From a5c97fd849a2a25d06cbb80382a1a94ca4439d50 Mon Sep 17 00:00:00 2001
From: Juliusz Chroboczek <jch@irif.fr>
Date: Fri, 30 Jul 2021 19:26:34 +0200
Subject: [PATCH] Add System permission.

This replaces the OverridePermissions method, and is communicated
to clients that can reliably and safely identify a system user.
---
 diskwriter/diskwriter.go | 8 +++-----
 group/client.go          | 2 +-
 group/group.go           | 2 +-
 rtpconn/webclient.go     | 4 ----
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/diskwriter/diskwriter.go b/diskwriter/diskwriter.go
index 197235d..474ef52 100644
--- a/diskwriter/diskwriter.go
+++ b/diskwriter/diskwriter.go
@@ -63,16 +63,14 @@ func (client *Client) Challenge(group string, cred group.ClientCredentials) bool
 	return true
 }
 
-func (client *Client) OverridePermissions(g *group.Group) bool {
-	return true
-}
-
 func (client *Client) SetPermissions(perms group.ClientPermissions) {
 	return
 }
 
 func (client *Client) Permissions() group.ClientPermissions {
-	return group.ClientPermissions{}
+	return group.ClientPermissions{
+		System: true,
+	}
 }
 
 func (client *Client) Status() map[string]interface{} {
diff --git a/group/client.go b/group/client.go
index f3c080f..a97cc9a 100644
--- a/group/client.go
+++ b/group/client.go
@@ -85,6 +85,7 @@ type ClientPermissions struct {
 	Op      bool `json:"op,omitempty"`
 	Present bool `json:"present,omitempty"`
 	Record  bool `json:"record,omitempty"`
+	System  bool `json:"system,omitempty"`
 }
 
 type Challengeable interface {
@@ -99,7 +100,6 @@ type Client interface {
 	Permissions() ClientPermissions
 	SetPermissions(ClientPermissions)
 	Status() map[string]interface{}
-	OverridePermissions(*Group) bool
 	PushConn(g *Group, id string, conn conn.Up, tracks []conn.UpTrack, replace string) error
 	RequestConns(target Client, g *Group, id string) error
 	Joined(group, kind string) error
diff --git a/group/group.go b/group/group.go
index 4730121..edb06d3 100644
--- a/group/group.go
+++ b/group/group.go
@@ -485,7 +485,7 @@ func AddClient(group string, c Client) (*Group, error) {
 
 	clients := g.getClientsUnlocked(nil)
 
-	if !c.OverridePermissions(g) {
+	if !c.Permissions().System {
 		perms, err := g.description.GetPermission(group, c)
 		if err != nil {
 			return nil, err
diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go
index 2f43afe..31bfb4e 100644
--- a/rtpconn/webclient.go
+++ b/rtpconn/webclient.go
@@ -107,10 +107,6 @@ func (c *webClient) SetPermissions(perms group.ClientPermissions) {
 	c.permissions = perms
 }
 
-func (c *webClient) OverridePermissions(g *group.Group) bool {
-	return false
-}
-
 func (c *webClient) PushClient(group, kind, id, username string, permissions group.ClientPermissions, status map[string]interface{}) error {
 	return c.action(pushClientAction{
 		group, kind, id, username, permissions, status,