allow to disable certain operations (#302)

Author: hyperblast

ChangeLog.md

@@ -3,6 +3,8 @@
 - Add ability to combine Play and Pause buttons
 - Allow specifying explicit null for optional request parameters
 - Limit client config id to 64 characters
+- Don't stop on first invalid config property
+- Allow to limit client operations (e.g. playlist modification)
 - Fix various issues in API documentation
 - Fix view height initialization on mobile browsers
 ### foobar2000

cpp/server/client_config_controller.cpp

@@ -5,8 +5,8 @@
 
 namespace msrv {
 
-ClientConfigController::ClientConfigController(Request* request, const char* appName)
-    : ControllerBase(request), appName_(appName)
+ClientConfigController::ClientConfigController(Request* request, SettingsDataPtr settings, const char* appName)
+    : ControllerBase(request), settings_(std::move(settings)), appName_(appName)
 {
 }
 
@@ -24,6 +24,8 @@ ResponsePtr ClientConfigController::getConfig()
 
 void ClientConfigController::setConfig()
 {
+    checkPermissions();
+
     auto path = getFilePath();
     fs::create_directories(path.parent_path());
     auto data = request()->postData.dump(2);
@@ -33,6 +35,8 @@ void ClientConfigController::setConfig()
 
 void ClientConfigController::removeConfig()
 {
+    checkPermissions();
+
     auto path = getFilePath();
     boost::system::error_code ec;
     fs::remove(path, ec);
@@ -58,12 +62,15 @@ Path ClientConfigController::getFilePath()
     return configDir / MSRV_PATH_LITERAL("clientconfig") / pathFromUtf8(id + ".json");
 }
 
-void ClientConfigController::defineRoutes(Router* router, WorkQueue* workQueue, const char* appName)
+void ClientConfigController::defineRoutes(
+    Router* router, WorkQueue* workQueue, SettingsDataPtr settings, const char* appName)
 {
     auto routes = router->defineRoutes<ClientConfigController>();
-    routes.createWith([=](Request* r) { return new ClientConfigController(r, appName); });
+
+    routes.createWith([=](Request* r) { return new ClientConfigController(r, settings, appName); });
     routes.useWorkQueue(workQueue);
     routes.setPrefix("api/clientconfig");
+
     routes.get(":id", &ClientConfigController::getConfig);
     routes.post(":id", &ClientConfigController::setConfig);
     routes.post("remove/:id", &ClientConfigController::removeConfig);

cpp/server/client_config_controller.hpp

@@ -11,18 +11,24 @@ class Router;
 class ClientConfigController : public ControllerBase
 {
 public:
-    ClientConfigController(Request* request, const char* appName);
+    ClientConfigController(Request* request, SettingsDataPtr settings, const char* appName);
     ~ClientConfigController() = default;
 
     ResponsePtr getConfig();
     void setConfig();
     void removeConfig();
 
-    static void defineRoutes(Router* router, WorkQueue* workQueue, const char* appName);
+    static void defineRoutes(Router* router, WorkQueue* workQueue, SettingsDataPtr settings, const char* appName);
 
 private:
     Path getFilePath();
 
+    void checkPermissions()
+    {
+        settings_->ensurePermissions(ApiPermissions::CHANGE_CLIENT_CONFIG);
+    }
+
+    SettingsDataPtr settings_;
     const char* appName_;
 };
 

cpp/server/core_types.hpp

@@ -20,9 +20,9 @@ enum class Switch
 
 struct Range
 {
-    Range() = default;
+    Range() : offset(0), count(0) { }
 
-    Range(int32_t offsetVal, int32_t countVal = 1)
+    explicit Range(int32_t offsetVal, int32_t countVal = 1)
         : offset(offsetVal), count(countVal)
     {
     }
@@ -44,14 +44,30 @@ class InvalidRequestException : public std::runtime_error
     {
     }
 
-    InvalidRequestException(const std::string& str)
+    explicit InvalidRequestException(const std::string& str)
         : std::runtime_error(str)
     {
     }
 
     ~InvalidRequestException() = default;
 };
 
+class OperationForbiddenException : public std::runtime_error
+{
+public:
+    OperationForbiddenException()
+        : std::runtime_error("operation is not allowed by current configuration")
+    {
+    }
+
+    explicit OperationForbiddenException(const std::string& str)
+        : std::runtime_error(str)
+    {
+    }
+
+    ~OperationForbiddenException() = default;
+};
+
 template<typename T>
 struct MallocDeleter
 {

cpp/server/deadbeef/plugin.cpp

@@ -7,14 +7,15 @@
 #define CONF_AUTH_USER      MSRV_PROJECT_ID ".auth_user"
 #define CONF_AUTH_PASSWORD  MSRV_PROJECT_ID ".auth_password"
 
+#define CONF_PERM_CHANGE_PLAYLISTS        MSRV_PROJECT_ID ".permissions.change_playlists"
+#define CONF_PERM_CHANGE_OUTPUT           MSRV_PROJECT_ID ".permissions.change_output"
+#define CONF_PERM_CHANGE_CLIENT_CONFIG    MSRV_PROJECT_ID ".permissions.change_client_config"
+
 namespace msrv::player_deadbeef {
 
 DB_misc_t PluginWrapper::definition_;
-
 DeadbeefLogger* PluginWrapper::logger_;
-
 Plugin* PluginWrapper::instance_;
-
 char PluginWrapper::licenseText_[] = MSRV_LICENSE_TEXT;
 
 const char PluginWrapper::configDialog_[] =
@@ -23,7 +24,10 @@ const char PluginWrapper::configDialog_[] =
     "property \"Music directories\" entry " CONF_MUSIC_DIRS " \"\";"
     "property \"Require authentication\" checkbox " CONF_AUTH_REQUIRED " 0;"
     "property \"User\" entry " CONF_AUTH_USER " \"\";"
-    "property \"Password\" password " CONF_AUTH_PASSWORD " \"\";";
+    "property \"Password\" password " CONF_AUTH_PASSWORD " \"\";"
+    "property \"Allow changing playlists\" checkbox " CONF_PERM_CHANGE_PLAYLISTS " 1;"
+    "property \"Allow changing output device\" checkbox " CONF_PERM_CHANGE_OUTPUT " 1;"
+    "property \"Allow changing default web interface configuration\" checkbox " CONF_PERM_CHANGE_CLIENT_CONFIG " 1;";
 
 Plugin::Plugin()
     : player_(),
@@ -56,6 +60,7 @@ void Plugin::reconfigure()
     settings->authRequired = authRequired_;
     settings->authUser = authUser_;
     settings->authPassword = authPassword_;
+    settings->permissions = permissions_;
 
     settings->loadAll(MSRV_PLAYER_DEADBEEF);
 
@@ -73,13 +78,15 @@ bool Plugin::refreshSettings()
     auto authRequired = ddbApi->conf_get_int(CONF_AUTH_REQUIRED, 0) != 0;
     auto authUser = ddbApi->conf_get_str_fast(CONF_AUTH_USER, "");
     auto authPassword = ddbApi->conf_get_str_fast(CONF_AUTH_PASSWORD, "");
+    auto permissions = getPermissionsFromConfig();
 
     if (port_ == port &&
         allowRemote_ == allowRemote &&
         musicDirs_ == musicDirs &&
         authRequired_ == authRequired &&
         authUser_ == authUser &&
-        authPassword_ == authPassword)
+        authPassword_ == authPassword &&
+        permissions_ == permissions)
     {
         return false;
     }
@@ -90,10 +97,27 @@ bool Plugin::refreshSettings()
     authRequired_ = authRequired;
     authUser_ = authUser;
     authPassword_ = authPassword;
+    permissions_ = permissions;
 
     return true;
 }
 
+ApiPermissions Plugin::getPermissionsFromConfig()
+{
+    auto result = ApiPermissions::NONE;
+
+    if (ddbApi->conf_get_int(CONF_PERM_CHANGE_PLAYLISTS, 1))
+        result |= ApiPermissions::CHANGE_PLAYLISTS;
+
+    if (ddbApi->conf_get_int(CONF_PERM_CHANGE_OUTPUT, 1))
+        result |= ApiPermissions::CHANGE_OUTPUT;
+
+    if (ddbApi->conf_get_int(CONF_PERM_CHANGE_CLIENT_CONFIG, 1))
+        result |= ApiPermissions::CHANGE_CLIENT_CONFIG;
+
+    return result;
+}
+
 void Plugin::handleMessage(uint32_t id, uintptr_t ctx, uint32_t p1, uint32_t p2)
 {
     switch (id)

cpp/server/deadbeef/plugin.hpp

@@ -30,6 +30,8 @@ class Plugin
     void handleMessage(uint32_t id, uintptr_t ctx, uint32_t p1, uint32_t p2);
 
 private:
+    static ApiPermissions getPermissionsFromConfig();
+
     void handleConfigChanged();
     void handlePluginsLoaded();
     bool refreshSettings();
@@ -45,6 +47,7 @@ class Plugin
     bool authRequired_ = false;
     std::string authUser_;
     std::string authPassword_;
+    ApiPermissions permissions_ = ApiPermissions::ALL;
 
     MSRV_NO_COPY_AND_ASSIGN(Plugin);
 };

cpp/server/defines.hpp

@@ -14,7 +14,12 @@
 #define MSRV_ENUM_FLAGS(Type, Base) \
     inline bool hasFlags(Type target, Type flags) \
     { return (static_cast<Base>(target) & static_cast<Base>(flags)) == static_cast<Base>(flags); } \
-    \
+    inline Type setFlags(Type current, Type flags, bool set) \
+    { \
+        return static_cast<Type>(set \
+            ? (static_cast<Base>(current) | static_cast<Base>(flags)) \
+            : (static_cast<Base>(current) & ~static_cast<Base>(flags))); \
+    } \
     inline Type operator|(Type first, Type second) \
     { return static_cast<Type>(static_cast<Base>(first) | static_cast<Base>(second)); } \
     \

cpp/server/foobar2000/CMakeLists.txt

@@ -11,16 +11,18 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /d2notypeopt")
 set(
     FOOBAR2000_PLUGIN_SOURCES
     common.hpp
+    main_prefs_page.cpp main_prefs_page.hpp
+    permissions_prefs_page.cpp permissions_prefs_page.hpp
     player.hpp
     player_control.cpp
     player_misc.cpp
     player_options.cpp player_options.hpp
     player_playlists.cpp
     playlist_mapping.cpp playlist_mapping.hpp
     plugin.cpp plugin.hpp
+    prefs_page.cpp prefs_page.hpp
     resource.h resource.rc
     settings.cpp settings.hpp
-    settings_page.cpp settings_page.hpp
     utils.cpp utils.hpp
 )