From: Jaroslav Kysela Date: Tue, 26 May 2015 09:08:20 +0000 (+0200) Subject: DVR(all): don't restrict save/delete/moveup/movedown/cancel operations only for admin... X-Git-Tag: v4.2.1~2457 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7643f72c9a9a7326775fd4764fd6caa56ede50e9;p=thirdparty%2Ftvheadend.git DVR(all): don't restrict save/delete/moveup/movedown/cancel operations only for admin - use class filters, fixes #2893 --- diff --git a/src/api.h b/src/api.h index e5b360d26..3f6e88cd3 100644 --- a/src/api.h +++ b/src/api.h @@ -106,7 +106,8 @@ int api_idnode_load_by_class ( access_t *perm, void *opaque, const char *op, htsmsg_t *args, htsmsg_t **resp ); int api_idnode_handler - ( access_t *perm, htsmsg_t *args, htsmsg_t **resp, void (*handler)(access_t *perm, idnode_t *in) ); + ( access_t *perm, htsmsg_t *args, htsmsg_t **resp, + void (*handler)(access_t *perm, idnode_t *in), const char *op ); /* * Service mapper diff --git a/src/api/api_dvr.c b/src/api/api_dvr.c index f07f4d08e..ee75c950f 100644 --- a/src/api/api_dvr.c +++ b/src/api/api_dvr.c @@ -236,7 +236,7 @@ static int api_dvr_entry_cancel ( access_t *perm, void *opaque, const char *op, htsmsg_t *args, htsmsg_t **resp ) { - return api_idnode_handler(perm, args, resp, api_dvr_cancel); + return api_idnode_handler(perm, args, resp, api_dvr_cancel, "cancel"); } static void diff --git a/src/api/api_idnode.c b/src/api/api_idnode.c index 6ccea928b..32674a0e6 100644 --- a/src/api/api_idnode.c +++ b/src/api/api_idnode.c @@ -458,11 +458,12 @@ exit: int api_idnode_handler ( access_t *perm, htsmsg_t *args, htsmsg_t **resp, - void (*handler)(access_t *perm, idnode_t *in) ) + void (*handler)(access_t *perm, idnode_t *in), + const char *op ) { int err = 0; idnode_t *in; - htsmsg_t *uuids; + htsmsg_t *uuids, *msg; htsmsg_field_t *f; const char *uuid; @@ -488,10 +489,18 @@ api_idnode_handler /* Single */ } else { uuid = htsmsg_field_get_string(f); - if (!(in = idnode_find(uuid, NULL, NULL))) + if (!(in = idnode_find(uuid, NULL, NULL))) { err = ENOENT; - else - handler(perm, in); + } else { + msg = htsmsg_create_map(); + htsmsg_add_str(msg, "__op__", op); + if (idnode_perm(in, perm, msg)) { + err = EPERM; + } else { + handler(perm, in); + } + htsmsg_destroy(msg); + } } pthread_mutex_unlock(&global_lock); @@ -509,7 +518,7 @@ static int api_idnode_delete ( access_t *perm, void *opaque, const char *op, htsmsg_t *args, htsmsg_t **resp ) { - return api_idnode_handler(perm, args, resp, api_idnode_delete_); + return api_idnode_handler(perm, args, resp, api_idnode_delete_, "delete"); } static void @@ -522,7 +531,7 @@ static int api_idnode_moveup ( access_t *perm, void *opaque, const char *op, htsmsg_t *args, htsmsg_t **resp ) { - return api_idnode_handler(perm, args, resp, api_idnode_moveup_); + return api_idnode_handler(perm, args, resp, api_idnode_moveup_, "moveup"); } static void @@ -535,19 +544,22 @@ static int api_idnode_movedown ( access_t *perm, void *opaque, const char *op, htsmsg_t *args, htsmsg_t **resp ) { - return api_idnode_handler(perm, args, resp, api_idnode_movedown_); + return api_idnode_handler(perm, args, resp, api_idnode_movedown_, "movedown"); } void api_idnode_init ( void ) { + /* + * note: permissions are verified using idnode_perm() calls + */ static api_hook_t ah[] = { { "idnode/load", ACCESS_ANONYMOUS, api_idnode_load, NULL }, - { "idnode/save", ACCESS_ADMIN, api_idnode_save, NULL }, + { "idnode/save", ACCESS_ANONYMOUS, api_idnode_save, NULL }, { "idnode/tree", ACCESS_ANONYMOUS, api_idnode_tree, NULL }, { "idnode/class", ACCESS_ANONYMOUS, api_idnode_class, NULL }, - { "idnode/delete", ACCESS_ADMIN, api_idnode_delete, NULL }, - { "idnode/moveup", ACCESS_ADMIN, api_idnode_moveup, NULL }, - { "idnode/movedown", ACCESS_ADMIN, api_idnode_movedown, NULL }, + { "idnode/delete", ACCESS_ANONYMOUS, api_idnode_delete, NULL }, + { "idnode/moveup", ACCESS_ANONYMOUS, api_idnode_moveup, NULL }, + { "idnode/movedown", ACCESS_ANONYMOUS, api_idnode_movedown, NULL }, { NULL }, };