aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-06-16 07:45:19 -0700
committerAnton Tananaev <anton@traccar.org>2022-06-16 07:45:19 -0700
commite74c64f27dc30473d9ef866c5c52e3dd6bee2fc3 (patch)
tree00ff1a6d2debb857aef0c736d3a68b2607b45ab9
parentcc342a9ba371b0dca8d87ca9e74c5907ccb58bc6 (diff)
downloadtrackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.tar.gz
trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.tar.bz2
trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.zip
Refactor device permissions check
-rw-r--r--src/main/java/org/traccar/api/MediaFilter.java23
-rw-r--r--src/main/java/org/traccar/api/resource/EventResource.java4
-rw-r--r--src/main/java/org/traccar/api/security/PermissionsService.java13
-rw-r--r--src/main/java/org/traccar/database/PermissionsManager.java35
-rw-r--r--src/main/java/org/traccar/reports/EventsReportProvider.java6
-rw-r--r--src/main/java/org/traccar/reports/RouteReportProvider.java6
-rw-r--r--src/main/java/org/traccar/reports/StopsReportProvider.java6
-rw-r--r--src/main/java/org/traccar/reports/SummaryReportProvider.java4
-rw-r--r--src/main/java/org/traccar/reports/TripsReportProvider.java6
-rw-r--r--src/main/java/org/traccar/reports/common/ReportUtils.java12
10 files changed, 62 insertions, 53 deletions
diff --git a/src/main/java/org/traccar/api/MediaFilter.java b/src/main/java/org/traccar/api/MediaFilter.java
index 0433147f8..c6ac811d7 100644
--- a/src/main/java/org/traccar/api/MediaFilter.java
+++ b/src/main/java/org/traccar/api/MediaFilter.java
@@ -28,12 +28,17 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.traccar.Context;
import org.traccar.Main;
import org.traccar.api.resource.SessionResource;
+import org.traccar.api.security.PermissionsService;
import org.traccar.database.StatisticsManager;
import org.traccar.helper.Log;
import org.traccar.model.Device;
+import org.traccar.storage.Storage;
+import org.traccar.storage.StorageException;
+import org.traccar.storage.query.Columns;
+import org.traccar.storage.query.Condition;
+import org.traccar.storage.query.Request;
public class MediaFilter implements Filter {
@@ -44,6 +49,11 @@ public class MediaFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
+
+ PermissionsService permissionsService = Main.getInjector().getInstance(PermissionsService.class);
+ Storage storage = Main.getInjector().getInstance(Storage.class);
+ StatisticsManager statisticsManager = Main.getInjector().getInstance(StatisticsManager.class);
+
HttpServletResponse httpResponse = (HttpServletResponse) response;
try {
HttpSession session = ((HttpServletRequest) request).getSession(false);
@@ -51,8 +61,8 @@ public class MediaFilter implements Filter {
if (session != null) {
userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY);
if (userId != null) {
- Context.getPermissionsManager().checkUserEnabled(userId);
- Main.getInjector().getInstance(StatisticsManager.class).registerRequest(userId);
+ permissionsService.checkUserEnabled(userId);
+ statisticsManager.registerRequest(userId);
}
}
if (userId == null) {
@@ -63,16 +73,17 @@ public class MediaFilter implements Filter {
String path = ((HttpServletRequest) request).getPathInfo();
String[] parts = path != null ? path.split("/") : null;
if (parts != null && parts.length >= 2) {
- Device device = Context.getDeviceManager().getByUniqueId(parts[1]);
+ Device device = storage.getObject(Device.class, new Request(
+ new Columns.All(), new Condition.Equals("uniqueId", "uniqueId", parts[1])));
if (device != null) {
- Context.getPermissionsManager().checkDevice(userId, device.getId());
+ permissionsService.checkPermission(Device.class, userId, device.getId());
chain.doFilter(request, response);
return;
}
}
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
- } catch (SecurityException e) {
+ } catch (SecurityException | StorageException e) {
httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
httpResponse.getWriter().println(Log.exceptionStack(e));
}
diff --git a/src/main/java/org/traccar/api/resource/EventResource.java b/src/main/java/org/traccar/api/resource/EventResource.java
index eb373946a..3870e9af9 100644
--- a/src/main/java/org/traccar/api/resource/EventResource.java
+++ b/src/main/java/org/traccar/api/resource/EventResource.java
@@ -15,8 +15,8 @@
*/
package org.traccar.api.resource;
-import org.traccar.Context;
import org.traccar.api.BaseResource;
+import org.traccar.model.Device;
import org.traccar.model.Event;
import org.traccar.storage.StorageException;
import org.traccar.storage.query.Columns;
@@ -45,7 +45,7 @@ public class EventResource extends BaseResource {
if (event == null) {
throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
}
- Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId());
+ permissionsService.checkPermission(Device.class, getUserId(), event.getDeviceId());
return event;
}
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index f39ded2b7..8732a0d04 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -92,6 +92,19 @@ public class PermissionsService {
}
}
+ public void checkUserEnabled(long userId) throws StorageException, SecurityException {
+ User user = getUser(userId);
+ if (user == null) {
+ throw new SecurityException("Unknown account");
+ }
+ if (user.getDisabled()) {
+ throw new SecurityException("Account is disabled");
+ }
+ if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) {
+ throw new SecurityException("Account has expired");
+ }
+ }
+
public void checkEdit(long userId, Class<?> clazz, boolean addition) throws StorageException, SecurityException {
if (!getUser(userId).getAdministrator()) {
boolean denied = false;
diff --git a/src/main/java/org/traccar/database/PermissionsManager.java b/src/main/java/org/traccar/database/PermissionsManager.java
index 3d4e6425a..f6fbd9489 100644
--- a/src/main/java/org/traccar/database/PermissionsManager.java
+++ b/src/main/java/org/traccar/database/PermissionsManager.java
@@ -18,7 +18,6 @@ package org.traccar.database;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.traccar.Context;
-import org.traccar.api.security.PermissionsService;
import org.traccar.model.Device;
import org.traccar.model.Group;
import org.traccar.model.Permission;
@@ -117,21 +116,6 @@ public class PermissionsManager {
}
}
- public Set<Long> getDeviceUsers(long deviceId) {
- Device device = Context.getIdentityManager().getById(deviceId);
- if (device != null && !device.getDisabled()) {
- return getAllDeviceUsers(deviceId);
- } else {
- Set<Long> result = new HashSet<>();
- for (long userId : getAllDeviceUsers(deviceId)) {
- if (getUserAdmin(userId)) {
- result.add(userId);
- }
- }
- return result;
- }
- }
-
public Set<Long> getGroupDevices(long groupId) {
readLock();
try {
@@ -195,12 +179,6 @@ public class PermissionsManager {
return user != null && user.getAdministrator();
}
- public void checkAdmin(long userId) throws SecurityException {
- if (!getUserAdmin(userId)) {
- throw new SecurityException("Admin access required");
- }
- }
-
public boolean getUserManager(long userId) {
User user = getUser(userId);
return user != null && user.getUserLimit() != 0;
@@ -212,11 +190,6 @@ public class PermissionsManager {
}
}
- public boolean getUserReadonly(long userId) {
- User user = getUser(userId);
- return user != null && user.getReadonly();
- }
-
public void checkUserEnabled(long userId) throws SecurityException {
User user = getUser(userId);
if (user == null) {
@@ -230,14 +203,6 @@ public class PermissionsManager {
}
}
- public void checkDevice(long userId, long deviceId) throws SecurityException {
- try {
- new PermissionsService(storage).checkPermission(Device.class, userId, deviceId);
- } catch (StorageException e) {
- throw new RuntimeException(e);
- }
- }
-
public void refreshPermissions(Permission permission) {
if (permission.getOwnerClass().equals(User.class)) {
if (permission.getPropertyClass().equals(Device.class)
diff --git a/src/main/java/org/traccar/reports/EventsReportProvider.java b/src/main/java/org/traccar/reports/EventsReportProvider.java
index b1f7149a2..4db842fdb 100644
--- a/src/main/java/org/traccar/reports/EventsReportProvider.java
+++ b/src/main/java/org/traccar/reports/EventsReportProvider.java
@@ -74,9 +74,10 @@ public class EventsReportProvider {
long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Collection<String> types, Date from, Date to) throws StorageException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<Event> result = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
Collection<Event> events = getEvents(deviceId, from, to);
boolean all = types.isEmpty() || types.contains(Event.ALL_EVENTS);
for (Event event : events) {
@@ -98,12 +99,13 @@ public class EventsReportProvider {
OutputStream outputStream, long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Collection<String> types, Date from, Date to) throws StorageException, IOException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<DeviceReportSection> devicesEvents = new ArrayList<>();
ArrayList<String> sheetNames = new ArrayList<>();
HashMap<Long, String> geofenceNames = new HashMap<>();
HashMap<Long, String> maintenanceNames = new HashMap<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
Collection<Event> events = getEvents(deviceId, from, to);
boolean all = types.isEmpty() || types.contains(Event.ALL_EVENTS);
for (Iterator<Event> iterator = events.iterator(); iterator.hasNext();) {
diff --git a/src/main/java/org/traccar/reports/RouteReportProvider.java b/src/main/java/org/traccar/reports/RouteReportProvider.java
index 903dfe369..b4401bc87 100644
--- a/src/main/java/org/traccar/reports/RouteReportProvider.java
+++ b/src/main/java/org/traccar/reports/RouteReportProvider.java
@@ -59,9 +59,10 @@ public class RouteReportProvider {
public Collection<Position> getObjects(long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to) throws StorageException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<Position> result = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
result.addAll(PositionUtil.getPositions(storage, deviceId, from, to));
}
return result;
@@ -71,10 +72,11 @@ public class RouteReportProvider {
long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to) throws StorageException, IOException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<DeviceReportSection> devicesRoutes = new ArrayList<>();
ArrayList<String> sheetNames = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
var positions = PositionUtil.getPositions(storage, deviceId, from, to);
DeviceReportSection deviceRoutes = new DeviceReportSection();
Device device = Context.getIdentityManager().getById(deviceId);
diff --git a/src/main/java/org/traccar/reports/StopsReportProvider.java b/src/main/java/org/traccar/reports/StopsReportProvider.java
index b9d36eb97..a63d7ee21 100644
--- a/src/main/java/org/traccar/reports/StopsReportProvider.java
+++ b/src/main/java/org/traccar/reports/StopsReportProvider.java
@@ -67,9 +67,10 @@ public class StopsReportProvider {
long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to) throws StorageException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<StopReportItem> result = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
result.addAll(detectStops(deviceId, from, to));
}
return result;
@@ -79,10 +80,11 @@ public class StopsReportProvider {
OutputStream outputStream, long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to) throws StorageException, IOException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<DeviceReportSection> devicesStops = new ArrayList<>();
ArrayList<String> sheetNames = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
Collection<StopReportItem> stops = detectStops(deviceId, from, to);
DeviceReportSection deviceStops = new DeviceReportSection();
Device device = Context.getIdentityManager().getById(deviceId);
diff --git a/src/main/java/org/traccar/reports/SummaryReportProvider.java b/src/main/java/org/traccar/reports/SummaryReportProvider.java
index 68976b987..86d76b4e3 100644
--- a/src/main/java/org/traccar/reports/SummaryReportProvider.java
+++ b/src/main/java/org/traccar/reports/SummaryReportProvider.java
@@ -146,9 +146,10 @@ public class SummaryReportProvider {
long userId, Collection<Long> deviceIds,
Collection<Long> groupIds, Date from, Date to, boolean daily) throws StorageException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<SummaryReportItem> result = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
Collection<SummaryReportItem> deviceResults = calculateSummaryResults(userId, deviceId, from, to, daily);
for (SummaryReportItem summaryReport : deviceResults) {
if (summaryReport.getStartTime() != null && summaryReport.getEndTime() != null) {
@@ -162,7 +163,6 @@ public class SummaryReportProvider {
public void getExcel(OutputStream outputStream,
long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to, boolean daily) throws StorageException, IOException {
- reportUtils.checkPeriodLimit(from, to);
Collection<SummaryReportItem> summaries = getObjects(userId, deviceIds, groupIds, from, to, daily);
File file = Paths.get(config.getString(Keys.TEMPLATES_ROOT), "export", "summary.xlsx").toFile();
diff --git a/src/main/java/org/traccar/reports/TripsReportProvider.java b/src/main/java/org/traccar/reports/TripsReportProvider.java
index 97cfccf74..bec4c39fd 100644
--- a/src/main/java/org/traccar/reports/TripsReportProvider.java
+++ b/src/main/java/org/traccar/reports/TripsReportProvider.java
@@ -67,9 +67,10 @@ public class TripsReportProvider {
public Collection<TripReportItem> getObjects(long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to) throws StorageException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<TripReportItem> result = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
result.addAll(detectTrips(deviceId, from, to));
}
return result;
@@ -79,10 +80,11 @@ public class TripsReportProvider {
long userId, Collection<Long> deviceIds, Collection<Long> groupIds,
Date from, Date to) throws StorageException, IOException {
reportUtils.checkPeriodLimit(from, to);
+ reportUtils.checkPermissions(userId, deviceIds, groupIds);
+
ArrayList<DeviceReportSection> devicesTrips = new ArrayList<>();
ArrayList<String> sheetNames = new ArrayList<>();
for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) {
- Context.getPermissionsManager().checkDevice(userId, deviceId);
Collection<TripReportItem> trips = detectTrips(deviceId, from, to);
DeviceReportSection deviceTrips = new DeviceReportSection();
Device device = Context.getIdentityManager().getById(deviceId);
diff --git a/src/main/java/org/traccar/reports/common/ReportUtils.java b/src/main/java/org/traccar/reports/common/ReportUtils.java
index 95c43f8a0..84866a67b 100644
--- a/src/main/java/org/traccar/reports/common/ReportUtils.java
+++ b/src/main/java/org/traccar/reports/common/ReportUtils.java
@@ -38,8 +38,10 @@ import org.traccar.helper.UnitsConverter;
import org.traccar.helper.model.PositionUtil;
import org.traccar.helper.model.UserUtil;
import org.traccar.model.BaseModel;
+import org.traccar.model.Device;
import org.traccar.model.Driver;
import org.traccar.model.Event;
+import org.traccar.model.Group;
import org.traccar.model.Position;
import org.traccar.model.User;
import org.traccar.reports.model.BaseReportItem;
@@ -109,6 +111,16 @@ public class ReportUtils {
}
}
+ public void checkPermissions(
+ long userId, Collection<Long> deviceIds, Collection<Long> groupIds) throws StorageException {
+ for (long deviceId : deviceIds) {
+ permissionsService.checkPermission(Device.class, userId, deviceId);
+ }
+ for (long groupId : groupIds) {
+ permissionsService.checkPermission(Group.class, userId, groupId);
+ }
+ }
+
public Collection<Long> getDeviceList(Collection<Long> deviceIds, Collection<Long> groupIds) {
Collection<Long> result = new LinkedHashSet<>(deviceIds);
for (long groupId : groupIds) {