aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAbyss777 <abyss@fox5.ru>2018-01-29 09:40:53 +0500
committerAbyss777 <abyss@fox5.ru>2018-01-29 09:46:01 +0500
commitbda31d967673477331caba9597c1ab57553c4b8d (patch)
tree0889e8e15a0ffca487ab30221a469b89fe5780d4
parent98f14df734f2772d65c28ab4364e37f16efabbad (diff)
downloadtrackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.tar.gz
trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.tar.bz2
trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.zip
Fix ScheduledModel objects permission check
-rw-r--r--src/org/traccar/api/BaseObjectResource.java11
-rw-r--r--src/org/traccar/model/Device.java14
-rw-r--r--src/org/traccar/model/Group.java14
-rw-r--r--src/org/traccar/model/GroupedModel.java31
4 files changed, 44 insertions, 26 deletions
diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java
index e4e00938f..596195cae 100644
--- a/src/org/traccar/api/BaseObjectResource.java
+++ b/src/org/traccar/api/BaseObjectResource.java
@@ -37,6 +37,7 @@ import org.traccar.model.Calendar;
import org.traccar.model.Command;
import org.traccar.model.Device;
import org.traccar.model.Group;
+import org.traccar.model.GroupedModel;
import org.traccar.model.ScheduledModel;
import org.traccar.model.User;
@@ -79,7 +80,10 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
Context.getPermissionsManager().checkDeviceLimit(getUserId());
} else if (baseClass.equals(Command.class)) {
Context.getPermissionsManager().checkLimitCommands(getUserId());
- } else if (entity instanceof ScheduledModel) {
+ } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+ Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
+ ((GroupedModel) entity).getGroupId());
+ } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
((ScheduledModel) entity).getCalendarId());
}
@@ -111,7 +115,10 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity);
} else if (baseClass.equals(Command.class)) {
Context.getPermissionsManager().checkLimitCommands(getUserId());
- } else if (entity instanceof ScheduledModel) {
+ } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+ Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
+ ((GroupedModel) entity).getGroupId());
+ } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
((ScheduledModel) entity).getCalendarId());
}
diff --git a/src/org/traccar/model/Device.java b/src/org/traccar/model/Device.java
index 51b479b09..0c9be932d 100644
--- a/src/org/traccar/model/Device.java
+++ b/src/org/traccar/model/Device.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2012 - 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2012 - 2018 Anton Tananaev (anton@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ import java.util.List;
import org.traccar.database.QueryExtended;
import org.traccar.database.QueryIgnore;
-public class Device extends ExtendedModel {
+public class Device extends GroupedModel {
private String name;
@@ -88,16 +88,6 @@ public class Device extends ExtendedModel {
this.positionId = positionId;
}
- private long groupId;
-
- public long getGroupId() {
- return groupId;
- }
-
- public void setGroupId(long groupId) {
- this.groupId = groupId;
- }
-
private List<Long> geofenceIds;
@QueryIgnore
diff --git a/src/org/traccar/model/Group.java b/src/org/traccar/model/Group.java
index aad206aad..91ea2319d 100644
--- a/src/org/traccar/model/Group.java
+++ b/src/org/traccar/model/Group.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2016 - 2018 Anton Tananaev (anton@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
*/
package org.traccar.model;
-public class Group extends ExtendedModel {
+public class Group extends GroupedModel {
private String name;
@@ -27,14 +27,4 @@ public class Group extends ExtendedModel {
this.name = name;
}
- private long groupId;
-
- public long getGroupId() {
- return groupId;
- }
-
- public void setGroupId(long groupId) {
- this.groupId = groupId;
- }
-
}
diff --git a/src/org/traccar/model/GroupedModel.java b/src/org/traccar/model/GroupedModel.java
new file mode 100644
index 000000000..6b1aa75b1
--- /dev/null
+++ b/src/org/traccar/model/GroupedModel.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 Anton Tananaev (anton@traccar.org)
+ * Copyright 2018 Andrey Kunitsyn (andrey@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.model;
+
+public class GroupedModel extends ExtendedModel {
+
+ private long groupId;
+
+ public long getGroupId() {
+ return groupId;
+ }
+
+ public void setGroupId(long groupId) {
+ this.groupId = groupId;
+ }
+
+}