aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-04-09 15:37:33 -0700
committerAnton Tananaev <anton@traccar.org>2022-04-09 15:37:33 -0700
commitdd8fa719d7726489e76944029d2aed214ba8a904 (patch)
treecd1c48f8d2adf5b841eb0d9fe4b5b8091a6687de /src/main/java/org/traccar
parentc2c58a30ae0857c4e584b128899baa63a684a892 (diff)
downloadtrackermap-server-dd8fa719d7726489e76944029d2aed214ba8a904.tar.gz
trackermap-server-dd8fa719d7726489e76944029d2aed214ba8a904.tar.bz2
trackermap-server-dd8fa719d7726489e76944029d2aed214ba8a904.zip
Handle group permissions
Diffstat (limited to 'src/main/java/org/traccar')
-rw-r--r--src/main/java/org/traccar/storage/DatabaseStorage.java112
-rw-r--r--src/main/java/org/traccar/storage/query/Condition.java46
2 files changed, 141 insertions, 17 deletions
diff --git a/src/main/java/org/traccar/storage/DatabaseStorage.java b/src/main/java/org/traccar/storage/DatabaseStorage.java
index 4c985d98a..ff77ff8a8 100644
--- a/src/main/java/org/traccar/storage/DatabaseStorage.java
+++ b/src/main/java/org/traccar/storage/DatabaseStorage.java
@@ -15,6 +15,9 @@
*/
package org.traccar.storage;
+import org.traccar.model.Device;
+import org.traccar.model.Group;
+import org.traccar.model.GroupedModel;
import org.traccar.model.Permission;
import org.traccar.storage.query.Columns;
import org.traccar.storage.query.Condition;
@@ -43,7 +46,7 @@ public class DatabaseStorage extends Storage {
public <T> List<T> getObjects(Class<T> clazz, Request request) throws StorageException {
StringBuilder query = new StringBuilder("SELECT ");
query.append(formatColumns(request.getColumns(), clazz, "get", c -> c));
- query.append(" FROM ").append(getTableName(clazz));
+ query.append(" FROM ").append(getStorageName(clazz));
query.append(formatCondition(request.getCondition()));
query.append(formatOrder(request.getOrder()));
query.append(formatLimit(request.getLimit()));
@@ -61,7 +64,7 @@ public class DatabaseStorage extends Storage {
@Override
public <T> long addObject(T entity, Request request) throws StorageException {
StringBuilder query = new StringBuilder("INSERT INTO ");
- query.append(getTableName(entity.getClass()));
+ query.append(getStorageName(entity.getClass()));
query.append("(");
query.append(formatColumns(request.getColumns(), entity.getClass(), "set", c -> c));
query.append(") VALUES (");
@@ -79,7 +82,7 @@ public class DatabaseStorage extends Storage {
@Override
public <T> void updateObject(T entity, Request request) throws StorageException {
StringBuilder query = new StringBuilder("UPDATE ");
- query.append(getTableName(entity.getClass()));
+ query.append(getStorageName(entity.getClass()));
query.append(" SET ");
query.append(formatColumns(request.getColumns(), entity.getClass(), "set", c -> c + " = :" + c));
query.append(formatCondition(request.getCondition()));
@@ -98,7 +101,7 @@ public class DatabaseStorage extends Storage {
@Override
public void removeObject(Class<?> clazz, Request request) throws StorageException {
StringBuilder query = new StringBuilder("DELETE FROM ");
- query.append(getTableName(clazz));
+ query.append(getStorageName(clazz));
query.append(formatCondition(request.getCondition()));
try {
QueryBuilder builder = QueryBuilder.create(dataSource, query.toString());
@@ -170,7 +173,7 @@ public class DatabaseStorage extends Storage {
}
}
- private String getTableName(Class<?> clazz) throws StorageException {
+ private String getStorageName(Class<?> clazz) throws StorageException {
StorageName storageName = clazz.getAnnotation(StorageName.class);
if (storageName == null) {
throw new StorageException("StorageName annotation is missing");
@@ -195,7 +198,11 @@ public class DatabaseStorage extends Storage {
results.putAll(getConditionVariables(condition.getSecond()));
} else if (genericCondition instanceof Condition.Permission) {
var condition = (Condition.Permission) genericCondition;
- results.put(Permission.getKey(condition.getOwnerClass()), condition.getOwnerId());
+ if (condition.getOwnerId() > 0) {
+ results.put(Permission.getKey(condition.getOwnerClass()), condition.getOwnerId());
+ } else {
+ results.put(Permission.getKey(condition.getPropertyClass()), condition.getPropertyId());
+ }
}
return results;
}
@@ -205,11 +212,11 @@ public class DatabaseStorage extends Storage {
return columns.getColumns(clazz, type).stream().map(mapper).collect(Collectors.joining(", "));
}
- private String formatCondition(Condition genericCondition) {
+ private String formatCondition(Condition genericCondition) throws StorageException {
return formatCondition(genericCondition, true);
}
- private String formatCondition(Condition genericCondition, boolean appendWhere) {
+ private String formatCondition(Condition genericCondition, boolean appendWhere) throws StorageException {
StringBuilder result = new StringBuilder();
if (genericCondition != null) {
if (appendWhere) {
@@ -245,14 +252,8 @@ public class DatabaseStorage extends Storage {
} else if (genericCondition instanceof Condition.Permission) {
var condition = (Condition.Permission) genericCondition;
- result.append("id IN (SELECT ");
- result.append(Permission.getKey(condition.getPropertyClass()));
- result.append(" FROM ");
- result.append(Permission.getStorageName(condition.getOwnerClass(), condition.getPropertyClass()));
- result.append(" WHERE ");
- result.append(Permission.getKey(condition.getOwnerClass()));
- result.append(" = :");
- result.append(Permission.getKey(condition.getOwnerClass()));
+ result.append("id IN (");
+ result.append(formatPermissionQuery(condition));
result.append(")");
}
@@ -281,4 +282,83 @@ public class DatabaseStorage extends Storage {
return result.toString();
}
+ private String formatPermissionQuery(Condition.Permission condition) throws StorageException {
+ StringBuilder result = new StringBuilder();
+
+ String outputKey;
+ String conditionKey;
+ if (condition.getOwnerId() > 0) {
+ outputKey = Permission.getKey(condition.getPropertyClass());
+ conditionKey = Permission.getKey(condition.getOwnerClass());
+ } else {
+ outputKey = Permission.getKey(condition.getOwnerClass());
+ conditionKey = Permission.getKey(condition.getPropertyClass());
+ }
+
+ result.append("SELECT ");
+ result.append(outputKey);
+ result.append(" FROM ");
+ result.append(Permission.getStorageName(condition.getOwnerClass(), condition.getPropertyClass()));
+ result.append(" WHERE ");
+ result.append(conditionKey);
+ result.append(" = :");
+ result.append(conditionKey);
+
+ if (condition.getIncludeGroups()) {
+
+ boolean expandDevices;
+ String groupStorageName;
+ if (GroupedModel.class.isAssignableFrom(condition.getOwnerClass())) {
+ expandDevices = Device.class.isAssignableFrom(condition.getOwnerClass());
+ groupStorageName = Permission.getStorageName(Group.class, condition.getPropertyClass());
+ } else {
+ expandDevices = Device.class.isAssignableFrom(condition.getPropertyClass());
+ groupStorageName = Permission.getStorageName(condition.getOwnerClass(), Group.class);
+ }
+
+ result.append(" UNION ");
+
+ result.append("SELECT DISTINCT ");
+ result.append(expandDevices? "devices." : "groups."); // TODO handle reverse search (e.g. users by device)
+ result.append(outputKey);
+ result.append(" FROM ");
+ result.append(groupStorageName);
+
+ result.append(" INNER JOIN (");
+ result.append("SELECT id as parentid, id as groupid FROM ");
+ result.append(getStorageName(Group.class));
+ result.append(" UNION ");
+ result.append("SELECT groupid as parentid, id as groupid FROM ");
+ result.append(getStorageName(Group.class));
+ result.append(" WHERE groupid IS NOT NULL");
+ result.append(" UNION ");
+ result.append("SELECT g2.groupid as parentid, g1.id as groupid FROM ");
+ result.append(getStorageName(Group.class));
+ result.append(" AS g2");
+ result.append(" INNER JOIN ");
+ result.append(getStorageName(Group.class));
+ result.append(" AS g1 ON g2.id = g1.groupid");
+ result.append(" WHERE g2.groupid IS NOT NULL");
+ result.append(") AS groups ON ");
+ result.append(groupStorageName);
+ result.append(".groupid = groups.parentid");
+
+ if (expandDevices) {
+ result.append(" INNER JOIN (");
+ result.append("SELECT groupid as parentid, id as deviceid FROM ");
+ result.append(getStorageName(Device.class));
+ result.append(" WHERE groupid IS NOT NULL");
+ result.append(") AS devices ON groups.groupid = devices.parentid");
+ }
+
+ result.append(" WHERE ");
+ result.append(conditionKey); // TODO handle search for device / group
+ result.append(" = :");
+ result.append(conditionKey);
+
+ }
+
+ return result.toString();
+ }
+
}
diff --git a/src/main/java/org/traccar/storage/query/Condition.java b/src/main/java/org/traccar/storage/query/Condition.java
index 304440698..91ede236c 100644
--- a/src/main/java/org/traccar/storage/query/Condition.java
+++ b/src/main/java/org/traccar/storage/query/Condition.java
@@ -1,5 +1,22 @@
+/*
+ * Copyright 2022 Anton Tananaev (anton@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.traccar.storage.query;
+import org.traccar.model.GroupedModel;
+
import java.util.List;
public interface Condition {
@@ -132,11 +149,28 @@ public interface Condition {
private final Class<?> ownerClass;
private final long ownerId;
private final Class<?> propertyClass;
+ private final long propertyId;
+ private final boolean excludeGroups;
- public Permission(Class<?> ownerClass, long ownerId, Class<?> propertyClass) {
+ private Permission(
+ Class<?> ownerClass, long ownerId, Class<?> propertyClass, long propertyId, boolean excludeGroups) {
this.ownerClass = ownerClass;
this.ownerId = ownerId;
this.propertyClass = propertyClass;
+ this.propertyId = propertyId;
+ this.excludeGroups = excludeGroups;
+ }
+
+ public Permission(Class<?> ownerClass, long ownerId, Class<?> propertyClass) {
+ this(ownerClass, ownerId, propertyClass, 0, false);
+ }
+
+ public Permission(Class<?> ownerClass, Class<?> propertyClass, long propertyId) {
+ this(ownerClass, 0, propertyClass, propertyId, false);
+ }
+
+ public Permission excludeGroups() {
+ return new Permission(this.ownerClass, this.ownerId, this.propertyClass, this.propertyId, true);
}
public Class<?> getOwnerClass() {
@@ -150,6 +184,16 @@ public interface Condition {
public Class<?> getPropertyClass() {
return propertyClass;
}
+
+ public long getPropertyId() {
+ return propertyId;
+ }
+
+ public boolean getIncludeGroups() {
+ boolean ownerGroupModel = GroupedModel.class.isAssignableFrom(ownerClass);
+ boolean propertyGroupModel = GroupedModel.class.isAssignableFrom(propertyClass);
+ return (ownerGroupModel || propertyGroupModel) && !excludeGroups;
+ }
}
}