Fix several manager issues

author: Anton Tananaev <anton@traccar.org> 2022-05-27 17:27:10 -0700
committer: Anton Tananaev <anton@traccar.org> 2022-05-27 17:27:10 -0700
commit: 8ed7d6cd19f221c40e9994c0469009ff9c0e46b1 (patch)
tree: bfca6ce96520d2db4bd654b4977f82a37fbff5c6 /src/main/java/org/traccar/api/security
parent: 79b5d08f45e8be4ff7d0072cd91fed39d5afe117 (diff)
download: trackermap-server-8ed7d6cd19f221c40e9994c0469009ff9c0e46b1.tar.gz
trackermap-server-8ed7d6cd19f221c40e9994c0469009ff9c0e46b1.tar.bz2
trackermap-server-8ed7d6cd19f221c40e9994c0469009ff9c0e46b1.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index 4d5cd88ab..ac687fc1c 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -21,6 +21,7 @@ import org.traccar.model.Command;
 import org.traccar.model.Device;
 import org.traccar.model.Group;
 import org.traccar.model.GroupedModel;
+import org.traccar.model.ManagedUser;
 import org.traccar.model.ScheduledModel;
 import org.traccar.model.Server;
 import org.traccar.model.User;
@@ -60,9 +61,13 @@ public class PermissionsService {
         return user;
     }
 
+    public boolean isAdmin(long userId) throws StorageException {
+        return getUser(userId).getAdministrator();
+    }
+
     public void checkAdmin(long userId) throws StorageException, SecurityException {
         if (!getUser(userId).getAdministrator()) {
-            throw new SecurityException("Account is readonly");
+            throw new SecurityException("Administrator access required");
         }
     }
 
@@ -118,7 +123,7 @@ public class PermissionsService {
     public void checkUser(long userId, long managedUserId) throws StorageException, SecurityException {
         if (userId != managedUserId && !getUser(userId).getAdministrator()) {
             if (!getUser(userId).getManager()
-                    || storage.getPermissions(User.class, userId, User.class, managedUserId).isEmpty()) {
+                    || storage.getPermissions(User.class, userId, ManagedUser.class, managedUserId).isEmpty()) {
                 throw new SecurityException("User access denied");
             }
         }
@@ -129,7 +134,8 @@ public class PermissionsService {
         if (!getUser(userId).getAdministrator() && !(clazz.equals(User.class) && userId == objectId)) {
             var objects = storage.getObjects(clazz, new Request(
                     new Columns.Include("id"),
-                    new Condition.Permission(User.class, userId, clazz)));
+                    new Condition.Permission(
+                            User.class, userId, clazz.equals(User.class) ? ManagedUser.class : clazz)));
             boolean found = false;
             for (var object : objects) {
                 if (object.getId() == objectId) {
author	Anton Tananaev <anton@traccar.org>	2022-05-27 17:27:10 -0700
committer	Anton Tananaev <anton@traccar.org>	2022-05-27 17:27:10 -0700
commit	8ed7d6cd19f221c40e9994c0469009ff9c0e46b1 (patch)
tree	bfca6ce96520d2db4bd654b4977f82a37fbff5c6 /src/main/java/org/traccar/api/security
parent	79b5d08f45e8be4ff7d0072cd91fed39d5afe117 (diff)
download	trackermap-server-8ed7d6cd19f221c40e9994c0469009ff9c0e46b1.tar.gz trackermap-server-8ed7d6cd19f221c40e9994c0469009ff9c0e46b1.tar.bz2 trackermap-server-8ed7d6cd19f221c40e9994c0469009ff9c0e46b1.zip