diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2016-10-08 15:49:20 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2016-10-08 15:49:20 +1300 |
commit | 7d075e394580b6618d2001f46928cb2465bad0ca (patch) | |
tree | 3dd8fb08117fdd6568385dd18a3a58db3afd3cb6 | |
parent | 138c4ae9c215f2426ddb4b58cfbceb6a72e6259b (diff) | |
download | traccar-server-7d075e394580b6618d2001f46928cb2465bad0ca.tar.gz traccar-server-7d075e394580b6618d2001f46928cb2465bad0ca.tar.bz2 traccar-server-7d075e394580b6618d2001f46928cb2465bad0ca.zip |
Add back-end readonly checks
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 3 | ||||
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 16 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index 2d187fe9d..7790dc908 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -64,6 +64,9 @@ public class UserResource extends BaseResource { Context.getPermissionsManager().checkAdmin(getUserId()); } else { Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); + if (!entity.getReadonly()) { + Context.getPermissionsManager().checkReadonly(entity.getId()); + } } Context.getPermissionsManager().updateUser(entity); if (Context.getNotificationManager() != null) { diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index f5fed978a..e9aaef8f9 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -140,6 +140,16 @@ public class PermissionsManager { } } + public boolean isReadonly(long userId) { + return users.containsKey(userId) && users.get(userId).getReadonly(); + } + + public void checkReadonly(long userId) throws SecurityException { + if (isReadonly(userId)) { + throw new SecurityException("User is readonly"); + } + } + public void checkUser(long userId, long otherUserId) throws SecurityException { if (userId != otherUserId) { checkAdmin(userId); @@ -164,12 +174,6 @@ public class PermissionsManager { } } - public void checkReadonly(long userId) { - if (server.getReadonly() && !isAdmin(userId)) { - throw new SecurityException("Readonly user"); - } - } - public void checkGeofence(long userId, long geofenceId) throws SecurityException { if (!Context.getGeofenceManager().checkGeofence(userId, geofenceId) && !isAdmin(userId)) { throw new SecurityException("Geofence access denied"); |