diff options
| author | Anton Tananaev <anton@traccar.org> | 2022-06-16 07:45:19 -0700 |
|---|---|---|
| committer | Anton Tananaev <anton@traccar.org> | 2022-06-16 07:45:19 -0700 |
| commit | e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3 (patch) | |
| tree | 00ff1a6d2debb857aef0c736d3a68b2607b45ab9 /src/main/java/org/traccar/api/MediaFilter.java | |
| parent | cc342a9ba371b0dca8d87ca9e74c5907ccb58bc6 (diff) | |
| download | trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.tar.gz trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.tar.bz2 trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.zip | |
Refactor device permissions check
Diffstat (limited to 'src/main/java/org/traccar/api/MediaFilter.java')
| -rw-r--r-- | src/main/java/org/traccar/api/MediaFilter.java | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/src/main/java/org/traccar/api/MediaFilter.java b/src/main/java/org/traccar/api/MediaFilter.java index 0433147f8..c6ac811d7 100644 --- a/src/main/java/org/traccar/api/MediaFilter.java +++ b/src/main/java/org/traccar/api/MediaFilter.java @@ -28,12 +28,17 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.traccar.Context; import org.traccar.Main; import org.traccar.api.resource.SessionResource; +import org.traccar.api.security.PermissionsService; import org.traccar.database.StatisticsManager; import org.traccar.helper.Log; import org.traccar.model.Device; +import org.traccar.storage.Storage; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; public class MediaFilter implements Filter { @@ -44,6 +49,11 @@ public class MediaFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + + PermissionsService permissionsService = Main.getInjector().getInstance(PermissionsService.class); + Storage storage = Main.getInjector().getInstance(Storage.class); + StatisticsManager statisticsManager = Main.getInjector().getInstance(StatisticsManager.class); + HttpServletResponse httpResponse = (HttpServletResponse) response; try { HttpSession session = ((HttpServletRequest) request).getSession(false); @@ -51,8 +61,8 @@ public class MediaFilter implements Filter { if (session != null) { userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY); if (userId != null) { - Context.getPermissionsManager().checkUserEnabled(userId); - Main.getInjector().getInstance(StatisticsManager.class).registerRequest(userId); + permissionsService.checkUserEnabled(userId); + statisticsManager.registerRequest(userId); } } if (userId == null) { @@ -63,16 +73,17 @@ public class MediaFilter implements Filter { String path = ((HttpServletRequest) request).getPathInfo(); String[] parts = path != null ? path.split("/") : null; if (parts != null && parts.length >= 2) { - Device device = Context.getDeviceManager().getByUniqueId(parts[1]); + Device device = storage.getObject(Device.class, new Request( + new Columns.All(), new Condition.Equals("uniqueId", "uniqueId", parts[1]))); if (device != null) { - Context.getPermissionsManager().checkDevice(userId, device.getId()); + permissionsService.checkPermission(Device.class, userId, device.getId()); chain.doFilter(request, response); return; } } httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN); - } catch (SecurityException e) { + } catch (SecurityException | StorageException e) { httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); httpResponse.getWriter().println(Log.exceptionStack(e)); } |