Initial manager implementation

5 files changed, 183 insertions, 18 deletions

diff --git a/src/org/traccar/database/CalendarManager.java b/src/org/traccar/database/CalendarManager.java
index 3e95f6698..d755bd396 100644
--- a/src/org/traccar/database/CalendarManager.java
+++ b/src/org/traccar/database/CalendarManager.java
@@ -1,6 +1,6 @@
 /*
- * Copyright 2016 Anton Tananaev (anton@traccar.org)
- * Copyright 2016 Andrey Kunitsyn (andrey@traccar.org)
+ * Copyright 2016 - 2017 Anton Tananaev (anton@traccar.org)
+ * Copyright 2016 - 2017 Andrey Kunitsyn (andrey@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.traccar.Context;
 import org.traccar.helper.Log;
 import org.traccar.model.Calendar;
 import org.traccar.model.CalendarPermission;
@@ -69,6 +70,15 @@ public class CalendarManager {
         return result;
     }
 
+    public Collection<Calendar> getManagedCalendars(long userId) {
+        ArrayList<Calendar> result = new ArrayList<>();
+        result.addAll(getUserCalendars(userId));
+        for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) {
+            result.addAll(getUserCalendars(otherUserId));
+        }
+        return result;
+    }
+
     public final void refreshUserCalendars() {
         if (dataManager != null) {
             try {
diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java
index 278109229..2dea7ef40 100644
--- a/src/org/traccar/database/DataManager.java
+++ b/src/org/traccar/database/DataManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012 - 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2012 - 2017 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -51,6 +51,7 @@ import org.traccar.model.Position;
 import org.traccar.model.Server;
 import org.traccar.model.Statistics;
 import org.traccar.model.User;
+import org.traccar.model.UserPermission;
 import org.traccar.model.DeviceGeofence;
 import org.traccar.model.GeofencePermission;
 
@@ -527,4 +528,23 @@ public class DataManager {
                 .setLong("calendarId", calendarId)
                 .executeUpdate();
     }
+
+    public Collection<UserPermission> getUserPermissions() throws SQLException {
+        return QueryBuilder.create(dataSource, getQuery("database.selectUserPermissions"))
+                .executeQuery(UserPermission.class);
+    }
+
+    public void linkUser(long userId, long otherUserId) throws SQLException {
+        QueryBuilder.create(dataSource, getQuery("database.linkUser"))
+                .setLong("userId", userId)
+                .setLong("otherUserId", otherUserId)
+                .executeUpdate();
+    }
+
+    public void unlinkUser(long userId, long otherUserId) throws SQLException {
+        QueryBuilder.create(dataSource, getQuery("database.unlinkUser"))
+                .setLong("userId", userId)
+                .setLong("otherUserId", otherUserId)
+                .executeUpdate();
+    }
 }
diff --git a/src/org/traccar/database/DeviceManager.java b/src/org/traccar/database/DeviceManager.java
index c70e67231..bcb3185ca 100644
--- a/src/org/traccar/database/DeviceManager.java
+++ b/src/org/traccar/database/DeviceManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2016 - 2017 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -160,6 +160,15 @@ public class DeviceManager implements IdentityManager {
         return devices;
     }
 
+    public Collection<Device> getManagedDevices(long userId) throws SQLException {
+        Collection<Device> devices = new ArrayList<>();
+        devices.addAll(getDevices(userId));
+        for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) {
+            devices.addAll(getDevices(otherUserId));
+        }
+        return devices;
+    }
+
     public void addDevice(Device device) throws SQLException {
         dataManager.addDevice(device);
 
@@ -289,6 +298,15 @@ public class DeviceManager implements IdentityManager {
         return groups;
     }
 
+    public Collection<Group> getManagedGroups(long userId) throws SQLException {
+        Collection<Group> groups = new ArrayList<>();
+        groups.addAll(getGroups(userId));
+        for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) {
+            groups.addAll(getGroups(otherUserId));
+        }
+        return groups;
+    }
+
     private void checkGroupCycles(Group group) {
         Set<Long> groups = new HashSet<>();
         while (group != null) {
diff --git a/src/org/traccar/database/GeofenceManager.java b/src/org/traccar/database/GeofenceManager.java
index e2e0c12d4..adc93aa29 100644
--- a/src/org/traccar/database/GeofenceManager.java
+++ b/src/org/traccar/database/GeofenceManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2016 - 2017 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -242,6 +242,15 @@ public class GeofenceManager {
         }
     }
 
+    public final Set<Long> getManagedGeofencesIds(long userId) {
+        Set<Long> geofences = new HashSet<>();
+        geofences.addAll(getUserGeofencesIds(userId));
+        for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) {
+            geofences.addAll(getUserGeofencesIds(otherUserId));
+        }
+        return geofences;
+    }
+
     public final Collection<Geofence> getGeofences(Set<Long> geofencesIds) {
         geofencesLock.readLock().lock();
         try {
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index 6c0610655..3c62f84c2 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2017 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,11 +23,14 @@ import org.traccar.model.Group;
 import org.traccar.model.GroupPermission;
 import org.traccar.model.Server;
 import org.traccar.model.User;
+import org.traccar.model.UserPermission;
 
 import java.sql.SQLException;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
@@ -47,6 +50,8 @@ public class PermissionsManager {
     private final Map<Long, Set<Long>> deviceUsers = new HashMap<>();
     private final Map<Long, Set<Long>> groupDevices = new HashMap<>();
 
+    private final Map<Long, Set<Long>> userPermissions = new HashMap<>();
+
     public Set<Long> getGroupPermissions(long userId) {
         if (!groupPermissions.containsKey(userId)) {
             groupPermissions.put(userId, new HashSet<Long>());
@@ -75,10 +80,18 @@ public class PermissionsManager {
         return groupDevices.get(groupId);
     }
 
+    public Set<Long> getUserPermissions(long userId) {
+        if (!userPermissions.containsKey(userId)) {
+            userPermissions.put(userId, new HashSet<Long>());
+        }
+        return userPermissions.get(userId);
+    }
+
     public PermissionsManager(DataManager dataManager) {
         this.dataManager = dataManager;
         refreshUsers();
         refreshPermissions();
+        refreshUserPermissions();
     }
 
     public final void refreshUsers() {
@@ -97,6 +110,17 @@ public class PermissionsManager {
         }
     }
 
+    public final void refreshUserPermissions() {
+        userPermissions.clear();
+        try {
+            for (UserPermission permission : dataManager.getUserPermissions()) {
+                getUserPermissions(permission.getUserId()).add(permission.getOtherUserId());
+            }
+        } catch (SQLException error) {
+            Log.warning(error);
+        }
+    }
+
     public final void refreshPermissions() {
         groupPermissions.clear();
         devicePermissions.clear();
@@ -146,6 +170,39 @@ public class PermissionsManager {
         }
     }
 
+    public boolean isManager(long userId) {
+        return users.containsKey(userId) && users.get(userId).getUserLimit() > 0;
+    }
+
+    public void checkManager(long userId) throws SecurityException {
+        if (!isManager(userId)) {
+            throw new SecurityException("Manager access required");
+        }
+    }
+
+    public void checkManager(long userId, long otherUserId) throws SecurityException {
+        checkManager(userId);
+        if (!userPermissions.get(userId).contains(otherUserId)) {
+            throw new SecurityException("User access denied");
+        }
+    }
+
+    public void checkUserLimit(long userId) throws SecurityException {
+        if (!isAdmin(userId) && userPermissions.get(userId).size() >= users.get(userId).getUserLimit()) {
+            throw new SecurityException("Manager user limit reached");
+        }
+    }
+
+    public void checkDeviceLimit(long userId) throws SecurityException {
+        int deviceLimit = users.get(userId).getDeviceLimit();
+        if (deviceLimit != 0) {
+            int deviceCount = getDevicePermissions(userId).size();
+            if (deviceCount >= deviceLimit) {
+                throw new SecurityException("User device limit reached");
+            }
+        }
+    }
+
     public boolean isReadonly(long userId) {
         return users.containsKey(userId) && users.get(userId).getReadonly();
     }
@@ -168,30 +225,52 @@ public class PermissionsManager {
 
     public void checkUserUpdate(long userId, User before, User after) throws SecurityException {
         if (before.getAdmin() != after.getAdmin()
-                || before.getReadonly() != after.getReadonly()
-                || before.getDisabled() != after.getDisabled()
                 || before.getDeviceLimit() != after.getDeviceLimit()
+                || before.getUserLimit() != after.getUserLimit()) {
+            checkAdmin(userId);
+        }
+        if (before.getReadonly() != after.getReadonly()
+                || before.getDisabled() != after.getDisabled()
                 || !Objects.equals(before.getExpirationTime(), after.getExpirationTime())
                 || !Objects.equals(before.getToken(), after.getToken())) {
-            checkAdmin(userId);
+            if (userId == after.getId()) {
+                checkAdmin(userId);
+            }
+            if (!isAdmin(userId)) {
+                checkManager(userId);
+            }
         }
     }
 
     public void checkUser(long userId, long otherUserId) throws SecurityException {
-        if (userId != otherUserId) {
-            checkAdmin(userId);
+        if (userId != otherUserId && !isAdmin(userId)) {
+            checkManager(userId, otherUserId);
         }
     }
 
     public void checkGroup(long userId, long groupId) throws SecurityException {
-        if (!getGroupPermissions(userId).contains(groupId)) {
-            throw new SecurityException("Group access denied");
+        if (!getGroupPermissions(userId).contains(groupId) && !isAdmin(userId)) {
+            Iterator<Long> iterator = getUserPermissions(userId).iterator();
+            boolean managed = false;
+            while (!managed && iterator.hasNext()) {
+                managed = getGroupPermissions(iterator.next()).contains(groupId);
+            }
+            if (!managed) {
+                throw new SecurityException("Group access denied");
+            }
         }
     }
 
     public void checkDevice(long userId, long deviceId) throws SecurityException {
-        if (!getDevicePermissions(userId).contains(deviceId)) {
-            throw new SecurityException("Device access denied");
+        if (!getDevicePermissions(userId).contains(deviceId) && !isAdmin(userId)) {
+            Iterator<Long> iterator = getUserPermissions(userId).iterator();
+            boolean managed = false;
+            while (!managed && iterator.hasNext()) {
+                managed = getDevicePermissions(iterator.next()).contains(deviceId);
+            }
+            if (!managed) {
+                throw new SecurityException("Device access denied");
+            }
         }
     }
 
@@ -203,13 +282,27 @@ public class PermissionsManager {
 
     public void checkGeofence(long userId, long geofenceId) throws SecurityException {
         if (!Context.getGeofenceManager().checkGeofence(userId, geofenceId) && !isAdmin(userId)) {
-            throw new SecurityException("Geofence access denied");
+            Iterator<Long> iterator = getUserPermissions(userId).iterator();
+            boolean managed = false;
+            while (!managed && iterator.hasNext()) {
+                managed = Context.getGeofenceManager().checkGeofence(iterator.next(), geofenceId);
+            }
+            if (!managed) {
+                throw new SecurityException("Geofence access denied");
+            }
         }
     }
 
     public void checkCalendar(long userId, long calendarId) throws SecurityException {
         if (!Context.getCalendarManager().checkCalendar(userId, calendarId) && !isAdmin(userId)) {
-            throw new SecurityException("Calendar access denied");
+            Iterator<Long> iterator = getUserPermissions(userId).iterator();
+            boolean managed = false;
+            while (!managed && iterator.hasNext()) {
+                managed = Context.getCalendarManager().checkCalendar(iterator.next(), calendarId);
+            }
+            if (!managed) {
+                throw new SecurityException("Calendar access denied");
+            }
         }
     }
 
@@ -222,10 +315,24 @@ public class PermissionsManager {
         this.server = server;
     }
 
-    public Collection<User> getUsers() {
+    public Collection<User> getAllUsers() {
         return users.values();
     }
 
+    public Collection<User> getUsers(long userId) {
+        Collection<User> result = new ArrayList<>();
+        for (long otherUserId : getUserPermissions(userId)) {
+            result.add(users.get(otherUserId));
+        }
+        return result;
+    }
+
+    public Collection<User> getManagedUsers(long userId) {
+        Collection<User> result = getUsers(userId);
+        result.add(users.get(userId));
+        return result;
+    }
+
     public User getUser(long userId) {
         return users.get(userId);
     }
@@ -257,6 +364,7 @@ public class PermissionsManager {
         usersTokens.remove(users.get(userId).getToken());
         users.remove(userId);
         refreshPermissions();
+        refreshUserPermissions();
     }
 
     public User login(String email, String password) throws SQLException {