DVR: Add per-user filters for all DVR entries (including timerec and …

…autorec), fixes #2533
tvheadend · Jan 16, 2015 · ed513c0 · ed513c0
1 parent a65f617
commit ed513c0
Show file tree

Hide file tree

Showing 10 changed files with 151 additions and 23 deletions.
diff --git a/docs/html/config_access.html b/docs/html/config_access.html
@@ -93,6 +93,10 @@
   <dd>
   Enables access to video recording functions for the HTSP protocol (Showtime, XBMC etc.).
 
+  <dt><b>All DVR</b>
+  <dd>
+  Enable to access to DVR entries created by other users (read-only).
+
   <dt><b>DVR Config Profile</b>
   <dd>
   If set, the user will only be able to use the DVR config profile

diff --git a/src/access.c b/src/access.c
@@ -357,16 +357,17 @@ access_dump_a(access_t *a)
   int first;
 
   snprintf(buf, sizeof(buf),
-    "%s:%s [%s%s%s%s%s%s%s], conn=%u, chmin=%llu, chmax=%llu%s",
+    "%s:%s [%c%c%c%c%c%c%c%c], conn=%u, chmin=%llu, chmax=%llu%s",
     a->aa_representative ?: "<no-id>",
     a->aa_username ?: "<no-user>",
-    a->aa_rights & ACCESS_STREAMING          ? "S" : "",
-    a->aa_rights & ACCESS_ADVANCED_STREAMING ? "A" : "",
-    a->aa_rights & ACCESS_HTSP_STREAMING     ? "T" : "",
-    a->aa_rights & ACCESS_WEB_INTERFACE      ? "W" : "",
-    a->aa_rights & ACCESS_RECORDER           ? "R" : "",
-    a->aa_rights & ACCESS_HTSP_RECORDER      ? "E" : "",
-    a->aa_rights & ACCESS_ADMIN              ? "*" : "",
+    a->aa_rights & ACCESS_STREAMING          ? 'S' : ' ',
+    a->aa_rights & ACCESS_ADVANCED_STREAMING ? 'A' : ' ',
+    a->aa_rights & ACCESS_HTSP_STREAMING     ? 'T' : ' ',
+    a->aa_rights & ACCESS_WEB_INTERFACE      ? 'W' : ' ',
+    a->aa_rights & ACCESS_RECORDER           ? 'R' : ' ',
+    a->aa_rights & ACCESS_HTSP_RECORDER      ? 'E' : ' ',
+    a->aa_rights & ACCESS_ALL_RECORDER       ? 'L' : ' ',
+    a->aa_rights & ACCESS_ADMIN              ? '*' : ' ',
     a->aa_conn_limit,
     (long long)a->aa_chmin, (long long)a->aa_chmax,
     a->aa_match ? ", matched" : "");
@@ -812,6 +813,8 @@ access_entry_update_rights(access_entry_t *ae)
     r |= ACCESS_RECORDER;
   if (ae->ae_htsp_dvr)
     r |= ACCESS_HTSP_RECORDER;
+  if (ae->ae_all_dvr)
+    r |= ACCESS_ALL_RECORDER;
   if (ae->ae_webui)
     r |= ACCESS_WEB_INTERFACE;
   if (ae->ae_admin)
@@ -846,8 +849,10 @@ access_entry_create(const char *uuid, htsmsg_t *conf)
   TAILQ_INIT(&ae->ae_ipmasks);
 
   if (conf) {
+    /* defaults */
     ae->ae_htsp_streaming = 1;
     ae->ae_htsp_dvr       = 1;
+    ae->ae_all_dvr        = 1;
     idnode_load(&ae->ae_id, conf);
     /* note password has PO_NOSAVE, thus it must be set manually */
     if ((s = htsmsg_get_str(conf, "password")) != NULL)
@@ -1297,6 +1302,12 @@ const idclass_t access_entry_class = {
       .name     = "HTSP DVR",
       .off      = offsetof(access_entry_t, ae_htsp_dvr),
     },
+    {
+      .type     = PT_BOOL,
+      .id       = "all_dvr",
+      .name     = "All DVR",
+      .off      = offsetof(access_entry_t, ae_all_dvr),
+    },
     {
       .type     = PT_STR,
       .id       = "dvr_config",
@@ -1405,6 +1416,7 @@ access_init(int createdefault, int noacl)
     ae->ae_htsp_streaming = 1;
     ae->ae_dvr            = 1;
     ae->ae_htsp_dvr       = 1;
+    ae->ae_all_dvr        = 1;
     ae->ae_webui          = 1;
     ae->ae_admin          = 1;
     access_entry_update_rights(ae);

diff --git a/src/access.h b/src/access.h
@@ -66,6 +66,7 @@ typedef struct access_entry {
 
   int ae_dvr;
   int ae_htsp_dvr;
+  int ae_all_dvr;
   struct dvr_config *ae_dvr_config;
   LIST_ENTRY(access_entry) ae_dvr_config_link;
 
@@ -119,13 +120,15 @@ typedef struct access_ticket {
 #define ACCESS_WEB_INTERFACE      (1<<3)
 #define ACCESS_RECORDER           (1<<4)
 #define ACCESS_HTSP_RECORDER      (1<<5)
-#define ACCESS_ADMIN              (1<<6)
+#define ACCESS_ALL_RECORDER       (1<<6)
+#define ACCESS_ADMIN              (1<<7)
 #define ACCESS_OR                 (1<<30)
 
 #define ACCESS_FULL \
   (ACCESS_STREAMING | ACCESS_ADVANCED_STREAMING | \
-   ACCESS_HTSP_STREAMING | ACCESS_HTSP_RECORDER | \
-   ACCESS_WEB_INTERFACE | ACCESS_RECORDER | ACCESS_ADMIN)
+   ACCESS_HTSP_STREAMING | ACCESS_WEB_INTERFACE | \
+   ACCESS_RECORDER | ACCESS_HTSP_RECORDER | \
+   ACCESS_ALL_RECORDER | ACCESS_ADMIN)
 
 /**
  * Create a new ticket for the requested resource and generate a id for it

diff --git a/src/dvr/dvr.h b/src/dvr/dvr.h
@@ -471,6 +471,17 @@ htsmsg_t *dvr_entry_class_pri_list(void *o);
 htsmsg_t *dvr_entry_class_config_name_list(void *o);
 htsmsg_t *dvr_entry_class_duration_list(void *o, const char *not_set, int max, int step);
 
+static inline int dvr_entry_verify(dvr_entry_t *de, access_t *a, int readonly)
+{
+  if (!a->aa_username || !de->de_owner)
+    return -1;
+  if (readonly && !access_verify2(a, ACCESS_ALL_RECORDER))
+    return 0;
+  if (strcmp(de->de_owner, a->aa_username))
+    return -1;
+  return 0;
+}
+
 /**
  *
  */
@@ -536,6 +547,15 @@ void dvr_autorec_done(void);
 
 void dvr_autorec_update(void);
 
+static inline int dvr_autorec_entry_verify(dvr_autorec_entry_t *dae, access_t *a)
+{
+  if (!a->aa_username || !dae->dae_owner)
+    return -1;
+  if (strcmp(dae->dae_owner, a->aa_username))
+    return -1;
+  return 0;
+}
+
 /**
  *
  */
@@ -571,6 +591,15 @@ void dvr_timerec_done(void);
 
 void dvr_timerec_update(void);
 
+static inline int dvr_timerec_entry_verify(dvr_timerec_entry_t *dte, access_t *a)
+{
+  if (!a->aa_username || !dte->dte_owner)
+    return -1;
+  if (strcmp(dte->dte_owner, a->aa_username))
+    return -1;
+  return 0;
+}
+
 /**
  *
  */

diff --git a/src/dvr/dvr_autorec.c b/src/dvr/dvr_autorec.c
@@ -369,6 +369,20 @@ dvr_autorec_entry_class_delete(idnode_t *self)
   autorec_entry_destroy((dvr_autorec_entry_t *)self, 1);
 }
 
+static int
+dvr_autorec_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write)
+{
+  dvr_autorec_entry_t *dae = (dvr_autorec_entry_t *)self;
+
+  if (access_verify2(a, ACCESS_OR|ACCESS_ADMIN|ACCESS_RECORDER))
+    return -1;
+  if (!access_verify2(a, ACCESS_ADMIN))
+    return 0;
+  if (dvr_autorec_entry_verify(dae, a))
+    return -1;
+  return 0;
+}
+
 static const char *
 dvr_autorec_entry_class_get_title (idnode_t *self)
 {
@@ -839,6 +853,7 @@ const idclass_t dvr_autorec_entry_class = {
   .ic_save       = dvr_autorec_entry_class_save,
   .ic_get_title  = dvr_autorec_entry_class_get_title,
   .ic_delete     = dvr_autorec_entry_class_delete,
+  .ic_perm       = dvr_autorec_entry_class_perm,
   .ic_properties = (const property_t[]) {
     {
       .type     = PT_BOOL,

diff --git a/src/dvr/dvr_db.c b/src/dvr/dvr_db.c
@@ -1108,6 +1108,20 @@ dvr_entry_class_delete(idnode_t *self)
   dvr_entry_cancel_delete((dvr_entry_t *)self);
 }
 
+static int
+dvr_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write)
+{
+  dvr_entry_t *de = (dvr_entry_t *)self;
+
+  if (access_verify2(a, ACCESS_OR|ACCESS_ADMIN|ACCESS_RECORDER))
+    return -1;
+  if (!access_verify2(a, ACCESS_ADMIN))
+    return 0;
+  if (dvr_entry_verify(de, a, msg_to_write == NULL ? 1 : 0))
+    return -1;
+  return 0;
+}
+
 static const char *
 dvr_entry_class_get_title (idnode_t *self)
 {
@@ -1680,10 +1694,10 @@ const idclass_t dvr_entry_class = {
   .ic_class     = "dvrentry",
   .ic_caption   = "DVR Entry",
   .ic_event     = "dvrentry",
-  .ic_perm_def  = ACCESS_RECORDER,
   .ic_save      = dvr_entry_class_save,
   .ic_get_title = dvr_entry_class_get_title,
   .ic_delete    = dvr_entry_class_delete,
+  .ic_perm      = dvr_entry_class_perm,
   .ic_properties = (const property_t[]) {
     {
       .type     = PT_TIME,

diff --git a/src/dvr/dvr_timerec.c b/src/dvr/dvr_timerec.c
@@ -310,6 +310,20 @@ dvr_timerec_entry_class_delete(idnode_t *self)
   timerec_entry_destroy((dvr_timerec_entry_t *)self, 1);
 }
 
+static int
+dvr_timerec_entry_class_perm(idnode_t *self, access_t *a, htsmsg_t *msg_to_write)
+{
+  dvr_timerec_entry_t *dte = (dvr_timerec_entry_t *)self;
+
+  if (access_verify2(a, ACCESS_OR|ACCESS_ADMIN|ACCESS_RECORDER))
+    return -1;
+  if (!access_verify2(a, ACCESS_ADMIN))
+    return 0;
+  if (dvr_timerec_entry_verify(dte, a))
+    return -1;
+  return 0;
+}
+
 static const char *
 dvr_timerec_entry_class_get_title (idnode_t *self)
 {
@@ -521,6 +535,7 @@ const idclass_t dvr_timerec_entry_class = {
   .ic_save       = dvr_timerec_entry_class_save,
   .ic_get_title  = dvr_timerec_entry_class_get_title,
   .ic_delete     = dvr_timerec_entry_class_delete,
+  .ic_perm       = dvr_timerec_entry_class_perm,
   .ic_properties = (const property_t[]) {
     {
       .type     = PT_BOOL,

diff --git a/src/htsp_server.c b/src/htsp_server.c
@@ -910,7 +910,8 @@ htsp_build_event
       htsmsg_add_str(out, "image", ee->image);
   }
 
-  if((de = dvr_entry_find_by_event(e)) != NULL) {
+  if((de = dvr_entry_find_by_event(e)) != NULL &&
+     !dvr_entry_verify(de, htsp->htsp_granted_access, 1)) {
     htsmsg_add_u32(out, "dvrId", idnode_get_short_uuid(&de->de_id));
   }
 
@@ -1070,15 +1071,18 @@ htsp_method_async(htsp_connection_t *htsp, htsmsg_t *in)
 
   /* Send all autorecs */
   TAILQ_FOREACH(dae, &autorec_entries, dae_link)
-    htsp_send_message(htsp, htsp_build_autorecentry(dae, "autorecEntryAdd"), NULL);
+    if (!dvr_autorec_entry_verify(dae, htsp->htsp_granted_access))
+      htsp_send_message(htsp, htsp_build_autorecentry(dae, "autorecEntryAdd"), NULL);
 
   /* Send all timerecs */
   TAILQ_FOREACH(dte, &timerec_entries, dte_link)
-    htsp_send_message(htsp, htsp_build_timerecentry(dte, "timerecEntryAdd"), NULL);
+    if (!dvr_timerec_entry_verify(dte, htsp->htsp_granted_access))
+      htsp_send_message(htsp, htsp_build_timerecentry(dte, "timerecEntryAdd"), NULL);
 
   /* Send all DVR entries */
   LIST_FOREACH(de, &dvrentries, de_global_link)
-    if (htsp_user_access_channel(htsp,de->de_channel))
+    if (!dvr_entry_verify(de, htsp->htsp_granted_access, 1) &&
+        htsp_user_access_channel(htsp,de->de_channel))
       htsp_send_message(htsp, htsp_build_dvrentry(de, "dvrEntryAdd"), NULL);
 
   /* Send EPG updates */
@@ -1498,9 +1502,12 @@ htsp_method_updateDvrEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if(htsmsg_get_u32(in, "id", &dvrEntryId))
     return htsp_error("Missing argument 'id'");
 
-  if( (de = dvr_entry_find_by_id(dvrEntryId)) == NULL) 
+  if((de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
     return htsp_error("id not found");
 
+  if(dvr_entry_verify(de, htsp->htsp_granted_access, 1))
+    return htsp_error("User does not have access");
+
   /* Check access */
   if (!htsp_user_access_channel(htsp, de->de_channel))
     return htsp_error("User does not have access");
@@ -1539,9 +1546,12 @@ htsp_method_cancelDvrEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if(htsmsg_get_u32(in, "id", &dvrEntryId))
     return htsp_error("Missing argument 'id'");
 
-  if( (de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
+  if((de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
     return htsp_error("id not found");
 
+  if(dvr_entry_verify(de, htsp->htsp_granted_access, 0))
+    return htsp_error("User does not have access");
+
   /* Check access */
   if (!htsp_user_access_channel(htsp, de->de_channel))
     return htsp_error("User does not have access");
@@ -1568,9 +1578,12 @@ htsp_method_deleteDvrEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if(htsmsg_get_u32(in, "id", &dvrEntryId))
     return htsp_error("Missing argument 'id'");
 
-  if( (de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
+  if((de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
     return htsp_error("id not found");
 
+  if(dvr_entry_verify(de, htsp->htsp_granted_access, 0))
+    return htsp_error("User does not have access");
+
   /* Check access */
   if (!htsp_user_access_channel(htsp, de->de_channel))
     return htsp_error("User does not have access");
@@ -1682,6 +1695,9 @@ htsp_method_deleteAutorecEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if((dae = dvr_autorec_find_by_uuid(daeId)) == NULL)
     return htsp_error("id not found");
 
+  if(dvr_autorec_entry_verify(dae, htsp->htsp_granted_access))
+    return htsp_error("User does not have access");
+
   /* Check access */
   if (!htsp_user_access_channel(htsp, dae->dae_channel))
     return htsp_error("User does not have access");
@@ -1775,6 +1791,9 @@ htsp_method_deleteTimerecEntry(htsp_connection_t *htsp, htsmsg_t *in)
   if((dte = dvr_timerec_find_by_uuid(dteId)) == NULL)
     return htsp_error("id not found");
 
+  if(dvr_timerec_entry_verify(dte, htsp->htsp_granted_access))
+    return htsp_error("User does not have access");
+
   /* Check access */
   if (!htsp_user_access_channel(htsp, dte->dte_channel))
     return htsp_error("User does not have access");
@@ -1813,9 +1832,12 @@ htsp_method_getDvrCutpoints(htsp_connection_t *htsp, htsmsg_t *in)
   if (htsmsg_get_u32(in, "id", &dvrEntryId))
     return htsp_error("Missing argument 'id'");
 
-  if( (de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
+  if((de = dvr_entry_find_by_id(dvrEntryId)) == NULL)
     return htsp_error("id not found");
 
+  if(dvr_entry_verify(de, htsp->htsp_granted_access, 1))
+    return htsp_error("User does not have access");
+
   /* Check access */
   if (!htsp_user_access_channel(htsp, de->de_channel))
     return htsp_error("User does not have access");
@@ -2206,6 +2228,9 @@ htsp_method_file_open(htsp_connection_t *htsp, htsmsg_t *in)
     if(de == NULL)
       return htsp_error("DVR entry does not exist");
 
+    if (dvr_entry_verify(de, htsp->htsp_granted_access, 1))
+      return htsp_error("User does not have access");
+
     if (!htsp_user_access_channel(htsp, de->de_channel))
       return htsp_error("User does not have access");
 
@@ -2987,6 +3012,7 @@ _htsp_dvr_entry_update(dvr_entry_t *de, const char *method, htsmsg_t *msg)
   htsp_connection_t *htsp;
   LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
     if (htsp->htsp_async_mode & HTSP_ASYNC_ON &&
+        !dvr_entry_verify(de, htsp->htsp_granted_access, 1) &&
         htsp_user_access_channel(htsp, de->de_channel)) {
       htsmsg_t *m = msg ? htsmsg_copy(msg)
                         : htsp_build_dvrentry(de, method);
@@ -3037,7 +3063,8 @@ _htsp_autorec_entry_update(dvr_autorec_entry_t *dae, const char *method, htsmsg_
   htsp_connection_t *htsp;
   LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
     if (htsp->htsp_async_mode & HTSP_ASYNC_ON) {
-      if (dae->dae_channel == NULL || htsp_user_access_channel(htsp, dae->dae_channel)) {
+      if ((dae->dae_channel == NULL || htsp_user_access_channel(htsp, dae->dae_channel)) &&
+          !dvr_autorec_entry_verify(dae, htsp->htsp_granted_access)) {
         htsmsg_t *m = msg ? htsmsg_copy(msg)
                           : htsp_build_autorecentry(dae, method);
         htsp_send_message(htsp, m, NULL);
@@ -3089,7 +3116,8 @@ _htsp_timerec_entry_update(dvr_timerec_entry_t *dte, const char *method, htsmsg_
   htsp_connection_t *htsp;
   LIST_FOREACH(htsp, &htsp_async_connections, htsp_async_link) {
     if (htsp->htsp_async_mode & HTSP_ASYNC_ON) {
-      if (dte->dte_channel == NULL || htsp_user_access_channel(htsp, dte->dte_channel)) {
+      if ((dte->dte_channel == NULL || htsp_user_access_channel(htsp, dte->dte_channel)) &&
+          !dvr_timerec_entry_verify(dte, htsp->htsp_granted_access)) {
         htsmsg_t *m = msg ? htsmsg_copy(msg)
                           : htsp_build_timerecentry(dte, method);
         htsp_send_message(htsp, m, NULL);