From ea904c66f8295fe9480847c18fe1b30dba78f053 Mon Sep 17 00:00:00 2001 From: Jaroslav Kysela Date: Fri, 7 Nov 2014 17:05:35 +0100 Subject: [PATCH] api epg: do not provide the DVR info to users without permissions --- src/access.c | 17 +++++++++++++++++ src/access.h | 2 ++ src/api/api_epg.c | 19 +++++++++++-------- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/src/access.c b/src/access.c index 8155687c..c7f308cf 100644 --- a/src/access.c +++ b/src/access.c @@ -159,6 +159,23 @@ access_ticket_verify2(const char *id, const char *resource) return access_copy(at->at_access); } +/** + * + */ +int +access_verify_list(htsmsg_t *list, const char *item) +{ + htsmsg_field_t *f; + + if (list) { + HTSMSG_FOREACH(f, list) + if (!strcmp(htsmsg_field_get_str(f) ?: "", item)) + return 0; + return -1; + } + return 0; +} + /** * */ diff --git a/src/access.h b/src/access.h index e0d55c8f..4e495e02 100644 --- a/src/access.h +++ b/src/access.h @@ -155,6 +155,8 @@ int access_verify(const char *username, const char *password, static inline int access_verify2(access_t *a, uint32_t mask) { return (a->aa_rights & mask) == mask ? 0 : -1; } +int access_verify_list(htsmsg_t *list, const char *item); + /** * Get the access structure */ diff --git a/src/api/api_epg.c b/src/api/api_epg.c index 54a95fb1..771414b5 100644 --- a/src/api/api_epg.c +++ b/src/api/api_epg.c @@ -70,7 +70,7 @@ api_epg_add_channel ( htsmsg_t *m, channel_t *ch ) } static htsmsg_t * -api_epg_entry ( epg_broadcast_t *eb, const char *lang ) +api_epg_entry ( epg_broadcast_t *eb, const char *lang, access_t *perm ) { const char *s; char buf[64]; @@ -163,7 +163,10 @@ api_epg_entry ( epg_broadcast_t *eb, const char *lang ) } /* Recording */ - if ((de = dvr_entry_find_by_event(eb))) { + if (!access_verify2(perm, ACCESS_RECORDER) && + (de = dvr_entry_find_by_event(eb)) && + !access_verify_list(perm->aa_dvrcfgs, + idnode_uuid_as_str(&de->de_config->dvr_id))) { htsmsg_add_str(m, "dvrUuid", idnode_uuid_as_str(&de->de_id)); htsmsg_add_str(m, "dvrState", dvr_entry_schedstatus(de)); } @@ -426,7 +429,7 @@ api_epg_grid end = MIN(eq.entries, start + limit); l = htsmsg_create_list(); for (i = start; i < end; i++) { - if (!(e = api_epg_entry(eq.result[i], lang))) continue; + if (!(e = api_epg_entry(eq.result[i], lang, perm))) continue; htsmsg_add_msg(l, NULL, e); } pthread_mutex_unlock(&global_lock); @@ -443,7 +446,7 @@ api_epg_grid static void api_epg_episode_broadcasts - ( htsmsg_t *l, const char *lang, epg_episode_t *ep, + ( access_t *perm, htsmsg_t *l, const char *lang, epg_episode_t *ep, uint32_t *entries, epg_broadcast_t *ebc_skip ) { epg_broadcast_t *ebc; @@ -454,7 +457,7 @@ api_epg_episode_broadcasts ch = ebc->channel; if (ch == NULL) continue; if (ebc == ebc_skip) continue; - m = api_epg_entry(ebc, lang); + m = api_epg_entry(ebc, lang, perm); htsmsg_add_msg(l, NULL, m); (*entries)++; } @@ -476,7 +479,7 @@ api_epg_alternative pthread_mutex_lock(&global_lock); e = epg_broadcast_find_by_id(id); if (e && e->episode) - api_epg_episode_broadcasts(l, lang, e->episode, &entries, e); + api_epg_episode_broadcasts(perm, l, lang, e->episode, &entries, e); pthread_mutex_unlock(&global_lock); /* Build response */ @@ -507,14 +510,14 @@ api_epg_related LIST_FOREACH(ep2, &ep->brand->episodes, blink) { if (ep2 == ep) continue; if (!ep2->title) continue; - api_epg_episode_broadcasts(l, lang, ep2, &entries, e); + api_epg_episode_broadcasts(perm, l, lang, ep2, &entries, e); entries++; } } else if (ep && ep->season) { LIST_FOREACH(ep2, &ep->season->episodes, slink) { if (ep2 == ep) continue; if (!ep2->title) continue; - api_epg_episode_broadcasts(l, lang, ep2, &entries, e); + api_epg_episode_broadcasts(perm, l, lang, ep2, &entries, e); } } pthread_mutex_unlock(&global_lock);