diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-12-20 14:40:15 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-12-20 14:40:15 +1300 |
commit | 3eff91673944f202e0aebe20faa925011568b685 (patch) | |
tree | 8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/UserResource.java | |
parent | 4d29679dec4508d28af7651cdfd130e5a218b387 (diff) | |
download | trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2 trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip |
Check permissions for REST API calls
Diffstat (limited to 'src/org/traccar/api/resource/UserResource.java')
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 49 |
1 files changed, 21 insertions, 28 deletions
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index ac81ba865..bf4cb85c3 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -26,7 +26,6 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -40,46 +39,40 @@ import org.traccar.model.User; public class UserResource extends BaseResource { @GET - public Collection<User> get() { - try { - return Context.getDataManager().getUsers(); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + public Collection<User> get() throws SQLException { + Context.getPermissionsManager().checkAdmin(getUserId()); + return Context.getDataManager().getUsers(); } @PermitAll @POST - public Response add(User entity) { - try { - Context.getDataManager().addUser(entity); - return Response.ok(entity).build(); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + public Response add(User entity) throws SQLException { + Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); + Context.getDataManager().addUser(entity); + Context.getPermissionsManager().refresh(); + return Response.ok(entity).build(); } @Path("{id}") @PUT - public Response update(@PathParam("id") long id, User entity) { - try { - entity.setId(id); - Context.getDataManager().updateUser(entity); - return Response.ok(entity).build(); - } catch (SQLException e) { - throw new WebApplicationException(e); + public Response update(@PathParam("id") long id, User entity) throws SQLException { + if (entity.getAdmin()) { + Context.getPermissionsManager().checkAdmin(getUserId()); + } else { + Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); } + Context.getDataManager().updateUser(entity); + Context.getPermissionsManager().refresh(); + return Response.ok(entity).build(); } @Path("{id}") @DELETE - public Response remove(@PathParam("id") long id) { - try { - Context.getDataManager().removeUser(id); - return Response.noContent().build(); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + public Response remove(@PathParam("id") long id) throws SQLException { + Context.getPermissionsManager().checkUser(getUserId(), id); + Context.getDataManager().removeUser(id); + Context.getPermissionsManager().refresh(); + return Response.noContent().build(); } } |