroslav Kysela <perex@perex.cz>
Mon, 25 May 2015 11:14:02 +0000 (13:14 +0200)
diff --git a/src/dvr/dvr.h b/src/dvr/dvr.h

index 982890216561202ac91c9bdc228811ea09143dfb..0ccadc388f48ba35deef9b71633e58292bfa9569 100644 (file)
--- a/src/dvr/dvr.h
+++ b/src/dvr/dvr.h
@@ -562,8 +562,11 @@ void dvr_autorec_done(void);
  
  void dvr_autorec_update(void);
  
-static inline int dvr_autorec_entry_verify(dvr_autorec_entry_t *dae, access_t *a)
+static inline int
+  dvr_autorec_entry_verify(dvr_autorec_entry_t *dae, access_t *a, int readonly)
  {
+  if (readonly && !access_verify2(a, ACCESS_ALL_RECORDER))
+    return 0;
    if (!access_verify2(a, ACCESS_ALL_RW_RECORDER))
      return 0;
    if (strcmp(dae->dae_owner ?: "", a->aa_username ?: ""))
@@ -612,8 +615,11 @@ void dvr_timerec_done(void);
  
  void dvr_timerec_update(void);
  
-static inline int dvr_timerec_entry_verify(dvr_timerec_entry_t *dte, access_t *a)
+static inline int dvr_timerec_entry_verify
+  (dvr_timerec_entry_t *dte, access_t *a, int readonly)
  {
+  if (readonly && !access_verify2(a, ACCESS_ALL_RECORDER))
+    return 0;
    if (!access_verify2(a, ACCESS_ALL_RW_RECORDER))
      return 0;
    if (strcmp(dte->dte_owner ?: "", a->aa_username ?: ""))
diff --git a/src/dvr/dvr_autorec.c b/src/dvr/dvr_autorec.c

index e6f8f2997a58d715bcf5147274226fdec1029707..2939c1520342b869e46be417207d7f168247ac70 100644 (file)
--- a/src/dvr/dvr_autorec.c
+++ b/src/dvr/dvr_autorec.c
@@ -399,7 +399,7 @@ dvr_autorec_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write
      return -1;
    if (!access_verify2(a, ACCESS_ADMIN))
      return 0;
-  if (dvr_autorec_entry_verify(dae, a))
+  if (dvr_autorec_entry_verify(dae, a, msg_to_write == NULL ? 1 : 0))
      return -1;
    return 0;
  }
diff --git a/src/dvr/dvr_timerec.c b/src/dvr/dvr_timerec.c

index 3ade0bd8c2c9cc0b85f8e87b6ffb23b2d152be4c..db172451bb030286b31cc9580acd8798f586e849 100644 (file)
--- a/src/dvr/dvr_timerec.c
+++ b/src/dvr/dvr_timerec.c
@@ -323,7 +323,7 @@ dvr_timerec_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write
      return -1;
    if (!access_verify2(a, ACCESS_ADMIN))
      return 0;
-  if (dvr_timerec_entry_verify(dte, a))
+  if (dvr_timerec_entry_verify(dte, a, msg_to_write == NULL ? 1 : 0))
      return -1;
    return 0;
  }
diff --git a/src/htsp_server.c b/src/htsp_server.c

index 71e2c1921ff95a5253ca87b41066e97cb322a4cf..13a16c89489a6deb54dce971ac79272dc361c242 100644 (file)
--- a/src/htsp_server.c
+++ b/src/htsp_server.c
@@ -1090,12 +1090,12 @@ htsp_method_async(htsp_connection_t *htsp, htsmsg_t *in)
  
    /* Send all autorecs */
    TAILQ_FOREACH(dae, &autorec_entries, dae_link)
-    if (!dvr_autorec_entry_verify(dae, htsp->htsp_granted_access))
+    if (!dvr_autorec_entry_verify(dae, htsp->htsp_granted_access, 1))
        htsp_send_message(htsp, htsp_build_autorecentry(dae, "autorecEntryAdd"), NULL);
  
    /* Send all timerecs */
    TAILQ_FOREACH(dte, &timerec_entries, dte_link)
-    if (!dvr_timerec_entry_verify(dte, htsp->htsp_granted_access))
+    if (!dvr_timerec_entry_verify(dte, htsp->htsp_granted_access, 1))
        htsp_send_message(htsp, htsp_build_timerecentry(dte, "timerecEntryAdd"), NULL);
  
    /* Send all DVR entries */
@@ -1733,7 +1733,7 @@ htsp_method_deleteAutorecEntry(htsp_connection_t *htsp, htsmsg_t *in)
    if((dae = dvr_autorec_find_by_uuid(daeId)) == NULL)
      return htsp_error("id not found");
  
-  if(dvr_autorec_entry_verify(dae, htsp->htsp_granted_access))
+  if(dvr_autorec_entry_verify(dae, htsp->htsp_granted_access, 0))
      return htsp_error("User does not have access");
  
    /* Check access */
@@ -1831,7 +1831,7 @@ htsp_method_deleteTimerecEntry(htsp_connection_t *htsp, htsmsg_t *in)
    if((dte = dvr_timerec_find_by_uuid(dteId)) == NULL)
      return htsp_error("id not found");
  
-  if(dvr_timerec_entry_verify(dte, htsp->htsp_granted_access))
+  if(dvr_timerec_entry_verify(dte, htsp->htsp_granted_access, 0))
      return htsp_error("User does not have access");
  
    /* Check access */
@@ -3108,7 +3108,7 @@ _htsp_autorec_entry_update(dvr_autorec_entry_t *dae, const char *method, htsmsg_
    LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
      if (htsp->htsp_async_mode & HTSP_ASYNC_ON) {
        if ((dae->dae_channel == NULL || htsp_user_access_channel(htsp, dae->dae_channel)) &&
-          !dvr_autorec_entry_verify(dae, htsp->htsp_granted_access)) {
+          !dvr_autorec_entry_verify(dae, htsp->htsp_granted_access, 1)) {
          htsmsg_t *m = msg ? htsmsg_copy(msg)
                            : htsp_build_autorecentry(dae, method);
          htsp_send_message(htsp, m, NULL);
@@ -3161,7 +3161,7 @@ _htsp_timerec_entry_update(dvr_timerec_entry_t *dte, const char *method, htsmsg_
    LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
      if (htsp->htsp_async_mode & HTSP_ASYNC_ON) {
        if ((dte->dte_channel == NULL || htsp_user_access_channel(htsp, dte->dte_channel)) &&
-          !dvr_timerec_entry_verify(dte, htsp->htsp_granted_access)) {
+          !dvr_timerec_entry_verify(dte, htsp->htsp_granted_access, 1)) {
          htsmsg_t *m = msg ? htsmsg_copy(msg)
                            : htsp_build_timerecentry(dte, method);
          htsp_send_message(htsp, m, NULL);
author	Jaroslav Kysela <perex@perex.cz>
	Mon, 25 May 2015 11:13:33 +0000 (13:13 +0200)
committer	Jaroslav Kysela <perex@perex.cz>
	Mon, 25 May 2015 11:14:02 +0000 (13:14 +0200)
src/dvr/dvr.h		patch \| blob \| blame \| history
src/dvr/dvr_autorec.c		patch \| blob \| blame \| history
src/dvr/dvr_timerec.c		patch \| blob \| blame \| history
src/htsp_server.c		patch \| blob \| blame \| history