From: Jaroslav Kysela <perex@perex.cz>
Date: Sun, 17 Apr 2016 19:18:19 +0000 (+0200)
Subject: profile/api: allow to pass only valid user profiles, fixes #3724
X-Git-Tag: v4.2.1~629
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F855%2Fhead;p=thirdparty%2Ftvheadend.git

profile/api: allow to pass only valid user profiles, fixes #3724
---

diff --git a/src/api/api_profile.c b/src/api/api_profile.c
index 692caabb6..fe5e5a9e7 100644
--- a/src/api/api_profile.c
+++ b/src/api/api_profile.c
@@ -20,9 +20,36 @@
 #include "tvheadend.h"
 #include "access.h"
 #include "htsmsg.h"
+#include "subscriptions.h"
 #include "api.h"
 #include "profile.h"
 
+/*
+ *
+ */
+static int
+api_profile_is_all(access_t *perm, htsmsg_t *args)
+{
+  return htsmsg_get_bool_or_default(args, "all", 0) &&
+         !access_verify2(perm, ACCESS_ADMIN);
+}
+
+static int
+api_profile_find(access_t *perm, const char *uuid)
+{
+  htsmsg_field_t *f;
+  const char *uuid2;
+
+  if (perm->aa_profiles == NULL)
+    return 1;
+  HTSMSG_FOREACH(f, perm->aa_profiles) {
+    uuid2 = htsmsg_field_get_str(f) ?: "";
+    if (strcmp(uuid, uuid2) == 0)
+      return 1;
+  }
+  return 0;
+}
+
 /*
  *
  */
@@ -32,13 +59,19 @@ api_profile_list
 {
   profile_t *pro;
   htsmsg_t *l, *e;
+  int cfg = api_profile_is_all(perm, args);
+  int sflags = htsmsg_get_bool_or_default(args, "htsp", 0) ? SUBSCRIPTION_HTSP : 0;
   char ubuf[UUID_HEX_SIZE];
 
+  sflags |= SUBSCRIPTION_PACKET|SUBSCRIPTION_MPEGTS;
   l = htsmsg_create_list();
   pthread_mutex_lock(&global_lock);
   TAILQ_FOREACH(pro, &profiles, pro_link) {
+    idnode_uuid_as_str(&pro->pro_id, ubuf);
+    if (!cfg && (!profile_verify(pro, sflags) || !api_profile_find(perm, ubuf)))
+      continue;
     e = htsmsg_create_map();
-    htsmsg_add_str(e, "key", idnode_uuid_as_str(&pro->pro_id, ubuf));
+    htsmsg_add_str(e, "key", ubuf);
     htsmsg_add_str(e, "val", profile_get_name(pro));
     htsmsg_add_msg(l, NULL, e);
   }
diff --git a/src/profile.c b/src/profile.c
index 3c401a13a..91d7a749d 100644
--- a/src/profile.c
+++ b/src/profile.c
@@ -464,7 +464,7 @@ profile_find_by_name(const char *name, const char *alt)
 /*
  *
  */
-static int
+int
 profile_verify(profile_t *pro, int sflags)
 {
   if (!pro)
@@ -545,9 +545,12 @@ htsmsg_t *
 profile_class_get_list(void *o, const char *lang)
 {
   htsmsg_t *m = htsmsg_create_map();
+  htsmsg_t *p = htsmsg_create_map();
   htsmsg_add_str(m, "type",  "api");
   htsmsg_add_str(m, "uri",   "profile/list");
   htsmsg_add_str(m, "event", "profile");
+  htsmsg_add_u32(p, "all",  1);
+  htsmsg_add_msg(m, "params", p);
   return m;
 }
 
diff --git a/src/profile.h b/src/profile.h
index 76d6269f0..f1b1e0a13 100644
--- a/src/profile.h
+++ b/src/profile.h
@@ -178,6 +178,7 @@ static inline profile_t *profile_find_by_uuid(const char *uuid)
 profile_t *profile_find_by_name(const char *name, const char *alt);
 profile_t *profile_find_by_list(htsmsg_t *uuids, const char *name,
                                 const char *alt, int sflags);
+int profile_verify(profile_t *pro, int sflags);
 
 htsmsg_t * profile_class_get_list(void *o, const char *lang);