aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api/resource
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2017-01-25 23:32:21 +1300
committerGitHub <noreply@github.com>2017-01-25 23:32:21 +1300
commitb1453ebd231009e9d9078377f2a1e063d852c444 (patch)
tree2699449567a46d6d182a41a4687f483047a59f77 /src/org/traccar/api/resource
parent36c48d354cec2888df67b303352ee5ce9d23de3e (diff)
parent483ed4418f53c5207d7150bf288ec6245d8f2cc3 (diff)
downloadtrackermap-server-b1453ebd231009e9d9078377f2a1e063d852c444.tar.gz
trackermap-server-b1453ebd231009e9d9078377f2a1e063d852c444.tar.bz2
trackermap-server-b1453ebd231009e9d9078377f2a1e063d852c444.zip
Merge pull request #2831 from Abyss777/permissions_polishing
Permissions improvements
Diffstat (limited to 'src/org/traccar/api/resource')
-rw-r--r--src/org/traccar/api/resource/DevicePermissionResource.java9
-rw-r--r--src/org/traccar/api/resource/DeviceResource.java3
-rw-r--r--src/org/traccar/api/resource/UserResource.java4
3 files changed, 11 insertions, 5 deletions
diff --git a/src/org/traccar/api/resource/DevicePermissionResource.java b/src/org/traccar/api/resource/DevicePermissionResource.java
index af38676b0..6e00dc47f 100644
--- a/src/org/traccar/api/resource/DevicePermissionResource.java
+++ b/src/org/traccar/api/resource/DevicePermissionResource.java
@@ -38,9 +38,6 @@ public class DevicePermissionResource extends BaseResource {
Context.getPermissionsManager().checkReadonly(getUserId());
Context.getPermissionsManager().checkUser(getUserId(), entity.getUserId());
Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
- if (!Context.getPermissionsManager().isAdmin(getUserId())) {
- Context.getPermissionsManager().checkDeviceLimit(entity.getUserId());
- }
Context.getDataManager().linkDevice(entity.getUserId(), entity.getDeviceId());
Context.getPermissionsManager().refreshPermissions();
if (Context.getGeofenceManager() != null) {
@@ -52,7 +49,11 @@ public class DevicePermissionResource extends BaseResource {
@DELETE
public Response remove(DevicePermission entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkUser(getUserId(), entity.getUserId());
+ if (getUserId() != entity.getUserId()) {
+ Context.getPermissionsManager().checkUser(getUserId(), entity.getUserId());
+ } else {
+ Context.getPermissionsManager().checkAdmin(getUserId());
+ }
Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
Context.getDataManager().unlinkDevice(entity.getUserId(), entity.getDeviceId());
Context.getPermissionsManager().refreshPermissions();
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index c9680ac77..e0c2335f9 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -62,6 +62,7 @@ public class DeviceResource extends BaseResource {
@POST
public Response add(Device entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
Context.getPermissionsManager().checkDeviceLimit(getUserId());
Context.getDeviceManager().addDevice(entity);
Context.getDataManager().linkDevice(getUserId(), entity.getId());
@@ -76,6 +77,7 @@ public class DeviceResource extends BaseResource {
@PUT
public Response update(Device entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
Context.getPermissionsManager().checkDevice(getUserId(), entity.getId());
Context.getDeviceManager().updateDevice(entity);
if (Context.getGeofenceManager() != null) {
@@ -88,6 +90,7 @@ public class DeviceResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
Context.getPermissionsManager().checkDevice(getUserId(), id);
Context.getDeviceManager().removeDevice(id);
Context.getPermissionsManager().refreshPermissions();
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index dd59a11ee..4d8a8b3a4 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -64,7 +64,7 @@ public class UserResource extends BaseResource {
Context.getPermissionsManager().checkUserLimit(getUserId());
} else {
Context.getPermissionsManager().checkRegistration(getUserId());
- entity.setDeviceLimit(Context.getConfig().getInteger("users.defaultDeviceLimit"));
+ entity.setDeviceLimit(Context.getConfig().getInteger("users.defaultDeviceLimit", -1));
int expirationDays = Context.getConfig().getInteger("users.defaultExpirationDays");
if (expirationDays > 0) {
entity.setExpirationTime(
@@ -86,6 +86,7 @@ public class UserResource extends BaseResource {
@Path("{id}")
@PUT
public Response update(User entity) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
User before = Context.getPermissionsManager().getUser(entity.getId());
Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
Context.getPermissionsManager().checkUserUpdate(getUserId(), before, entity);
@@ -99,6 +100,7 @@ public class UserResource extends BaseResource {
@Path("{id}")
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
Context.getPermissionsManager().checkUser(getUserId(), id);
Context.getPermissionsManager().removeUser(id);
if (Context.getGeofenceManager() != null) {