profile/api: allow to pass only valid user profiles, fixes #3724

tvheadend · Apr 17, 2016 · 645ac36 · 645ac36
1 parent da7c833
commit 645ac36
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 2 deletions.
diff --git a/src/api/api_profile.c b/src/api/api_profile.c
@@ -20,9 +20,36 @@
 #include "tvheadend.h"
 #include "access.h"
 #include "htsmsg.h"
+#include "subscriptions.h"
 #include "api.h"
 #include "profile.h"
 
+/*
+ *
+ */
+static int
+api_profile_is_all(access_t *perm, htsmsg_t *args)
+{
+  return htsmsg_get_bool_or_default(args, "all", 0) &&
+         !access_verify2(perm, ACCESS_ADMIN);
+}
+
+static int
+api_profile_find(access_t *perm, const char *uuid)
+{
+  htsmsg_field_t *f;
+  const char *uuid2;
+
+  if (perm->aa_profiles == NULL)
+    return 1;
+  HTSMSG_FOREACH(f, perm->aa_profiles) {
+    uuid2 = htsmsg_field_get_str(f) ?: "";
+    if (strcmp(uuid, uuid2) == 0)
+      return 1;
+  }
+  return 0;
+}
+
 /*
  *
  */
@@ -32,13 +59,19 @@ api_profile_list
 {
   profile_t *pro;
   htsmsg_t *l, *e;
+  int cfg = api_profile_is_all(perm, args);
+  int sflags = htsmsg_get_bool_or_default(args, "htsp", 0) ? SUBSCRIPTION_HTSP : 0;
   char ubuf[UUID_HEX_SIZE];
 
+  sflags |= SUBSCRIPTION_PACKET|SUBSCRIPTION_MPEGTS;
   l = htsmsg_create_list();
   pthread_mutex_lock(&global_lock);
   TAILQ_FOREACH(pro, &profiles, pro_link) {
+    idnode_uuid_as_str(&pro->pro_id, ubuf);
+    if (!cfg && (!profile_verify(pro, sflags) || !api_profile_find(perm, ubuf)))
+      continue;
     e = htsmsg_create_map();
-    htsmsg_add_str(e, "key", idnode_uuid_as_str(&pro->pro_id, ubuf));
+    htsmsg_add_str(e, "key", ubuf);
     htsmsg_add_str(e, "val", profile_get_name(pro));
     htsmsg_add_msg(l, NULL, e);
   }

diff --git a/src/profile.c b/src/profile.c
@@ -464,7 +464,7 @@ profile_find_by_name(const char *name, const char *alt)
 /*
  *
  */
-static int
+int
 profile_verify(profile_t *pro, int sflags)
 {
   if (!pro)
@@ -545,9 +545,12 @@ htsmsg_t *
 profile_class_get_list(void *o, const char *lang)
 {
   htsmsg_t *m = htsmsg_create_map();
+  htsmsg_t *p = htsmsg_create_map();
   htsmsg_add_str(m, "type",  "api");
   htsmsg_add_str(m, "uri",   "profile/list");
   htsmsg_add_str(m, "event", "profile");
+  htsmsg_add_u32(p, "all",  1);
+  htsmsg_add_msg(m, "params", p);
   return m;
 }
 

diff --git a/src/profile.h b/src/profile.h
@@ -178,6 +178,7 @@ static inline profile_t *profile_find_by_uuid(const char *uuid)
 profile_t *profile_find_by_name(const char *name, const char *alt);
 profile_t *profile_find_by_list(htsmsg_t *uuids, const char *name,
                                 const char *alt, int sflags);
+int profile_verify(profile_t *pro, int sflags);
 
 htsmsg_t * profile_class_get_list(void *o, const char *lang);