- Add "deviceReadonly" user field

- Allow users edit tokens - Managers can create users with deviceLimit = 0 only - Manager can't create users with expirationTime later then their - Other permissions improvements
author: Abyss777 <abyss@fox5.ru> 2017-01-25 12:39:13 +0500
committer: Abyss777 <abyss@fox5.ru> 2017-01-25 12:39:13 +0500
commit: 483ed4418f53c5207d7150bf288ec6245d8f2cc3 (patch)
tree: dcfa32f533fe1a6e1d508ccbfddfa77139831f7b /src/org/traccar/database
parent: 92f9691c9817526bd025377cb44aa336e7625592 (diff)
download: trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.tar.gz
trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.tar.bz2
trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.zip
1 files changed, 28 insertions, 9 deletions
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index 4a5f759a8..14cc8027a 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -31,7 +31,6 @@ import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
-import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -170,7 +169,7 @@ public class PermissionsManager {
     }
 
     public boolean isManager(long userId) {
-        return users.containsKey(userId) && users.get(userId).getUserLimit() > 0;
+        return users.containsKey(userId) && users.get(userId).getUserLimit() != 0;
     }
 
     public void checkManager(long userId) throws SecurityException {
@@ -187,15 +186,21 @@ public class PermissionsManager {
     }
 
     public void checkUserLimit(long userId) throws SecurityException {
-        if (!isAdmin(userId) && userPermissions.get(userId).size() >= users.get(userId).getUserLimit()) {
+        int userLimit = users.get(userId).getUserLimit();
+        if (userLimit != -1 && userPermissions.get(userId).size() >= userLimit) {
             throw new SecurityException("Manager user limit reached");
         }
     }
 
-    public void checkDeviceLimit(long userId) throws SecurityException {
+    public void checkDeviceLimit(long userId) throws SecurityException, SQLException {
         int deviceLimit = users.get(userId).getDeviceLimit();
-        if (deviceLimit != 0) {
-            int deviceCount = getDevicePermissions(userId).size();
+        if (deviceLimit != -1) {
+            int deviceCount = 0;
+            if (isManager(userId)) {
+                deviceCount = Context.getDeviceManager().getManagedDevices(userId).size();
+            } else {
+                deviceCount = getDevicePermissions(userId).size();
+            }
             if (deviceCount >= deviceLimit) {
                 throw new SecurityException("User device limit reached");
             }
@@ -206,12 +211,22 @@ public class PermissionsManager {
         return users.containsKey(userId) && users.get(userId).getReadonly();
     }
 
+    public boolean isDeviceReadonly(long userId) {
+        return users.containsKey(userId) && users.get(userId).getDeviceReadonly();
+    }
+
     public void checkReadonly(long userId) throws SecurityException {
         if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) {
             throw new SecurityException("Account is readonly");
         }
     }
 
+    public void checkDeviceReadonly(long userId) throws SecurityException {
+        if (!isAdmin(userId) && isDeviceReadonly(userId)) {
+            throw new SecurityException("Account is device readonly");
+        }
+    }
+
     public void checkUserEnabled(long userId) throws SecurityException {
         User user = getUser(userId);
         if (user.getDisabled()) {
@@ -228,10 +243,14 @@ public class PermissionsManager {
                 || before.getUserLimit() != after.getUserLimit()) {
             checkAdmin(userId);
         }
+        if (users.containsKey(userId) && users.get(userId).getExpirationTime() != null
+                && (after.getExpirationTime() == null
+                || users.get(userId).getExpirationTime().compareTo(after.getExpirationTime()) < 0)) {
+            checkAdmin(userId);
+        }
         if (before.getReadonly() != after.getReadonly()
-                || before.getDisabled() != after.getDisabled()
-                || !Objects.equals(before.getExpirationTime(), after.getExpirationTime())
-                || !Objects.equals(before.getToken(), after.getToken())) {
+                || before.getDeviceReadonly() != after.getDeviceReadonly()
+                || before.getDisabled() != after.getDisabled()) {
             if (userId == after.getId()) {
                 checkAdmin(userId);
             }
author	Abyss777 <abyss@fox5.ru>	2017-01-25 12:39:13 +0500
committer	Abyss777 <abyss@fox5.ru>	2017-01-25 12:39:13 +0500
commit	483ed4418f53c5207d7150bf288ec6245d8f2cc3 (patch)
tree	dcfa32f533fe1a6e1d508ccbfddfa77139831f7b /src/org/traccar/database
parent	92f9691c9817526bd025377cb44aa336e7625592 (diff)
download	trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.tar.gz trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.tar.bz2 trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.zip