Refactor device permissions check

3 files changed, 32 insertions, 8 deletions

diff --git a/src/main/java/org/traccar/api/MediaFilter.java b/src/main/java/org/traccar/api/MediaFilter.java
index 0433147f8..c6ac811d7 100644
--- a/src/main/java/org/traccar/api/MediaFilter.java
+++ b/src/main/java/org/traccar/api/MediaFilter.java
@@ -28,12 +28,17 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.traccar.Context;
 import org.traccar.Main;
 import org.traccar.api.resource.SessionResource;
+import org.traccar.api.security.PermissionsService;
 import org.traccar.database.StatisticsManager;
 import org.traccar.helper.Log;
 import org.traccar.model.Device;
+import org.traccar.storage.Storage;
+import org.traccar.storage.StorageException;
+import org.traccar.storage.query.Columns;
+import org.traccar.storage.query.Condition;
+import org.traccar.storage.query.Request;
 
 public class MediaFilter implements Filter {
 
@@ -44,6 +49,11 @@ public class MediaFilter implements Filter {
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
+
+        PermissionsService permissionsService = Main.getInjector().getInstance(PermissionsService.class);
+        Storage storage = Main.getInjector().getInstance(Storage.class);
+        StatisticsManager statisticsManager = Main.getInjector().getInstance(StatisticsManager.class);
+
         HttpServletResponse httpResponse = (HttpServletResponse) response;
         try {
             HttpSession session = ((HttpServletRequest) request).getSession(false);
@@ -51,8 +61,8 @@ public class MediaFilter implements Filter {
             if (session != null) {
                 userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY);
                 if (userId != null) {
-                    Context.getPermissionsManager().checkUserEnabled(userId);
-                    Main.getInjector().getInstance(StatisticsManager.class).registerRequest(userId);
+                    permissionsService.checkUserEnabled(userId);
+                    statisticsManager.registerRequest(userId);
                 }
             }
             if (userId == null) {
@@ -63,16 +73,17 @@ public class MediaFilter implements Filter {
             String path = ((HttpServletRequest) request).getPathInfo();
             String[] parts = path != null ? path.split("/") : null;
             if (parts != null && parts.length >= 2) {
-                Device device = Context.getDeviceManager().getByUniqueId(parts[1]);
+                Device device = storage.getObject(Device.class, new Request(
+                        new Columns.All(), new Condition.Equals("uniqueId", "uniqueId", parts[1])));
                 if (device != null) {
-                    Context.getPermissionsManager().checkDevice(userId, device.getId());
+                    permissionsService.checkPermission(Device.class, userId, device.getId());
                     chain.doFilter(request, response);
                     return;
                 }
             }
 
             httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
-        } catch (SecurityException e) {
+        } catch (SecurityException | StorageException e) {
             httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
             httpResponse.getWriter().println(Log.exceptionStack(e));
         }
diff --git a/src/main/java/org/traccar/api/resource/EventResource.java b/src/main/java/org/traccar/api/resource/EventResource.java
index eb373946a..3870e9af9 100644
--- a/src/main/java/org/traccar/api/resource/EventResource.java
+++ b/src/main/java/org/traccar/api/resource/EventResource.java
@@ -15,8 +15,8 @@
  */
 package org.traccar.api.resource;
 
-import org.traccar.Context;
 import org.traccar.api.BaseResource;
+import org.traccar.model.Device;
 import org.traccar.model.Event;
 import org.traccar.storage.StorageException;
 import org.traccar.storage.query.Columns;
@@ -45,7 +45,7 @@ public class EventResource extends BaseResource {
         if (event == null) {
             throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
         }
-        Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId());
+        permissionsService.checkPermission(Device.class, getUserId(), event.getDeviceId());
         return event;
     }
 
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index f39ded2b7..8732a0d04 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -92,6 +92,19 @@ public class PermissionsService {
         }
     }
 
+    public void checkUserEnabled(long userId) throws StorageException, SecurityException {
+        User user = getUser(userId);
+        if (user == null) {
+            throw new SecurityException("Unknown account");
+        }
+        if (user.getDisabled()) {
+            throw new SecurityException("Account is disabled");
+        }
+        if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) {
+            throw new SecurityException("Account has expired");
+        }
+    }
+
     public void checkEdit(long userId, Class<?> clazz, boolean addition) throws StorageException, SecurityException {
         if (!getUser(userId).getAdministrator()) {
             boolean denied = false;