diff options
author | Abyss777 <abyss@fox5.ru> | 2016-11-23 09:17:07 +0500 |
---|---|---|
committer | Abyss777 <abyss@fox5.ru> | 2016-11-23 09:17:07 +0500 |
commit | 685fd3826b64b14106aeace0a647e71a4cc4fe81 (patch) | |
tree | 0a66b3ce6ce21964c539c4627e04640738f04c2b /src/org/traccar/database/PermissionsManager.java | |
parent | 2e2ec32b732f27df9c73f83a1982944cae45bf70 (diff) | |
parent | 5f867c6077f79a2a1d3b8ec18f78c3a2657ba698 (diff) | |
download | trackermap-server-685fd3826b64b14106aeace0a647e71a4cc4fe81.tar.gz trackermap-server-685fd3826b64b14106aeace0a647e71a4cc4fe81.tar.bz2 trackermap-server-685fd3826b64b14106aeace0a647e71a4cc4fe81.zip |
Merge remote-tracking branch 'upstream/master' into maintenanceevents
Diffstat (limited to 'src/org/traccar/database/PermissionsManager.java')
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 71633f6ef..078a5f935 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -29,6 +29,7 @@ import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -155,7 +156,7 @@ public class PermissionsManager { } } - public void checkUser(long userId) throws SecurityException { + public void checkUserEnabled(long userId) throws SecurityException { User user = getUser(userId); if (user.getDisabled()) { throw new SecurityException("Account is disabled"); @@ -165,6 +166,17 @@ public class PermissionsManager { } } + public void checkUserUpdate(long userId, User before, User after) throws SecurityException { + if (before.getAdmin() != after.getAdmin() + || before.getReadonly() != after.getReadonly() + || before.getDisabled() != after.getDisabled() + || before.getDeviceLimit() != after.getDeviceLimit() + || !Objects.equals(before.getExpirationTime(), after.getExpirationTime()) + || !Objects.equals(before.getToken(), after.getToken())) { + checkAdmin(userId); + } + } + public void checkUser(long userId, long otherUserId) throws SecurityException { if (userId != otherUserId) { checkAdmin(userId); @@ -244,7 +256,7 @@ public class PermissionsManager { public User login(String email, String password) throws SQLException { User user = dataManager.login(email, password); if (user != null) { - checkUser(user.getId()); + checkUserEnabled(user.getId()); return users.get(user.getId()); } return null; |