diff options
author | Abyss777 <abyss@fox5.ru> | 2017-01-25 12:39:13 +0500 |
---|---|---|
committer | Abyss777 <abyss@fox5.ru> | 2017-01-25 12:39:13 +0500 |
commit | 483ed4418f53c5207d7150bf288ec6245d8f2cc3 (patch) | |
tree | dcfa32f533fe1a6e1d508ccbfddfa77139831f7b /src/org/traccar/database | |
parent | 92f9691c9817526bd025377cb44aa336e7625592 (diff) | |
download | trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.tar.gz trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.tar.bz2 trackermap-server-483ed4418f53c5207d7150bf288ec6245d8f2cc3.zip |
- Add "deviceReadonly" user field
- Allow users edit tokens
- Managers can create users with deviceLimit = 0 only
- Manager can't create users with expirationTime later then their
- Other permissions improvements
Diffstat (limited to 'src/org/traccar/database')
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 4a5f759a8..14cc8027a 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -31,7 +31,6 @@ import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.Map; -import java.util.Objects; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -170,7 +169,7 @@ public class PermissionsManager { } public boolean isManager(long userId) { - return users.containsKey(userId) && users.get(userId).getUserLimit() > 0; + return users.containsKey(userId) && users.get(userId).getUserLimit() != 0; } public void checkManager(long userId) throws SecurityException { @@ -187,15 +186,21 @@ public class PermissionsManager { } public void checkUserLimit(long userId) throws SecurityException { - if (!isAdmin(userId) && userPermissions.get(userId).size() >= users.get(userId).getUserLimit()) { + int userLimit = users.get(userId).getUserLimit(); + if (userLimit != -1 && userPermissions.get(userId).size() >= userLimit) { throw new SecurityException("Manager user limit reached"); } } - public void checkDeviceLimit(long userId) throws SecurityException { + public void checkDeviceLimit(long userId) throws SecurityException, SQLException { int deviceLimit = users.get(userId).getDeviceLimit(); - if (deviceLimit != 0) { - int deviceCount = getDevicePermissions(userId).size(); + if (deviceLimit != -1) { + int deviceCount = 0; + if (isManager(userId)) { + deviceCount = Context.getDeviceManager().getManagedDevices(userId).size(); + } else { + deviceCount = getDevicePermissions(userId).size(); + } if (deviceCount >= deviceLimit) { throw new SecurityException("User device limit reached"); } @@ -206,12 +211,22 @@ public class PermissionsManager { return users.containsKey(userId) && users.get(userId).getReadonly(); } + public boolean isDeviceReadonly(long userId) { + return users.containsKey(userId) && users.get(userId).getDeviceReadonly(); + } + public void checkReadonly(long userId) throws SecurityException { if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) { throw new SecurityException("Account is readonly"); } } + public void checkDeviceReadonly(long userId) throws SecurityException { + if (!isAdmin(userId) && isDeviceReadonly(userId)) { + throw new SecurityException("Account is device readonly"); + } + } + public void checkUserEnabled(long userId) throws SecurityException { User user = getUser(userId); if (user.getDisabled()) { @@ -228,10 +243,14 @@ public class PermissionsManager { || before.getUserLimit() != after.getUserLimit()) { checkAdmin(userId); } + if (users.containsKey(userId) && users.get(userId).getExpirationTime() != null + && (after.getExpirationTime() == null + || users.get(userId).getExpirationTime().compareTo(after.getExpirationTime()) < 0)) { + checkAdmin(userId); + } if (before.getReadonly() != after.getReadonly() - || before.getDisabled() != after.getDisabled() - || !Objects.equals(before.getExpirationTime(), after.getExpirationTime()) - || !Objects.equals(before.getToken(), after.getToken())) { + || before.getDeviceReadonly() != after.getDeviceReadonly() + || before.getDisabled() != after.getDisabled()) { if (userId == after.getId()) { checkAdmin(userId); } |