Project

General

Profile

Bug #5341

/playlist/channels shows URLs even though there is a channel group assigned to that user

Added by Flole Systems over 2 years ago. Updated over 2 years ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2018-11-21
Due date:
% Done:

0%

Estimated time:
Found in version:
4.3-1544~gfb329606b
Affected Versions:

Description

I have limited a users access to channels by selecting a Tag in the config, but in the /playlist/channels file there are still URLs of other Tags shown and also the user is still able to access other streams.

History

#1

Updated by Luis Alves over 2 years ago

Don't forget that the user access is chained (at least I wasn't aware of that until recently).
So, you go from down the top of the access list and whenever the access matches that access entry tag list get "added" to the final tag list.

As an example, imagine that the user matches first an access entry (by IP) that has access to all tags then down the list it matches another access entry (by username).
The tags defined in the second entry are "added" to the first one - the final tag access list is "all tags".

If this is the case, you should define on the second entry an "exclude tag" list (to remove from all tags the ones you don't want to give access to that user).

But the "exclude" functionality is semi-broken:
https://tvheadend.org/issues/5288
https://github.com/tvheadend/tvheadend/pull/1199

#2

Updated by Flole Systems over 2 years ago

I do not have a second "*" entry (as far as I understand/have figured out only those match without a username) that could match.

#3

Updated by Pablo R. over 2 years ago

I can only allow access to an username, not more users.

#4

Updated by Pablo R. over 2 years ago

I think it is still bug

#5

Updated by Jaroslav Kysela over 2 years ago

Could you show '--trace access' lines ?

#6

Updated by Flole Systems over 2 years ago

Sure:

http: HTTP/1.1 GET /playlist/channels{{Host=xxxxxx,X-Real-IP=x.x.x.x,X-Forwarded-For=x.x.x.x,Connection=upgrade,user-agent=Mozilla/5.0 (Windows NT
6.1; rv:60.0) Gecko/20100101 Firefox/60.0,accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,accept-language=en-US,en;q=0.5,accept-encoding=gzip, deflate, br,upgrade-insecure-requests=1,pragma=no-cache,cache-control=no-cache}}
access: x.x.x.x:<no-user> [SA W       ], conn=0:s0:r0:l0, profile=ANY, dvr=ANY, tag=ANY 

Already looked az those (and enabled http trace aswell), but didn't see anything that's wrong. The IP is matching and there is a channel tag checked for that user.

#7

Updated by Luis Alves over 2 years ago

I know it's a stupid question but: do you have "Channel tags" checked on the "Change Parameters" user access config?

#8

Updated by Flole Systems over 2 years ago

Not a stupid question....

This can be closed, I misunderstood what "Change Parameters" meant, I interpreted it as "user can change the following parameters".

Thanks guys!

#9

Updated by Jaroslav Kysela over 2 years ago

  • Status changed from New to Invalid

Also available in: Atom PDF