diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-12-20 14:40:15 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-12-20 14:40:15 +1300 |
commit | 3eff91673944f202e0aebe20faa925011568b685 (patch) | |
tree | 8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/DeviceResource.java | |
parent | 4d29679dec4508d28af7651cdfd130e5a218b387 (diff) | |
download | trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2 trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip |
Check permissions for REST API calls
Diffstat (limited to 'src/org/traccar/api/resource/DeviceResource.java')
-rw-r--r-- | src/org/traccar/api/resource/DeviceResource.java | 52 |
1 files changed, 25 insertions, 27 deletions
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index 00b77e16c..a25201678 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -28,7 +28,7 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; +import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.traccar.model.Device; @@ -39,45 +39,43 @@ import org.traccar.model.Device; public class DeviceResource extends BaseResource { @GET - public Collection<Device> get() { - try { + public Collection<Device> get( + @QueryParam("all") boolean all, @QueryParam("userId") long userId) throws SQLException { + if (all) { + Context.getPermissionsManager().checkAdmin(getUserId()); return Context.getDataManager().getAllDevices(); - } catch (SQLException e) { - throw new WebApplicationException(e); + } else { + if (userId == 0) { + userId = getUserId(); + } + Context.getPermissionsManager().checkUser(getUserId(), userId); + return Context.getDataManager().getDevices(userId); } } @POST - public Response add(Device entity) { - try { - Context.getDataManager().addDevice(entity); - return Response.ok(entity).build(); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + public Response add(Device entity) throws SQLException { + Context.getDataManager().addDevice(entity); + Context.getDataManager().linkDevice(getUserId(), entity.getId()); + Context.getPermissionsManager().refresh(); + return Response.ok(entity).build(); } @Path("{id}") @PUT - public Response update(@PathParam("id") long id, Device entity) { - try { - entity.setId(id); - Context.getDataManager().updateDevice(entity); - return Response.ok(entity).build(); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + public Response update(@PathParam("id") long id, Device entity) throws SQLException { + Context.getPermissionsManager().checkDevice(getUserId(), id); + Context.getDataManager().updateDevice(entity); + return Response.ok(entity).build(); } @Path("{id}") @DELETE - public Response remove(@PathParam("id") long id) { - try { - Context.getDataManager().removeDevice(id); - return Response.noContent().build(); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + public Response remove(@PathParam("id") long id) throws SQLException { + Context.getPermissionsManager().checkDevice(getUserId(), id); + Context.getDataManager().removeDevice(id); + Context.getPermissionsManager().refresh(); + return Response.noContent().build(); } } |