aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-06-16 07:45:19 -0700
committerAnton Tananaev <anton@traccar.org>2022-06-16 07:45:19 -0700
commite74c64f27dc30473d9ef866c5c52e3dd6bee2fc3 (patch)
tree00ff1a6d2debb857aef0c736d3a68b2607b45ab9 /src/main/java/org/traccar/api
parentcc342a9ba371b0dca8d87ca9e74c5907ccb58bc6 (diff)
downloadtrackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.tar.gz
trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.tar.bz2
trackermap-server-e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3.zip
Refactor device permissions check
Diffstat (limited to 'src/main/java/org/traccar/api')
-rw-r--r--src/main/java/org/traccar/api/MediaFilter.java23
-rw-r--r--src/main/java/org/traccar/api/resource/EventResource.java4
-rw-r--r--src/main/java/org/traccar/api/security/PermissionsService.java13
3 files changed, 32 insertions, 8 deletions
diff --git a/src/main/java/org/traccar/api/MediaFilter.java b/src/main/java/org/traccar/api/MediaFilter.java
index 0433147f8..c6ac811d7 100644
--- a/src/main/java/org/traccar/api/MediaFilter.java
+++ b/src/main/java/org/traccar/api/MediaFilter.java
@@ -28,12 +28,17 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.traccar.Context;
import org.traccar.Main;
import org.traccar.api.resource.SessionResource;
+import org.traccar.api.security.PermissionsService;
import org.traccar.database.StatisticsManager;
import org.traccar.helper.Log;
import org.traccar.model.Device;
+import org.traccar.storage.Storage;
+import org.traccar.storage.StorageException;
+import org.traccar.storage.query.Columns;
+import org.traccar.storage.query.Condition;
+import org.traccar.storage.query.Request;
public class MediaFilter implements Filter {
@@ -44,6 +49,11 @@ public class MediaFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
+
+ PermissionsService permissionsService = Main.getInjector().getInstance(PermissionsService.class);
+ Storage storage = Main.getInjector().getInstance(Storage.class);
+ StatisticsManager statisticsManager = Main.getInjector().getInstance(StatisticsManager.class);
+
HttpServletResponse httpResponse = (HttpServletResponse) response;
try {
HttpSession session = ((HttpServletRequest) request).getSession(false);
@@ -51,8 +61,8 @@ public class MediaFilter implements Filter {
if (session != null) {
userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY);
if (userId != null) {
- Context.getPermissionsManager().checkUserEnabled(userId);
- Main.getInjector().getInstance(StatisticsManager.class).registerRequest(userId);
+ permissionsService.checkUserEnabled(userId);
+ statisticsManager.registerRequest(userId);
}
}
if (userId == null) {
@@ -63,16 +73,17 @@ public class MediaFilter implements Filter {
String path = ((HttpServletRequest) request).getPathInfo();
String[] parts = path != null ? path.split("/") : null;
if (parts != null && parts.length >= 2) {
- Device device = Context.getDeviceManager().getByUniqueId(parts[1]);
+ Device device = storage.getObject(Device.class, new Request(
+ new Columns.All(), new Condition.Equals("uniqueId", "uniqueId", parts[1])));
if (device != null) {
- Context.getPermissionsManager().checkDevice(userId, device.getId());
+ permissionsService.checkPermission(Device.class, userId, device.getId());
chain.doFilter(request, response);
return;
}
}
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
- } catch (SecurityException e) {
+ } catch (SecurityException | StorageException e) {
httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
httpResponse.getWriter().println(Log.exceptionStack(e));
}
diff --git a/src/main/java/org/traccar/api/resource/EventResource.java b/src/main/java/org/traccar/api/resource/EventResource.java
index eb373946a..3870e9af9 100644
--- a/src/main/java/org/traccar/api/resource/EventResource.java
+++ b/src/main/java/org/traccar/api/resource/EventResource.java
@@ -15,8 +15,8 @@
*/
package org.traccar.api.resource;
-import org.traccar.Context;
import org.traccar.api.BaseResource;
+import org.traccar.model.Device;
import org.traccar.model.Event;
import org.traccar.storage.StorageException;
import org.traccar.storage.query.Columns;
@@ -45,7 +45,7 @@ public class EventResource extends BaseResource {
if (event == null) {
throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
}
- Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId());
+ permissionsService.checkPermission(Device.class, getUserId(), event.getDeviceId());
return event;
}
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index f39ded2b7..8732a0d04 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -92,6 +92,19 @@ public class PermissionsService {
}
}
+ public void checkUserEnabled(long userId) throws StorageException, SecurityException {
+ User user = getUser(userId);
+ if (user == null) {
+ throw new SecurityException("Unknown account");
+ }
+ if (user.getDisabled()) {
+ throw new SecurityException("Account is disabled");
+ }
+ if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) {
+ throw new SecurityException("Account has expired");
+ }
+ }
+
public void checkEdit(long userId, Class<?> clazz, boolean addition) throws StorageException, SecurityException {
if (!getUser(userId).getAdministrator()) {
boolean denied = false;