Tvheadend

It's certainly possible to use a non-superuser account for the api. However many api functions require admin privilege so you may need to use an account with the same rights as the superuser anyway.

Your problem may be due to the complicated way that user access rights are worked out; the order of users in Configuration->Users->Access Entries is important, especially if there is a 'wildcard' user entry. Read the Help text for that screen very carefully.

thank you for taking the time to reply. I did need to adjust the order of the accounts to be proper based on documentation. Unfortunately this manual account (marked as admin) is still unable to access api functions, resulting in 403 errors.

Having looked again through the code I see that 'admin' isn't a superuser flag, it's a privilege like all the others (in this case giving access to the Configuration tab in the UI and all the api functions which affect things in there). You need to also grant your new user the individual rights to access and modify the parts of the system that you want.

What happens if you try to use an api function which doesn't need any privilege, for example api/channel/grid ?

I'm (slowly) working through the api docs adding the privileges needed for each function.

/api/channel/grid? seems to work for the added user. An example of one that doesn't work is /api/dvr/entry/grid_upcoming?sort=start

So my reason for asking for all of this is because I have a friend who is a coder and he was going to work on some custom dashboards for me... currently recording shows gui with the artwork and all, upcoming recordings etc, tuner activity.

I created an account to give him access to the api without having to give my superuser password. If however I do temporarily need to provide it to him, I understand that in order to change it I would need to run sudo dpkg-reconfigure tvheadend

What other options am I reconfiguring with that command? I assume more than just the superuser password? I would hate to lose my working system.

/api/channel/grid? seems to work for the added user. An example of one that doesn't work is /api/dvr/entry/grid_upcoming?sort=start

OK I've created a test user on my system and I'm having the same problem. The only way to use that function (and other dvr calls) is with admin privilege set. Looking through the code I don't understand (a) why it doesn't work with recorder privilege and (b) why admin fixes it. If I can I'll set up another TVH instance to experiment.

I created an account to give him access to the api without having to give my superuser password. If however I do temporarily need to provide it to him, I understand that in order to change it I would need to run sudo dpkg-reconfigure tvheadend.

I've never tried but I can't see why you couldn't just change the user's password in the Passwords screen. Or just give your friend's account admin priv.

Are you referring to the admin check box on the access entries gui or another way to make the account admin? If you're referring to the admin checkbox on the gui under access entries, I have done so. The only thing I haven't done is restart the box after adding this account as admin (not sure if it would help, figured it wouldn't hurt) Unfortunately this box is recording something most of the day so i'll have to wait until late evening to see if a reboot helps the situation.

unless of course you're not referring to the admin check box in the gui.

Truly thank you for your help with this.

Hmmm this works on my test box; my live TVH is recording so I won't check there just yet.

It seems you must have a wildcard user (username * and password *) and it must be the first entry in the user list. Tick all the 'Change parameter' boxes for that user. You can set the actual privs for the wildcard to whatever you're comfortable with. Now access rights for the test user work as expected.

Assuming it works for you, I'm not sure if this is a bug or just the help file is unclear.

The only thing I don't have is a password set for the wildcard user... Should I add a wildcard for username and password in the passwords tab?

Yes the username and password should both be *

I've worked through the TVH source code and now realise that I was mistaken.

In order to use the api a user must have the ACCESS_WEB_INTERFACE privilege, either directly or inherited from an earlier default '*' user. In other words the "Web Interface" box on the User configuration panel must be ticked. It is not necessary for there to be a '*' user.

Apologies for the confusion; I'll update the api docs.

Dave, thank you for your continued efforts / suggestions. Currently I am still unable to get api functions regarding recordings to work. http://ip:9981/api/dvr/entry/grid_upcoming?sort=start comes up 403 still. however /api/serverinfo works. I have the added user marked as admin and web interface box ticked. I am trying with and without a * user.

I will keep messing around and see if I can get it to work as expected for this added user. I truly appreciate your time and contributions to this project.

I figured it out!! I also needed to ensure proper dvr permissions!