From df18aa673e1dd90133b4d5b2381773b017fef729 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 17 Dec 2015 14:12:53 +0100
Subject: added sanity checks for listdropboxes.cgi


diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index cb608f4..39270e6 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -36,24 +36,32 @@ my $q = CGI->new;
 my $username = $q->param('LOGIN_NAME');
 my $token = $q->param('PASSWORD');
 
-(my $ctx, $status, $errorstring) = RHRD::rddb::init();
-if(defined $ctx) {
-  my $result;
-  ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
-  if($result == 1) {
-    $responsecode = 200;
-    @dropboxes = RHRD::rddb::get_dropboxes($ctx, $username);
-    if(!defined $dropboxes[0] && defined $dropboxes[1]) {
+if(!defined $username) {
+  $responsecode = 400;
+  $errorstring = "mandatory field LOGIN_NAME is missing"
+} elsif(!defined $token) {
+  $responsecode = 400;
+  $errorstring = "mandatory field PASSWORD is missing"
+} else {
+  (my $ctx, $status, $errorstring) = RHRD::rddb::init();
+  if(defined $ctx) {
+    my $result;
+    ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
+    if($result == 1) {
+      $responsecode = 200;
+      @dropboxes = RHRD::rddb::get_dropboxes($ctx, $username);
+      if(!defined $dropboxes[0] && defined $dropboxes[1]) {
+        $responsecode = 500;
+        $status = $dropboxes[1];
+        $errorstring = $dropboxes[2];
+      }
+    } elsif($result == 0) {
+      $responsecode = 401;
+    } else {
       $responsecode = 500;
-      $status = $dropboxes[1];
-      $errorstring = $dropboxes[2];
     }
-  } elsif($result == 0) {
-    $responsecode = 401;
-  } else {
-    $responsecode = 500;
+    RHRD::rddb::destroy($ctx);
   }
-  RHRD::rddb::destroy($ctx);
 }
 
 print "Content-type: application/xml; charset=UTF-8\n";
diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi
index 6e18e7e..1ec5313 100755
--- a/rh-bin/musicgrid.cgi
+++ b/rh-bin/musicgrid.cgi
@@ -35,6 +35,9 @@ my @clocks = ();
 my $q = CGI->new;
 my $username = $q->param('LOGIN_NAME');
 my $token = $q->param('PASSWORD');
+my $command = $q->param('PASSWORD');
+
+if(!defined $command
 
 (my $ctx, $status, $errorstring) = RHRD::rddb::init();
 if(defined $ctx) {
-- 
cgit v0.10.2


From f668cb35d19ac92748ffe5d65952ada01ea0e214 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 17 Dec 2015 16:12:27 +0100
Subject: implemented get command


diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi
index 1ec5313..aa823aa 100755
--- a/rh-bin/musicgrid.cgi
+++ b/rh-bin/musicgrid.cgi
@@ -25,6 +25,7 @@ use strict;
 use CGI;
 use POSIX;
 use XML::Quote;
+use lib "../../rhrdlibs/lib/";
 use RHRD::rddb;
 
 my $status = 'ERROR';
@@ -33,40 +34,79 @@ my $responsecode = 500;
 my @clocks = ();
 
 my $q = CGI->new;
-my $username = $q->param('LOGIN_NAME');
-my $token = $q->param('PASSWORD');
-my $command = $q->param('PASSWORD');
+my $username = ""; #$q->param('LOGIN_NAME');
+my $token = ""; #$q->param('PASSWORD');
+my $cmd = "get"; #$q->param('COMMAND');
 
-if(!defined $command
+sub get_clocks
+{
+  my ($ctx) = @_;
 
-(my $ctx, $status, $errorstring) = RHRD::rddb::init();
-if(defined $ctx) {
-  my $result = 1;
-#  ($result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
-  if($result == 1) {
-    # TODO: check if user is allowed to read/edit music pools
-    # TODO: dispatch command get,set
-    $responsecode = 200;
-    @clocks = RHRD::rddb::get_musicpools_clocks($ctx);
-    if(!defined $clocks[0] && defined $clocks[1]) {
+  @clocks = RHRD::rddb::get_musicpools_clocks($ctx);
+  if(!defined $clocks[0] && defined $clocks[1]) {
+    return 500, $clocks[1] . ": " . $clocks[2];
+  }
+
+  return 200, "OK";
+}
+
+sub set_clock
+{
+  my ($ctx) = @_;
+
+  my $dow = $q->param('DOW');
+  my $hour = $q->param('HOUR');
+  my $shortname = $q->param('NAME');
+
+  if(!defined $dow) {
+    return 400 ,"mandatory field DOW is missing";
+  } elsif(!defined $hour) {
+    return 400, "mandatory field HOUR is missing";
+  } elsif(!defined $shortname) {
+    return 400, "mandatory field NAME is missing";
+  }
+
+  return 500, "not yet implemented";
+}
+
+if(!defined $username) {
+  $responsecode = 400;
+  $errorstring = "mandatory field LOGIN_NAME is missing";
+} elsif(!defined $token) {
+  $responsecode = 400;
+  $errorstring = "mandatory field PASSWORD is missing";
+} elsif(!defined $cmd) {
+  $responsecode = 400;
+  $errorstring = "mandatory field COMMAND is missing";
+} else {
+  (my $ctx, $status, $errorstring) = RHRD::rddb::init();
+  if(defined $ctx) {
+    my $result = 1; #  (my $result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
+    if($result == 1) {
+      # TODO: check if user is allowed to read/edit music pools
+      if($cmd eq "get") {
+        ($responsecode, $errorstring) = get_clocks($ctx);
+      }
+      elsif($cmd eq "set") {
+        ($responsecode, $errorstring) = set_clock($ctx);
+      }
+      else {
+        $responsecode = 400;
+        $errorstring = "command '$cmd' is unknown";
+      }
+    } elsif($result == 0) {
+      $responsecode = 401;
+    } else {
       $responsecode = 500;
-      $status = $clocks[1];
-      $errorstring = $clocks[2];
     }
-  } elsif($result == 0) {
-    $responsecode = 401;
-  } else {
-    $responsecode = 500;
+    RHRD::rddb::destroy($ctx);
   }
-  RHRD::rddb::destroy($ctx);
 }
 
-
 print "Content-type: application/xml; charset=UTF-8\n";
 print "Status: $responsecode\n\n";
 
-# TODO: dispatch command get,set
-if($responsecode != 200) {
+if($cmd eq "set" || $responsecode != 200) {
   print "<RDWebResult>\n";
   print "  <ResponseCode>" . xml_quote($responsecode) . "</ResponseCode>\n";
   print "  <ErrorString>" . xml_quote($errorstring) . "</ErrorString>\n";
@@ -75,7 +115,7 @@ if($responsecode != 200) {
   print "<grid>\n";
   for my $href (@clocks) {
     print "  <clock dow=\"" . xml_quote($href->{'DOW'}) . "\" hour=\"" . xml_quote($href->{'HOUR'}) . "\">\n";
-    print "    <name>" . xml_quote($href->{'NAME'}) . "</name>\n";
+    print "    <name>" . xml_quote($href->{'SHORTNAME'}) . "</name>\n";
     print "    <color>" . xml_quote($href->{'COLOR'}) . "</color>\n";
     print "    <title>" . xml_quote($href->{'TITLE'}) . "</title>\n";
     print "  </clock>\n";
-- 
cgit v0.10.2


From 40947fb5575fa3a6053302263a52bbaa54ecff97 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 17 Dec 2015 16:34:46 +0100
Subject: added check for authorization to musicgrid.cgi


diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi
index aa823aa..b1bfa1f 100755
--- a/rh-bin/musicgrid.cgi
+++ b/rh-bin/musicgrid.cgi
@@ -34,7 +34,7 @@ my $responsecode = 500;
 my @clocks = ();
 
 my $q = CGI->new;
-my $username = ""; #$q->param('LOGIN_NAME');
+my $username = "equinox"; #$q->param('LOGIN_NAME');
 my $token = ""; #$q->param('PASSWORD');
 my $cmd = "get"; #$q->param('COMMAND');
 
@@ -81,9 +81,9 @@ if(!defined $username) {
 } else {
   (my $ctx, $status, $errorstring) = RHRD::rddb::init();
   if(defined $ctx) {
-    my $result = 1; #  (my $result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
-    if($result == 1) {
-      # TODO: check if user is allowed to read/edit music pools
+    my $authenticated = 1; #  (my $authenticated, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
+    my $authorized = RHRD::rddb::is_musicpools_user($ctx, $username);
+    if($authenticated == 1 && $authorized == 1) {
       if($cmd eq "get") {
         ($responsecode, $errorstring) = get_clocks($ctx);
       }
@@ -94,8 +94,11 @@ if(!defined $username) {
         $responsecode = 400;
         $errorstring = "command '$cmd' is unknown";
       }
-    } elsif($result == 0) {
+    } elsif($authenticated == 0) {
       $responsecode = 401;
+    } elsif($authorized == 0) {
+      $responsecode = 403;
+      $errorstring = "user '" . $username . "' is not allowed to access the music grid";
     } else {
       $responsecode = 500;
     }
-- 
cgit v0.10.2


From 9e447636429a231eb7aeda22049422f2dc692936 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 17 Dec 2015 17:07:05 +0100
Subject: also implemented setting of clock


diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi
index b1bfa1f..f2bf9db 100755
--- a/rh-bin/musicgrid.cgi
+++ b/rh-bin/musicgrid.cgi
@@ -25,7 +25,6 @@ use strict;
 use CGI;
 use POSIX;
 use XML::Quote;
-use lib "../../rhrdlibs/lib/";
 use RHRD::rddb;
 
 my $status = 'ERROR';
@@ -34,9 +33,9 @@ my $responsecode = 500;
 my @clocks = ();
 
 my $q = CGI->new;
-my $username = "equinox"; #$q->param('LOGIN_NAME');
-my $token = ""; #$q->param('PASSWORD');
-my $cmd = "get"; #$q->param('COMMAND');
+my $username = $q->param('LOGIN_NAME');
+my $token = $q->param('PASSWORD');
+my $cmd = $q->param('COMMAND');
 
 sub get_clocks
 {
@@ -60,13 +59,22 @@ sub set_clock
 
   if(!defined $dow) {
     return 400 ,"mandatory field DOW is missing";
+  } elsif($dow < 0 || $dow > 6) {
+    return 400 ,"DOW is out of range";
   } elsif(!defined $hour) {
     return 400, "mandatory field HOUR is missing";
+  } elsif($hour < 0 || $hour > 23) {
+    return 400 ,"HOUR is out of range";
   } elsif(!defined $shortname) {
     return 400, "mandatory field NAME is missing";
   }
 
-  return 500, "not yet implemented";
+  my ($result, $status, $error) = RHRD::rddb::set_musicpools_clock($ctx, $dow, $hour, $shortname);
+  if(!defined $result) {
+    return 500, $status . ": " . $error;
+  }
+
+  return 200, "OK";
 }
 
 if(!defined $username) {
@@ -81,7 +89,7 @@ if(!defined $username) {
 } else {
   (my $ctx, $status, $errorstring) = RHRD::rddb::init();
   if(defined $ctx) {
-    my $authenticated = 1; #  (my $authenticated, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
+    (my $authenticated, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
     my $authorized = RHRD::rddb::is_musicpools_user($ctx, $username);
     if($authenticated == 1 && $authorized == 1) {
       if($cmd eq "get") {
-- 
cgit v0.10.2


From 8b419c6f12cfb64aba4bd333873ef8edbda12d92 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 17 Dec 2015 17:48:03 +0100
Subject: add musicpool clock to listdropxes.cgi output


diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0e7aed8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+contrib/Pflichtenheft-Peter.pdf
diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index 39270e6..2b753d1 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -100,6 +100,7 @@ if($responsecode != 200) {
       print "    <jingle-title>" . xml_quote($href->{'JINGLETITLE'}) . "</jingle-title>\n";
     } elsif($href->{'TYPE'} eq "musicpool") {
       print "    <musicpool-title>" . xml_quote($href->{'MUSICPOOLTITLE'}) . "</musicpool-title>\n";
+      print "    <musicpool-clock>" . xml_quote($href->{'MUSICPOOLCLOCK'}) . "</musicpool-clock>\n";
     }
     print "  </dropbox>\n";
   }
-- 
cgit v0.10.2


From 5f72eb4960c9e6fb48a06fcb428ab70b742d9ace Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Fri, 18 Dec 2015 15:44:19 +0100
Subject: disable musicgrid app when switching to shows


diff --git a/www/js/apps.js b/www/js/apps.js
index 2b74edf..99ae50d 100644
--- a/www/js/apps.js
+++ b/www/js/apps.js
@@ -71,6 +71,8 @@ function apps_select(app) {
       $('#nav-btn-jingles').removeClass('active');
       $('#app-musicpools').hide();
       $('#nav-btn-musicpools').removeClass('active');
+      $('#app-musicgrid').hide();
+      $('#nav-btn-musicgrid').removeClass('active');
 
       $('#app-shows').show();
       $('#nav-btn-shows').addClass('active');
-- 
cgit v0.10.2