aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 21:12:37 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 21:12:37 +1300
commit2bb63a0b1c82c42c0d13614c5a67521130165368 (patch)
treeb3f161b35fb74e7996845fab420eec8a868017c8 /src/org/traccar
parent5947767811b376a26c550661a7f5362d0d884f84 (diff)
downloadtrackermap-server-2bb63a0b1c82c42c0d13614c5a67521130165368.tar.gz
trackermap-server-2bb63a0b1c82c42c0d13614c5a67521130165368.tar.bz2
trackermap-server-2bb63a0b1c82c42c0d13614c5a67521130165368.zip
Check readonly and registration flags
Diffstat (limited to 'src/org/traccar')
-rw-r--r--src/org/traccar/api/resource/DeviceResource.java3
-rw-r--r--src/org/traccar/api/resource/ServerResource.java1
-rw-r--r--src/org/traccar/api/resource/UserResource.java2
-rw-r--r--src/org/traccar/database/PermissionsManager.java22
4 files changed, 26 insertions, 2 deletions
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index a25201678..a4bfc1030 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -55,6 +55,7 @@ public class DeviceResource extends BaseResource {
@POST
public Response add(Device entity) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
Context.getDataManager().addDevice(entity);
Context.getDataManager().linkDevice(getUserId(), entity.getId());
Context.getPermissionsManager().refresh();
@@ -64,6 +65,7 @@ public class DeviceResource extends BaseResource {
@Path("{id}")
@PUT
public Response update(@PathParam("id") long id, Device entity) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
Context.getPermissionsManager().checkDevice(getUserId(), id);
Context.getDataManager().updateDevice(entity);
return Response.ok(entity).build();
@@ -72,6 +74,7 @@ public class DeviceResource extends BaseResource {
@Path("{id}")
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
+ Context.getPermissionsManager().checkReadonly(getUserId());
Context.getPermissionsManager().checkDevice(getUserId(), id);
Context.getDataManager().removeDevice(id);
Context.getPermissionsManager().refresh();
diff --git a/src/org/traccar/api/resource/ServerResource.java b/src/org/traccar/api/resource/ServerResource.java
index 54c04d21b..9e42687ab 100644
--- a/src/org/traccar/api/resource/ServerResource.java
+++ b/src/org/traccar/api/resource/ServerResource.java
@@ -44,6 +44,7 @@ public class ServerResource extends BaseResource {
public Response update(Server entity) throws SQLException {
Context.getPermissionsManager().checkAdmin(getUserId());
Context.getDataManager().updateServer(entity);
+ Context.getPermissionsManager().refresh();
return Response.ok(entity).build();
}
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index bf4cb85c3..4d57d5b0c 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -47,7 +47,7 @@ public class UserResource extends BaseResource {
@PermitAll
@POST
public Response add(User entity) throws SQLException {
- Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
+ Context.getPermissionsManager().checkRegistration(getUserId());
Context.getDataManager().addUser(entity);
Context.getPermissionsManager().refresh();
return Response.ok(entity).build();
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index a38a29c32..b0f544a42 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -23,12 +23,15 @@ import java.util.Map;
import java.util.Set;
import org.traccar.helper.Log;
import org.traccar.model.Permission;
+import org.traccar.model.Server;
import org.traccar.model.User;
public class PermissionsManager {
private final DataManager dataManager;
+ private Server server;
+
private final Map<Long, User> users = new HashMap<>();
private final Map<Long, Set<Long>> permissions = new HashMap<>();
@@ -49,6 +52,7 @@ public class PermissionsManager {
users.clear();
permissions.clear();
try {
+ server = dataManager.getServer();
for (User user : dataManager.getUsers()) {
users.put(user.getId(), user);
}
@@ -60,8 +64,12 @@ public class PermissionsManager {
}
}
+ private boolean isAdmin(long userId) {
+ return users.containsKey(userId) && users.get(userId).getAdmin();
+ }
+
public void checkAdmin(long userId) throws SecurityException {
- if (!users.containsKey(userId) || !users.get(userId).getAdmin()) {
+ if (!isAdmin(userId)) {
throw new SecurityException("Admin access required");
}
}
@@ -82,4 +90,16 @@ public class PermissionsManager {
}
}
+ public void checkRegistration(long userId) {
+ if (!server.getRegistration() && !isAdmin(userId)) {
+ throw new SecurityException("Registration disabled");
+ }
+ }
+
+ public void checkReadonly(long userId) {
+ if (server.getReadonly() && !isAdmin(userId)) {
+ throw new SecurityException("Readonly user");
+ }
+ }
+
}