aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
authorHans van den Elsen <hans.elsen@esds.nl>2016-03-11 22:16:25 +0100
committerHans van den Elsen <hans.elsen@esds.nl>2016-03-11 22:16:25 +0100
commit4606737cc07b736f9c8f98ae680b928c94c082c8 (patch)
treebdd29b24a16403b1e8a3d7cd4325391063b34b8a /src/org/traccar/api
parent3ced99384b1967f5cde9abdf30c1c0184a5ae3f6 (diff)
parentab5d21e16ac44957e04da0f06daf148af95e96be (diff)
downloadtrackermap-server-4606737cc07b736f9c8f98ae680b928c94c082c8.tar.gz
trackermap-server-4606737cc07b736f9c8f98ae680b928c94c082c8.tar.bz2
trackermap-server-4606737cc07b736f9c8f98ae680b928c94c082c8.zip
Merge remote-tracking branch 'refs/remotes/tananaev/master'
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/AsyncSocket.java6
-rw-r--r--src/org/traccar/api/AsyncSocketServlet.java11
-rw-r--r--src/org/traccar/api/CorsResponseFilter.java14
-rw-r--r--src/org/traccar/api/SecurityRequestFilter.java5
-rw-r--r--src/org/traccar/api/resource/DevicePermissionResource.java (renamed from src/org/traccar/api/resource/PermissionResource.java)12
-rw-r--r--src/org/traccar/api/resource/GroupPermissionResource.java52
-rw-r--r--src/org/traccar/api/resource/GroupResource.java85
-rw-r--r--src/org/traccar/api/resource/PositionResource.java11
8 files changed, 173 insertions, 23 deletions
diff --git a/src/org/traccar/api/AsyncSocket.java b/src/org/traccar/api/AsyncSocket.java
index 7de182d7e..c289367ea 100644
--- a/src/org/traccar/api/AsyncSocket.java
+++ b/src/org/traccar/api/AsyncSocket.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com)
+ * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ public class AsyncSocket extends WebSocketAdapter implements ConnectionManager.U
private Collection<Long> devices;
public AsyncSocket(long userId) {
- devices = Context.getPermissionsManager().allowedDevices(userId);
+ devices = Context.getPermissionsManager().getDevicePermissions(userId);
}
@Override
@@ -66,7 +66,7 @@ public class AsyncSocket extends WebSocketAdapter implements ConnectionManager.U
}
private void sendData(String key, Collection<?> data) {
- if (!data.isEmpty()) {
+ if (!data.isEmpty() && isConnected()) {
JsonObjectBuilder json = Json.createObjectBuilder();
json.add(key, JsonConverter.arrayToJson(data));
getRemote().sendString(json.build().toString(), null);
diff --git a/src/org/traccar/api/AsyncSocketServlet.java b/src/org/traccar/api/AsyncSocketServlet.java
index fbfe248e5..ef6cef732 100644
--- a/src/org/traccar/api/AsyncSocketServlet.java
+++ b/src/org/traccar/api/AsyncSocketServlet.java
@@ -20,6 +20,7 @@ import org.eclipse.jetty.websocket.servlet.ServletUpgradeResponse;
import org.eclipse.jetty.websocket.servlet.WebSocketCreator;
import org.eclipse.jetty.websocket.servlet.WebSocketServlet;
import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;
+import org.traccar.Context;
import org.traccar.api.resource.SessionResource;
public class AsyncSocketServlet extends WebSocketServlet {
@@ -28,12 +29,16 @@ public class AsyncSocketServlet extends WebSocketServlet {
@Override
public void configure(WebSocketServletFactory factory) {
- factory.getPolicy().setIdleTimeout(ASYNC_TIMEOUT);
+ factory.getPolicy().setIdleTimeout(Context.getConfig().getLong("web.timeout", ASYNC_TIMEOUT));
factory.setCreator(new WebSocketCreator() {
@Override
public Object createWebSocket(ServletUpgradeRequest req, ServletUpgradeResponse resp) {
- long userId = (Long) req.getSession().getAttribute(SessionResource.USER_ID_KEY);
- return new AsyncSocket(userId);
+ if (req.getSession() != null) {
+ long userId = (Long) req.getSession().getAttribute(SessionResource.USER_ID_KEY);
+ return new AsyncSocket(userId);
+ } else {
+ return null;
+ }
}
});
}
diff --git a/src/org/traccar/api/CorsResponseFilter.java b/src/org/traccar/api/CorsResponseFilter.java
index 001f6ab4c..178d08812 100644
--- a/src/org/traccar/api/CorsResponseFilter.java
+++ b/src/org/traccar/api/CorsResponseFilter.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com)
+ * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -19,8 +19,6 @@ import org.jboss.netty.handler.codec.http.HttpHeaders;
import org.traccar.Context;
import java.io.IOException;
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
@@ -37,7 +35,7 @@ public class CorsResponseFilter implements ContainerResponseFilter {
public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_VALUE = "true";
public static final String ACCESS_CONTROL_ALLOW_METHODS_KEY = "Access-Control-Allow-Methods";
- public static final String ACCESS_CONTROL_ALLOW_METHODS_VALUE = "GET, POST, PUT, DELETE";
+ public static final String ACCESS_CONTROL_ALLOW_METHODS_VALUE = "GET, POST, PUT, DELETE, OPTIONS";
@Override
public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException {
@@ -54,11 +52,11 @@ public class CorsResponseFilter implements ContainerResponseFilter {
if (!response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN_KEY)) {
String origin = request.getHeaderString(HttpHeaders.Names.ORIGIN);
String allowed = Context.getConfig().getString("web.origin");
- if (allowed == null) {
+
+ if (allowed == null || origin == null) {
response.getHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN_KEY, ACCESS_CONTROL_ALLOW_ORIGIN_VALUE);
- } else if (allowed.contains(origin)) {
- String originSafe = URLEncoder.encode(origin, StandardCharsets.UTF_8.name());
- response.getHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN_KEY, originSafe);
+ } else if (allowed.equals(ACCESS_CONTROL_ALLOW_ORIGIN_VALUE) || allowed.contains(origin)) {
+ response.getHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN_KEY, origin);
}
}
}
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index 20186b0cb..4c6137ede 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -55,6 +55,11 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) {
+
+ if (requestContext.getMethod().equals("OPTIONS")) {
+ throw new WebApplicationException(Response.status(Response.Status.OK).build());
+ }
+
SecurityContext securityContext = null;
String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
diff --git a/src/org/traccar/api/resource/PermissionResource.java b/src/org/traccar/api/resource/DevicePermissionResource.java
index 50deb77c2..f77375cba 100644
--- a/src/org/traccar/api/resource/PermissionResource.java
+++ b/src/org/traccar/api/resource/DevicePermissionResource.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2015 Anton Tananaev (anton.tananaev@gmail.com)
+ * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@ package org.traccar.api.resource;
import org.traccar.Context;
import org.traccar.api.BaseResource;
-import org.traccar.model.Permission;
+import org.traccar.model.DevicePermission;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -28,13 +28,13 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.sql.SQLException;
-@Path("permissions")
+@Path("permissions/devices")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
-public class PermissionResource extends BaseResource {
+public class DevicePermissionResource extends BaseResource {
@POST
- public Response add(Permission entity) throws SQLException {
+ public Response add(DevicePermission entity) throws SQLException {
Context.getPermissionsManager().checkAdmin(getUserId());
Context.getDataManager().linkDevice(entity.getUserId(), entity.getDeviceId());
Context.getPermissionsManager().refresh();
@@ -42,7 +42,7 @@ public class PermissionResource extends BaseResource {
}
@DELETE
- public Response remove(Permission entity) throws SQLException {
+ public Response remove(DevicePermission entity) throws SQLException {
Context.getPermissionsManager().checkAdmin(getUserId());
Context.getDataManager().unlinkDevice(entity.getUserId(), entity.getDeviceId());
Context.getPermissionsManager().refresh();
diff --git a/src/org/traccar/api/resource/GroupPermissionResource.java b/src/org/traccar/api/resource/GroupPermissionResource.java
new file mode 100644
index 000000000..b8ec4ae3c
--- /dev/null
+++ b/src/org/traccar/api/resource/GroupPermissionResource.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2016 Anton Tananaev (anton.tananaev@gmail.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.api.resource;
+
+import org.traccar.Context;
+import org.traccar.api.BaseResource;
+import org.traccar.model.GroupPermission;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.sql.SQLException;
+
+@Path("permissions/groups")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class GroupPermissionResource extends BaseResource {
+
+ @POST
+ public Response add(GroupPermission entity) throws SQLException {
+ Context.getPermissionsManager().checkAdmin(getUserId());
+ Context.getDataManager().linkGroup(entity.getUserId(), entity.getGroupId());
+ Context.getPermissionsManager().refresh();
+ return Response.ok(entity).build();
+ }
+
+ @DELETE
+ public Response remove(GroupPermission entity) throws SQLException {
+ Context.getPermissionsManager().checkAdmin(getUserId());
+ Context.getDataManager().unlinkGroup(entity.getUserId(), entity.getGroupId());
+ Context.getPermissionsManager().refresh();
+ return Response.noContent().build();
+ }
+
+}
diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java
new file mode 100644
index 000000000..49f839499
--- /dev/null
+++ b/src/org/traccar/api/resource/GroupResource.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2016 Anton Tananaev (anton.tananaev@gmail.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.api.resource;
+
+import org.traccar.Context;
+import org.traccar.api.BaseResource;
+import org.traccar.model.Device;
+import org.traccar.model.Group;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.sql.SQLException;
+import java.util.Collection;
+
+@Path("groups")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class GroupResource extends BaseResource {
+
+ @GET
+ public Collection<Group> get(
+ @QueryParam("all") boolean all, @QueryParam("userId") long userId) throws SQLException {
+ if (all) {
+ Context.getPermissionsManager().checkAdmin(getUserId());
+ return Context.getDataManager().getAllGroups();
+ } else {
+ if (userId == 0) {
+ userId = getUserId();
+ }
+ Context.getPermissionsManager().checkUser(getUserId(), userId);
+ return Context.getDataManager().getGroups(userId);
+ }
+ }
+
+ @POST
+ public Response add(Group entity) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getDataManager().addGroup(entity);
+ Context.getDataManager().linkGroup(getUserId(), entity.getId());
+ Context.getPermissionsManager().refresh();
+ return Response.ok(entity).build();
+ }
+
+ @Path("{id}")
+ @PUT
+ public Response update(@PathParam("id") long id, Group entity) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkGroup(getUserId(), id);
+ Context.getDataManager().updateGroup(entity);
+ return Response.ok(entity).build();
+ }
+
+ @Path("{id}")
+ @DELETE
+ public Response remove(@PathParam("id") long id) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkGroup(getUserId(), id);
+ Context.getDataManager().removeGroup(id);
+ Context.getPermissionsManager().refresh();
+ return Response.noContent().build();
+ }
+
+}
diff --git a/src/org/traccar/api/resource/PositionResource.java b/src/org/traccar/api/resource/PositionResource.java
index ec6925b3a..9c174625c 100644
--- a/src/org/traccar/api/resource/PositionResource.java
+++ b/src/org/traccar/api/resource/PositionResource.java
@@ -38,9 +38,14 @@ public class PositionResource extends BaseResource {
public Collection<Position> get(
@QueryParam("deviceId") long deviceId, @QueryParam("from") String from, @QueryParam("to") String to)
throws SQLException {
- Context.getPermissionsManager().checkDevice(getUserId(), deviceId);
- return Context.getDataManager().getPositions(
- deviceId, JsonConverter.parseDate(from), JsonConverter.parseDate(to));
+ if (deviceId == 0) {
+ return Context.getConnectionManager().getInitialState(
+ Context.getPermissionsManager().getDevicePermissions(getUserId()));
+ } else {
+ Context.getPermissionsManager().checkDevice(getUserId(), deviceId);
+ return Context.getDataManager().getPositions(
+ deviceId, JsonConverter.parseDate(from), JsonConverter.parseDate(to));
+ }
}
}