aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api/BaseObjectResource.java
diff options
context:
space:
mode:
authorIván Ávalos <avalos@disroot.org>2024-08-03 20:52:00 -0600
committerIván Ávalos <avalos@disroot.org>2024-08-03 20:52:00 -0600
commit55f6d92c09a5b1d8566b53633d07be3d31010d3b (patch)
treeb86bed801b0bbadb72c7e839296dae1d28b12bbb /src/main/java/org/traccar/api/BaseObjectResource.java
parentc04ad7d48331253c095fc123ded1b00f6ff871d3 (diff)
parent2788174193def918a3a1a5be3bbed24c9613323f (diff)
downloadtrackermap-server-55f6d92c09a5b1d8566b53633d07be3d31010d3b.tar.gz
trackermap-server-55f6d92c09a5b1d8566b53633d07be3d31010d3b.tar.bz2
trackermap-server-55f6d92c09a5b1d8566b53633d07be3d31010d3b.zip
Merge tag 'tags/v6.3'
Diffstat (limited to 'src/main/java/org/traccar/api/BaseObjectResource.java')
-rw-r--r--src/main/java/org/traccar/api/BaseObjectResource.java18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/main/java/org/traccar/api/BaseObjectResource.java b/src/main/java/org/traccar/api/BaseObjectResource.java
index 2a801221b..e35850e1f 100644
--- a/src/main/java/org/traccar/api/BaseObjectResource.java
+++ b/src/main/java/org/traccar/api/BaseObjectResource.java
@@ -68,7 +68,7 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
@POST
public Response add(T entity) throws Exception {
- permissionsService.checkEdit(getUserId(), entity, true);
+ permissionsService.checkEdit(getUserId(), entity, true, false);
entity.setId(storage.addObject(entity, new Request(new Columns.Exclude("id"))));
LogAction.create(getUserId(), entity);
@@ -86,25 +86,27 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
@Path("{id}")
@PUT
public Response update(T entity) throws Exception {
- permissionsService.checkEdit(getUserId(), entity, false);
permissionsService.checkPermission(baseClass, getUserId(), entity.getId());
- if (entity instanceof User) {
+ boolean skipReadonly = false;
+ if (entity instanceof User after) {
User before = storage.getObject(User.class, new Request(
new Columns.All(), new Condition.Equals("id", entity.getId())));
permissionsService.checkUserUpdate(getUserId(), before, (User) entity);
- } else if (entity instanceof Group) {
- Group group = (Group) entity;
+ skipReadonly = permissionsService.getUser(getUserId())
+ .compare(after, "notificationTokens", "termsAccepted");
+ } else if (entity instanceof Group group) {
if (group.getId() == group.getGroupId()) {
throw new IllegalArgumentException("Cycle in group hierarchy");
}
}
+ permissionsService.checkEdit(getUserId(), entity, false, skipReadonly);
+
storage.updateObject(entity, new Request(
new Columns.Exclude("id"),
new Condition.Equals("id", entity.getId())));
- if (entity instanceof User) {
- User user = (User) entity;
+ if (entity instanceof User user) {
if (user.getHashedPassword() != null) {
storage.updateObject(entity, new Request(
new Columns.Include("hashedPassword", "salt"),
@@ -120,8 +122,8 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
@Path("{id}")
@DELETE
public Response remove(@PathParam("id") long id) throws Exception {
- permissionsService.checkEdit(getUserId(), baseClass, false);
permissionsService.checkPermission(baseClass, getUserId(), id);
+ permissionsService.checkEdit(getUserId(), baseClass, false, false);
storage.removeObject(baseClass, new Request(new Condition.Equals("id", id)));
cacheManager.invalidateObject(true, baseClass, id, ObjectOperation.DELETE);