From 9a6ea22616cf3cc67e292c908521b79764400faf Mon Sep 17 00:00:00 2001
From: RaNaN <Mast3rRaNaN@hotmail.de>
Date: Sun, 18 Aug 2013 17:01:17 +0200
Subject: new linkgrabber

---
 pyload/remote/wsbackend/AsyncHandler.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'pyload/remote/wsbackend')

diff --git a/pyload/remote/wsbackend/AsyncHandler.py b/pyload/remote/wsbackend/AsyncHandler.py
index 7eee40707..d53d6bcea 100644
--- a/pyload/remote/wsbackend/AsyncHandler.py
+++ b/pyload/remote/wsbackend/AsyncHandler.py
@@ -75,10 +75,18 @@ class AsyncHandler(AbstractHandler):
             pass
 
     @lock
-    def add_event(self, event, *args):
+    def add_event(self, event, *args, **kwargs):
         # Convert arguments to json suited instance
         event = EventInfo(event, [x.toInfoData() if hasattr(x, 'toInfoData') else x for x in args])
 
+        # use the user kwarg argument to determine access
+        user = None
+        if 'user' in kwargs:
+            user = kwargs['user']
+            del kwargs['user']
+            if hasattr(user, 'uid'):
+                user = user.uid
+
         for req in self.clients:
             # Not logged in yet
             if not req.api: continue
@@ -87,6 +95,9 @@ class AsyncHandler(AbstractHandler):
             # TODO: events are security critical, this should be revised later
             # TODO: permissions? interaction etc
             if not req.api.user.isAdmin():
+                if user is not None and req.api.primaryUID != user:
+                    break
+
                 skip = False
                 for arg in args:
                     if hasattr(arg, 'owner') and arg.owner != req.api.primaryUID:
-- 
cgit v1.2.3