diff --git a/htmlui.c b/htmlui.c
index 3ae7e9ca..d2e1bade 100644
--- a/htmlui.c
+++ b/htmlui.c
@@ -64,6 +64,21 @@ static struct strtab recstatuscolor[] = {
};
+/*
+ * Return 1 if current user have access to a feature
+ */
+
+static int
+html_verify_access(http_connection_t *hc, const char *feature)
+{
+ if(hc->hc_user_config == NULL)
+ return 0;
+ return atoi(config_get_str_sub(hc->hc_user_config, feature, "0"));
+}
+
+
+
+
static int
pvrstatus_to_html(tv_pvr_status_t pvrstatus, const char **text,
const char **col)
@@ -220,7 +235,7 @@ box_bottom(tcp_queue_t *tq)
static void
-top_menu(tcp_queue_t *tq)
+top_menu(http_connection_t *hc, tcp_queue_t *tq)
{
tcp_qprintf(tq, "
");
@@ -229,11 +244,18 @@ top_menu(tcp_queue_t *tq)
tcp_qprintf(tq,
"
");
+ "
");
+
+
+ tcp_qprintf(tq, "- TV Guide
");
+
+ if(html_verify_access(hc, "record_events"))
+ tcp_qprintf(tq, "- Recordings
");
+
+ if(html_verify_access(hc, "system_status"))
+ tcp_qprintf(tq, "- System Status
");
+
+ tcp_qprintf(tq, "
");
box_bottom(tq);
tcp_qprintf(tq, "
\r\n");
@@ -368,9 +390,12 @@ page_root(http_connection_t *hc, const char *remain, void *opaque)
int i;
int simple = is_client_simple(hc);
+ if(!html_verify_access(hc, "browse_events"))
+ return HTTP_STATUS_UNAUTHORIZED;
+
tcp_init_queue(&tq, -1);
html_header(&tq, "HTS/tvheadend", !simple, 700);
- top_menu(&tq);
+ top_menu(hc, &tq);
epg_lock();
TAILQ_FOREACH(ch, &channels, ch_global_link) {
@@ -442,6 +467,9 @@ page_channel(http_connection_t *hc, const char *remain, void *opaque)
int w, doff = 0, wday;
struct tm a;
+ if(!html_verify_access(hc, "browse_events"))
+ return HTTP_STATUS_UNAUTHORIZED;
+
i = sscanf(remain, "%d/%d", &channeltag, &doff);
ch = channel_by_tag(channeltag);
if(i != 2)
@@ -456,7 +484,7 @@ page_channel(http_connection_t *hc, const char *remain, void *opaque)
html_header(&tq, "HTS/tvheadend", !simple, 700);
- top_menu(&tq);
+ top_menu(hc, &tq);
epg_lock();
@@ -525,6 +553,9 @@ page_event(http_connection_t *hc, const char *remain, void *opaque)
tv_pvr_status_t pvrstatus;
const char *pvr_txt, *pvr_color;
+ if(!html_verify_access(hc, "browse_events"))
+ return HTTP_STATUS_UNAUTHORIZED;
+
epg_lock();
e = epg_event_find_by_tag(eventid);
if(e == NULL) {
@@ -534,6 +565,12 @@ page_event(http_connection_t *hc, const char *remain, void *opaque)
remain = strchr(remain, '?');
if(remain != NULL) {
+
+ if(!html_verify_access(hc, "record_events")) {
+ epg_unlock();
+ return HTTP_STATUS_UNAUTHORIZED;
+ }
+
remain++;
if(!strncmp(remain, "rec=", 4))
cmd = RECOP_ONCE;
@@ -552,7 +589,7 @@ page_event(http_connection_t *hc, const char *remain, void *opaque)
tcp_init_queue(&tq, -1);
html_header(&tq, "HTS/tvheadend", 0, 700);
- top_menu(&tq);
+ top_menu(hc, &tq);
tcp_qprintf(&tq, "