diff options
author | Philipp Prangenberg <philipp.prangenberg@derkurier.de> | 2016-12-05 12:03:08 +0100 |
---|---|---|
committer | Philipp Prangenberg <philipp.prangenberg@derkurier.de> | 2016-12-05 12:03:08 +0100 |
commit | a21f436a58133f7da0cae06366d729665f3b8f9c (patch) | |
tree | 72ff1743d96f79e4a9d85b0d48715e5f9aa67cf9 /src/org/traccar/database/PermissionsManager.java | |
parent | 960bf899414d89221e92138fdb98777c3f4f73ec (diff) | |
parent | 40607036c5aa6385a7ae3f3a283bf107238a5944 (diff) | |
download | trackermap-server-a21f436a58133f7da0cae06366d729665f3b8f9c.tar.gz trackermap-server-a21f436a58133f7da0cae06366d729665f3b8f9c.tar.bz2 trackermap-server-a21f436a58133f7da0cae06366d729665f3b8f9c.zip |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'src/org/traccar/database/PermissionsManager.java')
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 66 |
1 files changed, 56 insertions, 10 deletions
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index f5fed978a..078a5f935 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com) + * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -39,6 +40,7 @@ public class PermissionsManager { private volatile Server server; private final Map<Long, User> users = new ConcurrentHashMap<>(); + private final Map<String, Long> usersTokens = new HashMap<>(); private final Map<Long, Set<Long>> groupPermissions = new HashMap<>(); private final Map<Long, Set<Long>> devicePermissions = new HashMap<>(); @@ -81,10 +83,14 @@ public class PermissionsManager { public final void refreshUsers() { users.clear(); + usersTokens.clear(); try { server = dataManager.getServer(); for (User user : dataManager.getUsers()) { users.put(user.getId(), user); + if (user.getToken() != null) { + usersTokens.put(user.getToken(), user.getId()); + } } } catch (SQLException error) { Log.warning(error); @@ -140,6 +146,37 @@ public class PermissionsManager { } } + public boolean isReadonly(long userId) { + return users.containsKey(userId) && users.get(userId).getReadonly(); + } + + public void checkReadonly(long userId) throws SecurityException { + if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) { + throw new SecurityException("Account is readonly"); + } + } + + public void checkUserEnabled(long userId) throws SecurityException { + User user = getUser(userId); + if (user.getDisabled()) { + throw new SecurityException("Account is disabled"); + } + if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) { + throw new SecurityException("Account has expired"); + } + } + + public void checkUserUpdate(long userId, User before, User after) throws SecurityException { + if (before.getAdmin() != after.getAdmin() + || before.getReadonly() != after.getReadonly() + || before.getDisabled() != after.getDisabled() + || before.getDeviceLimit() != after.getDeviceLimit() + || !Objects.equals(before.getExpirationTime(), after.getExpirationTime()) + || !Objects.equals(before.getToken(), after.getToken())) { + checkAdmin(userId); + } + } + public void checkUser(long userId, long otherUserId) throws SecurityException { if (userId != otherUserId) { checkAdmin(userId); @@ -164,12 +201,6 @@ public class PermissionsManager { } } - public void checkReadonly(long userId) { - if (server.getReadonly() && !isAdmin(userId)) { - throw new SecurityException("Readonly user"); - } - } - public void checkGeofence(long userId, long geofenceId) throws SecurityException { if (!Context.getGeofenceManager().checkGeofence(userId, geofenceId) && !isAdmin(userId)) { throw new SecurityException("Geofence access denied"); @@ -196,28 +227,43 @@ public class PermissionsManager { public void addUser(User user) throws SQLException { dataManager.addUser(user); users.put(user.getId(), user); + if (user.getToken() != null) { + usersTokens.put(user.getToken(), user.getId()); + } refreshPermissions(); } public void updateUser(User user) throws SQLException { dataManager.updateUser(user); + User old = users.get(user.getId()); users.put(user.getId(), user); + if (user.getToken() != null) { + usersTokens.put(user.getToken(), user.getId()); + } + if (old.getToken() != null && !old.getToken().equals(user.getToken())) { + usersTokens.remove(old.getToken()); + } refreshPermissions(); } public void removeUser(long userId) throws SQLException { dataManager.removeUser(userId); + usersTokens.remove(users.get(userId).getToken()); users.remove(userId); refreshPermissions(); } public User login(String email, String password) throws SQLException { User user = dataManager.login(email, password); - if (user != null && users.get(user.getId()) != null) { + if (user != null) { + checkUserEnabled(user.getId()); return users.get(user.getId()); - } else { - return null; } + return null; + } + + public User getUserByToken(String token) { + return users.get(usersTokens.get(token)); } } |