diff options
Diffstat (limited to 'src/main/java/org/traccar/api')
6 files changed, 138 insertions, 34 deletions
diff --git a/src/main/java/org/traccar/api/AsyncSocket.java b/src/main/java/org/traccar/api/AsyncSocket.java index b2ff5031a..b1853822d 100644 --- a/src/main/java/org/traccar/api/AsyncSocket.java +++ b/src/main/java/org/traccar/api/AsyncSocket.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2021 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -64,6 +64,11 @@ public class AsyncSocket extends WebSocketAdapter implements ConnectionManager.U } @Override + public void onKeepalive() { + sendData(new HashMap<>()); + } + + @Override public void onUpdateDevice(Device device) { Map<String, Collection<?>> data = new HashMap<>(); data.put(KEY_DEVICES, Collections.singletonList(device)); @@ -85,7 +90,7 @@ public class AsyncSocket extends WebSocketAdapter implements ConnectionManager.U } private void sendData(Map<String, Collection<?>> data) { - if (!data.isEmpty() && isConnected()) { + if (isConnected()) { try { getRemote().sendString(Context.getObjectMapper().writeValueAsString(data), null); } catch (JsonProcessingException e) { diff --git a/src/main/java/org/traccar/api/resource/EventResource.java b/src/main/java/org/traccar/api/resource/EventResource.java index e0ccf7020..34e4a94ce 100644 --- a/src/main/java/org/traccar/api/resource/EventResource.java +++ b/src/main/java/org/traccar/api/resource/EventResource.java @@ -1,3 +1,18 @@ +/* + * Copyright 2016 - 2021 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.traccar.api.resource; import java.sql.SQLException; @@ -7,7 +22,9 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; import org.traccar.Context; import org.traccar.api.BaseResource; @@ -25,6 +42,9 @@ public class EventResource extends BaseResource { @GET public Event get(@PathParam("id") long id) throws SQLException { Event event = Context.getDataManager().getObject(Event.class, id); + if (event == null) { + throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); + } Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId()); if (event.getGeofenceId() != 0) { Context.getPermissionsManager().checkPermission(Geofence.class, getUserId(), event.getGeofenceId()); diff --git a/src/main/java/org/traccar/api/resource/OrderResource.java b/src/main/java/org/traccar/api/resource/OrderResource.java new file mode 100644 index 000000000..77608a508 --- /dev/null +++ b/src/main/java/org/traccar/api/resource/OrderResource.java @@ -0,0 +1,35 @@ +/* + * Copyright 2021 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import org.traccar.api.SimpleObjectResource; +import org.traccar.model.Order; + +import javax.ws.rs.Consumes; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +@Path("orders") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class OrderResource extends SimpleObjectResource<Order> { + + public OrderResource() { + super(Order.class); + } + +} diff --git a/src/main/java/org/traccar/api/resource/PasswordResource.java b/src/main/java/org/traccar/api/resource/PasswordResource.java index 20e8d768d..1868a6191 100644 --- a/src/main/java/org/traccar/api/resource/PasswordResource.java +++ b/src/main/java/org/traccar/api/resource/PasswordResource.java @@ -19,7 +19,7 @@ import org.apache.velocity.VelocityContext; import org.traccar.Context; import org.traccar.api.BaseResource; import org.traccar.model.User; -import org.traccar.notification.FullMessage; +import org.traccar.notification.NotificationMessage; import org.traccar.notification.TextTemplateFormatter; import javax.annotation.security.PermitAll; @@ -53,8 +53,9 @@ public class PasswordResource extends BaseResource { Context.getUsersManager().updateItem(user); VelocityContext velocityContext = TextTemplateFormatter.prepareContext(null); velocityContext.put("token", token); - FullMessage message = TextTemplateFormatter.formatFullMessage(velocityContext, "passwordReset"); - Context.getMailManager().sendMessage(userId, message.getSubject(), message.getBody()); + NotificationMessage fullMessage = + TextTemplateFormatter.formatMessage(velocityContext, "passwordReset", "full"); + Context.getMailManager().sendMessage(userId, fullMessage.getSubject(), fullMessage.getBody()); break; } } diff --git a/src/main/java/org/traccar/api/resource/PermissionsResource.java b/src/main/java/org/traccar/api/resource/PermissionsResource.java index b89d9d376..54d3964b6 100644 --- a/src/main/java/org/traccar/api/resource/PermissionsResource.java +++ b/src/main/java/org/traccar/api/resource/PermissionsResource.java @@ -17,13 +17,17 @@ package org.traccar.api.resource; import java.sql.SQLException; +import java.util.Collections; import java.util.LinkedHashMap; +import java.util.List; +import java.util.Set; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -55,30 +59,62 @@ public class PermissionsResource extends BaseResource { permission.getPropertyClass(), getUserId(), permission.getPropertyId()); } + private void checkPermissionTypes(List<LinkedHashMap<String, Long>> entities) { + Set<String> keys = null; + for (LinkedHashMap<String, Long> entity: entities) { + if (keys != null & !entity.keySet().equals(keys)) { + throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).build()); + } + keys = entity.keySet(); + } + } + + @Path("bulk") @POST - public Response add(LinkedHashMap<String, Long> entity) throws SQLException, ClassNotFoundException { + public Response add(List<LinkedHashMap<String, Long>> entities) throws SQLException, ClassNotFoundException { Context.getPermissionsManager().checkReadonly(getUserId()); - Permission permission = new Permission(entity); - checkPermission(permission, true); - Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), - permission.getPropertyClass(), permission.getPropertyId(), true); - LogAction.link(getUserId(), permission.getOwnerClass(), permission.getOwnerId(), - permission.getPropertyClass(), permission.getPropertyId()); - Context.getPermissionsManager().refreshPermissions(permission); + checkPermissionTypes(entities); + for (LinkedHashMap<String, Long> entity: entities) { + Permission permission = new Permission(entity); + checkPermission(permission, true); + Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), + permission.getPropertyClass(), permission.getPropertyId(), true); + LogAction.link(getUserId(), permission.getOwnerClass(), permission.getOwnerId(), + permission.getPropertyClass(), permission.getPropertyId()); + } + if (!entities.isEmpty()) { + Context.getPermissionsManager().refreshPermissions(new Permission(entities.get(0))); + } return Response.noContent().build(); } + @POST + public Response add(LinkedHashMap<String, Long> entity) throws SQLException, ClassNotFoundException { + return add(Collections.singletonList(entity)); + } + @DELETE - public Response remove(LinkedHashMap<String, Long> entity) throws SQLException, ClassNotFoundException { + @Path("bulk") + public Response remove(List<LinkedHashMap<String, Long>> entities) throws SQLException, ClassNotFoundException { Context.getPermissionsManager().checkReadonly(getUserId()); - Permission permission = new Permission(entity); - checkPermission(permission, false); - Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), - permission.getPropertyClass(), permission.getPropertyId(), false); - LogAction.unlink(getUserId(), permission.getOwnerClass(), permission.getOwnerId(), - permission.getPropertyClass(), permission.getPropertyId()); - Context.getPermissionsManager().refreshPermissions(permission); + checkPermissionTypes(entities); + for (LinkedHashMap<String, Long> entity: entities) { + Permission permission = new Permission(entity); + checkPermission(permission, false); + Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), + permission.getPropertyClass(), permission.getPropertyId(), false); + LogAction.unlink(getUserId(), permission.getOwnerClass(), permission.getOwnerId(), + permission.getPropertyClass(), permission.getPropertyId()); + } + if (!entities.isEmpty()) { + Context.getPermissionsManager().refreshPermissions(new Permission(entities.get(0))); + } return Response.noContent().build(); } + @DELETE + public Response remove(LinkedHashMap<String, Long> entity) throws SQLException, ClassNotFoundException { + return remove(Collections.singletonList(entity)); + } + } diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index e3c5d457f..60ce5490a 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2021 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -57,8 +57,19 @@ public class SessionResource extends BaseResource { @PermitAll @GET public User get(@QueryParam("token") String token) throws SQLException, UnsupportedEncodingException { + + if (token != null) { + User user = Context.getUsersManager().getUserByToken(token); + if (user != null) { + Context.getPermissionsManager().checkUserEnabled(user.getId()); + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + return user; + } + } + Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); if (userId == null) { + Cookie[] cookies = request.getCookies(); String email = null, password = null; if (cookies != null) { @@ -77,24 +88,20 @@ public class SessionResource extends BaseResource { if (email != null && password != null) { User user = Context.getPermissionsManager().login(email, password); if (user != null) { - userId = user.getId(); - request.getSession().setAttribute(USER_ID_KEY, userId); - } - } else if (token != null) { - User user = Context.getUsersManager().getUserByToken(token); - if (user != null) { - userId = user.getId(); - request.getSession().setAttribute(USER_ID_KEY, userId); + Context.getPermissionsManager().checkUserEnabled(user.getId()); + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + return user; } } - } - if (userId != null) { + } else { + Context.getPermissionsManager().checkUserEnabled(userId); return Context.getPermissionsManager().getUser(userId); - } else { - throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); + } + + throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); } @PermitAll |