aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/SecurityRequestFilter.java40
-rw-r--r--src/org/traccar/api/resource/DeviceResource.java7
-rw-r--r--src/org/traccar/api/resource/SessionResource.java3
-rw-r--r--src/org/traccar/api/resource/UserResource.java11
4 files changed, 40 insertions, 21 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index fd4c77525..3f2390754 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -17,6 +17,7 @@ package org.traccar.api;
import org.traccar.Context;
import org.traccar.api.resource.SessionResource;
+import org.traccar.helper.Log;
import org.traccar.model.User;
import javax.annotation.security.PermitAll;
@@ -62,28 +63,35 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
SecurityContext securityContext = null;
- String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
- if (authHeader != null) {
+ try {
- try {
- String[] auth = decodeBasicAuth(authHeader);
- User user = Context.getDataManager().login(auth[0], auth[1]);
- if (user != null) {
- Context.getStatisticsManager().registerRequest(user.getId());
- securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
+ String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
+ if (authHeader != null) {
+
+ try {
+ String[] auth = decodeBasicAuth(authHeader);
+ User user = Context.getPermissionsManager().login(auth[0], auth[1]);
+ if (user != null) {
+ Context.getStatisticsManager().registerRequest(user.getId());
+ securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
+ }
+ } catch (SQLException e) {
+ throw new WebApplicationException(e);
}
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
- } else if (request.getSession() != null) {
+ } else if (request.getSession() != null) {
+
+ Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
+ if (userId != null) {
+ Context.getPermissionsManager().checkUser(userId);
+ Context.getStatisticsManager().registerRequest(userId);
+ securityContext = new UserSecurityContext(new UserPrincipal(userId));
+ }
- Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
- if (userId != null) {
- Context.getStatisticsManager().registerRequest(userId);
- securityContext = new UserSecurityContext(new UserPrincipal(userId));
}
+ } catch (SecurityException e) {
+ Log.warning(e);
}
if (securityContext != null) {
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index f20ed86ad..0b389ede1 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -58,6 +58,13 @@ public class DeviceResource extends BaseResource {
@POST
public Response add(Device entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ int deviceLimit = Context.getPermissionsManager().getUser(getUserId()).getDeviceLimit();
+ if (deviceLimit != 0) {
+ int deviceCount = Context.getPermissionsManager().getDevicePermissions(getUserId()).size();
+ if (deviceCount >= deviceLimit) {
+ throw new SecurityException("User device limit reached");
+ }
+ }
Context.getDeviceManager().addDevice(entity);
Context.getDataManager().linkDevice(getUserId(), entity.getId());
Context.getPermissionsManager().refreshPermissions();
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 2847e41c1..a61738c7e 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -64,7 +64,7 @@ public class SessionResource extends BaseResource {
}
}
if (email != null && password != null) {
- User user = Context.getDataManager().login(email, password);
+ User user = Context.getPermissionsManager().login(email, password);
if (user != null) {
userId = user.getId();
request.getSession().setAttribute(USER_ID_KEY, userId);
@@ -73,6 +73,7 @@ public class SessionResource extends BaseResource {
}
if (userId != null) {
+ Context.getPermissionsManager().checkUser(userId);
return Context.getPermissionsManager().getUser(userId);
} else {
throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index f0a8597cc..c6e84c918 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -60,13 +60,16 @@ public class UserResource extends BaseResource {
@Path("{id}")
@PUT
public Response update(@PathParam("id") long id, User entity) throws SQLException {
- if (entity.getAdmin()) {
+ User old = Context.getPermissionsManager().getUser(entity.getId());
+ if (old.getExpirationTime() == null && entity.getExpirationTime() != null
+ || old.getExpirationTime() != null && !old.getExpirationTime().equals(entity.getExpirationTime())
+ || old.getAdmin() != entity.getAdmin()
+ || old.getReadonly() != entity.getReadonly()
+ || old.getDisabled() != entity.getDisabled()
+ || old.getDeviceLimit() != entity.getDeviceLimit()) {
Context.getPermissionsManager().checkAdmin(getUserId());
} else {
Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
- if (!entity.getReadonly()) {
- Context.getPermissionsManager().checkReadonly(entity.getId());
- }
}
Context.getPermissionsManager().updateUser(entity);
if (Context.getNotificationManager() != null) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-14 21:14:51 +0000