aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api/resource/UserResource.java
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 14:40:15 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 14:40:15 +1300
commit3eff91673944f202e0aebe20faa925011568b685 (patch)
tree8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/UserResource.java
parent4d29679dec4508d28af7651cdfd130e5a218b387 (diff)
downloadtrackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip
Check permissions for REST API calls
Diffstat (limited to 'src/org/traccar/api/resource/UserResource.java')
-rw-r--r--src/org/traccar/api/resource/UserResource.java49
1 files changed, 21 insertions, 28 deletions
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index ac81ba865..bf4cb85c3 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -26,7 +26,6 @@ import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -40,46 +39,40 @@ import org.traccar.model.User;
public class UserResource extends BaseResource {
@GET
- public Collection<User> get() {
- try {
- return Context.getDataManager().getUsers();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ public Collection<User> get() throws SQLException {
+ Context.getPermissionsManager().checkAdmin(getUserId());
+ return Context.getDataManager().getUsers();
}
@PermitAll
@POST
- public Response add(User entity) {
- try {
- Context.getDataManager().addUser(entity);
- return Response.ok(entity).build();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ public Response add(User entity) throws SQLException {
+ Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
+ Context.getDataManager().addUser(entity);
+ Context.getPermissionsManager().refresh();
+ return Response.ok(entity).build();
}
@Path("{id}")
@PUT
- public Response update(@PathParam("id") long id, User entity) {
- try {
- entity.setId(id);
- Context.getDataManager().updateUser(entity);
- return Response.ok(entity).build();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
+ public Response update(@PathParam("id") long id, User entity) throws SQLException {
+ if (entity.getAdmin()) {
+ Context.getPermissionsManager().checkAdmin(getUserId());
+ } else {
+ Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
}
+ Context.getDataManager().updateUser(entity);
+ Context.getPermissionsManager().refresh();
+ return Response.ok(entity).build();
}
@Path("{id}")
@DELETE
- public Response remove(@PathParam("id") long id) {
- try {
- Context.getDataManager().removeUser(id);
- return Response.noContent().build();
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ public Response remove(@PathParam("id") long id) throws SQLException {
+ Context.getPermissionsManager().checkUser(getUserId(), id);
+ Context.getDataManager().removeUser(id);
+ Context.getPermissionsManager().refresh();
+ return Response.noContent().build();
}
}