From: Jaroslav Kysela <perex@perex.cz>
Date: Mon, 25 May 2015 11:13:33 +0000 (+0200)
Subject: DVR: Apply DVR All ACL rule also for autorec/timerec entries, fixes #2888
X-Git-Tag: v4.2.1~2471
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11d2c6526742b546a7980a555fdfdac5c7b2e9ba;p=thirdparty%2Ftvheadend.git

DVR: Apply DVR All ACL rule also for autorec/timerec entries, fixes #2888
---

diff --git a/src/dvr/dvr.h b/src/dvr/dvr.h
index 2c9dd02c9..bdd76cc65 100644
--- a/src/dvr/dvr.h
+++ b/src/dvr/dvr.h
@@ -557,8 +557,11 @@ void dvr_autorec_done(void);
 
 void dvr_autorec_update(void);
 
-static inline int dvr_autorec_entry_verify(dvr_autorec_entry_t *dae, access_t *a)
+static inline int
+  dvr_autorec_entry_verify(dvr_autorec_entry_t *dae, access_t *a, int readonly)
 {
+  if (readonly && !access_verify2(a, ACCESS_ALL_RECORDER))
+    return 0;
   if (!access_verify2(a, ACCESS_ALL_RW_RECORDER))
     return 0;
   if (strcmp(dae->dae_owner ?: "", a->aa_username ?: ""))
@@ -607,8 +610,11 @@ void dvr_timerec_done(void);
 
 void dvr_timerec_update(void);
 
-static inline int dvr_timerec_entry_verify(dvr_timerec_entry_t *dte, access_t *a)
+static inline int dvr_timerec_entry_verify
+  (dvr_timerec_entry_t *dte, access_t *a, int readonly)
 {
+  if (readonly && !access_verify2(a, ACCESS_ALL_RECORDER))
+    return 0;
   if (!access_verify2(a, ACCESS_ALL_RW_RECORDER))
     return 0;
   if (strcmp(dte->dte_owner ?: "", a->aa_username ?: ""))
diff --git a/src/dvr/dvr_autorec.c b/src/dvr/dvr_autorec.c
index e6f8f2997..2939c1520 100644
--- a/src/dvr/dvr_autorec.c
+++ b/src/dvr/dvr_autorec.c
@@ -399,7 +399,7 @@ dvr_autorec_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write
     return -1;
   if (!access_verify2(a, ACCESS_ADMIN))
     return 0;
-  if (dvr_autorec_entry_verify(dae, a))
+  if (dvr_autorec_entry_verify(dae, a, msg_to_write == NULL ? 1 : 0))
     return -1;
   return 0;
 }
diff --git a/src/dvr/dvr_timerec.c b/src/dvr/dvr_timerec.c
index 00e2dc154..7e2bfda3b 100644
--- a/src/dvr/dvr_timerec.c
+++ b/src/dvr/dvr_timerec.c
@@ -323,7 +323,7 @@ dvr_timerec_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write
     return -1;
   if (!access_verify2(a, ACCESS_ADMIN))
     return 0;
-  if (dvr_timerec_entry_verify(dte, a))
+  if (dvr_timerec_entry_verify(dte, a, msg_to_write == NULL ? 1 : 0))
     return -1;
   return 0;
 }
diff --git a/src/htsp_server.c b/src/htsp_server.c
index cfde98f42..24a8e6a9c 100644
--- a/src/htsp_server.c
+++ b/src/htsp_server.c
@@ -1104,12 +1104,12 @@ htsp_method_async(htsp_connection_t *htsp, htsmsg_t *in)
 
   /* Send all autorecs */
   TAILQ_FOREACH(dae, &autorec_entries, dae_link)
-    if (!dvr_autorec_entry_verify(dae, htsp->htsp_granted_access))
+    if (!dvr_autorec_entry_verify(dae, htsp->htsp_granted_access, 1))
       htsp_send_message(htsp, htsp_build_autorecentry(dae, "autorecEntryAdd"), NULL);
 
   /* Send all timerecs */
   TAILQ_FOREACH(dte, &timerec_entries, dte_link)
-    if (!dvr_timerec_entry_verify(dte, htsp->htsp_granted_access))
+    if (!dvr_timerec_entry_verify(dte, htsp->htsp_granted_access, 1))
       htsp_send_message(htsp, htsp_build_timerecentry(dte, "timerecEntryAdd"), NULL);
 
   /* Send all DVR entries */
@@ -1742,7 +1742,7 @@ htsp_method_deleteAutorecEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if((dae = dvr_autorec_find_by_uuid(daeId)) == NULL)
     return htsp_error("id not found");
 
-  if(dvr_autorec_entry_verify(dae, htsp->htsp_granted_access))
+  if(dvr_autorec_entry_verify(dae, htsp->htsp_granted_access, 0))
     return htsp_error("User does not have access");
 
   /* Check access */
@@ -1838,7 +1838,7 @@ htsp_method_deleteTimerecEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if((dte = dvr_timerec_find_by_uuid(dteId)) == NULL)
     return htsp_error("id not found");
 
-  if(dvr_timerec_entry_verify(dte, htsp->htsp_granted_access))
+  if(dvr_timerec_entry_verify(dte, htsp->htsp_granted_access, 0))
     return htsp_error("User does not have access");
 
   /* Check access */
@@ -3147,7 +3147,7 @@ _htsp_autorec_entry_update(dvr_autorec_entry_t *dae, const char *method, htsmsg_
   LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
     if (htsp->htsp_async_mode & HTSP_ASYNC_ON) {
       if ((dae->dae_channel == NULL || htsp_user_access_channel(htsp, dae->dae_channel)) &&
-          !dvr_autorec_entry_verify(dae, htsp->htsp_granted_access)) {
+          !dvr_autorec_entry_verify(dae, htsp->htsp_granted_access, 1)) {
         htsmsg_t *m = msg ? htsmsg_copy(msg)
                           : htsp_build_autorecentry(dae, method);
         htsp_send_message(htsp, m, NULL);
@@ -3200,7 +3200,7 @@ _htsp_timerec_entry_update(dvr_timerec_entry_t *dte, const char *method, htsmsg_
   LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
     if (htsp->htsp_async_mode & HTSP_ASYNC_ON) {
       if ((dte->dte_channel == NULL || htsp_user_access_channel(htsp, dte->dte_channel)) &&
-          !dvr_timerec_entry_verify(dte, htsp->htsp_granted_access)) {
+          !dvr_timerec_entry_verify(dte, htsp->htsp_granted_access, 1)) {
         htsmsg_t *m = msg ? htsmsg_copy(msg)
                           : htsp_build_timerecentry(dte, method);
         htsp_send_message(htsp, m, NULL);