aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api/resource/DeviceResource.java
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 14:40:15 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 14:40:15 +1300
commit3eff91673944f202e0aebe20faa925011568b685 (patch)
tree8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/DeviceResource.java
parent4d29679dec4508d28af7651cdfd130e5a218b387 (diff)
downloadtrackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip
Check permissions for REST API calls
Diffstat (limited to 'src/org/traccar/api/resource/DeviceResource.java')
-rw-r--r--src/org/traccar/api/resource/DeviceResource.java52
1 files changed, 25 insertions, 27 deletions
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index 00b77e16c..a25201678 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -28,7 +28,7 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.traccar.model.Device;
@@ -39,45 +39,43 @@ import org.traccar.model.Device;
public class DeviceResource extends BaseResource {
@GET
- public Collection<Device> get() {
- try {
+ public Collection<Device> get(
+ @QueryParam("all") boolean all, @QueryParam("userId") long userId) throws SQLException {
+ if (all) {
+ Context.getPermissionsManager().checkAdmin(getUserId());
return Context.getDataManager().getAllDevices();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
+ } else {
+ if (userId == 0) {
+ userId = getUserId();
+ }
+ Context.getPermissionsManager().checkUser(getUserId(), userId);
+ return Context.getDataManager().getDevices(userId);
}
}
@POST
- public Response add(Device entity) {
- try {
- Context.getDataManager().addDevice(entity);
- return Response.ok(entity).build();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ public Response add(Device entity) throws SQLException {
+ Context.getDataManager().addDevice(entity);
+ Context.getDataManager().linkDevice(getUserId(), entity.getId());
+ Context.getPermissionsManager().refresh();
+ return Response.ok(entity).build();
}
@Path("{id}")
@PUT
- public Response update(@PathParam("id") long id, Device entity) {
- try {
- entity.setId(id);
- Context.getDataManager().updateDevice(entity);
- return Response.ok(entity).build();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ public Response update(@PathParam("id") long id, Device entity) throws SQLException {
+ Context.getPermissionsManager().checkDevice(getUserId(), id);
+ Context.getDataManager().updateDevice(entity);
+ return Response.ok(entity).build();
}
@Path("{id}")
@DELETE
- public Response remove(@PathParam("id") long id) {
- try {
- Context.getDataManager().removeDevice(id);
- return Response.noContent().build();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ public Response remove(@PathParam("id") long id) throws SQLException {
+ Context.getPermissionsManager().checkDevice(getUserId(), id);
+ Context.getDataManager().removeDevice(id);
+ Context.getPermissionsManager().refresh();
+ return Response.noContent().build();
}
}