Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-05-28 14:42:34 +02:00
Code Issues Projects Releases Wiki Activity

2020-11-16 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Modified the Webget service to require the 'Create Carts'
	priviledge in order to upload content.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason 2020-11-16 18:59:54 -05:00
parent 986eb33038
commit 4b76e2e79e
2 changed files with 54 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -20589,3 +20589,6 @@
2020-11-16 Fred Gleason <fredg@paravelsystems.com>
* Modified the 'Encoder Profiles' dialog in rdadmin to left-justify
the 'Name' column.
2020-11-16 Fred Gleason <fredg@paravelsystems.com>
* Modified the Webget service to require the 'Create Carts'
priviledge in order to upload content.

84
web/webget/webget.cpp
View File

@ -341,6 +341,14 @@ void MainObject::GetAudio()
void MainObject::PutAudio()
{
if(!rda->user()->createCarts()) {
rda->syslog(LOG_WARNING,"user \"%s\" lacks CreateCarts permission",
rda->user()->name().toUtf8().constData());
rda->logAuthenticationFailure(webget_post->clientAddress());
ServeLogin(403);
Exit(0);
}
QString group_name;
if(!webget_post->getValue("group",&group_name)) {
rda->syslog(LOG_WARNING,"missing \"group\" in put submission");
@ -348,6 +356,14 @@ void MainObject::PutAudio()
TextExit("missing \"group\"",400,LINE_NUMBER);
Exit(0);
}
if(!rda->user()->groupAuthorized(group_name)) {
rda->syslog(LOG_WARNING,"user \"%s\" lacks permission for group \"%s\"",
rda->user()->name().toUtf8().constData(),
group_name.toUtf8().constData());
rda->logAuthenticationFailure(webget_post->clientAddress());
ServeLogin(403);
Exit(0);
}
QString filename;
if(!webget_post->getValue("filename",&filename)) {
@ -509,41 +525,43 @@ void MainObject::ServeForm()
//
// Put Audio
//
printf(" <tr>\n");
printf(" <td colspan=\"2\"><strong>Put audio into Rivendell</strong></td>\n");
printf(" </tr>\n");
printf(" <tr><td colspan=\"2\"><hr></td></tr>\n");
printf(" <tr>\n");
printf(" <td style=\"text-align: right\">From File:</td>\n");
printf(" <td><input type=\"file\" id=\"filename\" size=\"40\" accept=\"audio/*\" onchange=\"FilenameChanged()\"></td>\n");
printf(" </tr>\n");
if(rda->user()->createCarts()) {
printf(" <tr>\n");
printf(" <td colspan=\"2\"><strong>Put audio into Rivendell</strong></td>\n");
printf(" </tr>\n");
printf(" <tr><td colspan=\"2\"><hr></td></tr>\n");
printf(" <tr>\n");
printf(" <td style=\"text-align: right\">From File:</td>\n");
printf(" <td><input type=\"file\" id=\"filename\" size=\"40\" accept=\"audio/*\" onchange=\"FilenameChanged()\"></td>\n");
printf(" </tr>\n");
printf(" <tr>\n");
printf(" <td style=\"text-align: right\">To Group:</td>\n");
printf(" <td>\n");
printf(" <select id=\"group\">\n");
sql=QString("select ")+
"GROUPS.NAME "+ // 00
"from GROUPS left join USER_PERMS "+
"on GROUPS.NAME=USER_PERMS.GROUP_NAME where "+
"USER_PERMS.USER_NAME=\""+RDEscapeString(rda->user()->name())+"\" && "+
QString().sprintf("GROUPS.DEFAULT_CART_TYPE=%u && ",RDCart::Audio)+
"GROUPS.DEFAULT_LOW_CART>0 && "+
"GROUPS.DEFAULT_HIGH_CART>0 "+
"order by GROUPS.NAME";
q=new RDSqlQuery(sql);
while(q->next()) {
printf(" <option value=\"%s\">%s</option>\n",
q->value(0).toString().toUtf8().constData(),
q->value(0).toString().toUtf8().constData());
printf(" <tr>\n");
printf(" <td style=\"text-align: right\">To Group:</td>\n");
printf(" <td>\n");
printf(" <select id=\"group\">\n");
sql=QString("select ")+
"GROUPS.NAME "+ // 00
"from GROUPS left join USER_PERMS "+
"on GROUPS.NAME=USER_PERMS.GROUP_NAME where "+
"USER_PERMS.USER_NAME=\""+RDEscapeString(rda->user()->name())+"\" && "+
QString().sprintf("GROUPS.DEFAULT_CART_TYPE=%u && ",RDCart::Audio)+
"GROUPS.DEFAULT_LOW_CART>0 && "+
"GROUPS.DEFAULT_HIGH_CART>0 "+
"order by GROUPS.NAME";
q=new RDSqlQuery(sql);
while(q->next()) {
printf(" <option value=\"%s\">%s</option>\n",
q->value(0).toString().toUtf8().constData(),
q->value(0).toString().toUtf8().constData());
}
printf(" </select>\n");
printf(" </td>\n");
printf(" </tr>\n");
printf(" <tr>\n");
printf(" <td style=\"text-align: right\" id=\"put_spinner\">&nbsp;</td>\n");
printf(" <td><input type=\"button\" value=\"OK\" id=\"put_button\" onclick=\"ProcessPut()\" disabled></td>\n");
printf(" </tr>\n");
}
printf(" </select>\n");
printf(" </td>\n");
printf(" </tr>\n");
printf(" <tr>\n");
printf(" <td style=\"text-align: right\" id=\"put_spinner\">&nbsp;</td>\n");
printf(" <td><input type=\"button\" value=\"OK\" id=\"put_button\" onclick=\"ProcessPut()\" disabled></td>\n");
printf(" </tr>\n");
//
// Footer