diff options
author | Abyss777 <abyss@fox5.ru> | 2017-07-20 10:05:33 +0500 |
---|---|---|
committer | Abyss777 <abyss@fox5.ru> | 2017-07-20 10:05:33 +0500 |
commit | 0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0 (patch) | |
tree | d2bc54bd9671948c5444e8ab313d99021469a295 /src/org | |
parent | afb9a199f57824ec06c993b6028c35b616f64885 (diff) | |
download | trackermap-server-0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0.tar.gz trackermap-server-0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0.tar.bz2 trackermap-server-0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0.zip |
Make permissions resources more strict
Diffstat (limited to 'src/org')
-rw-r--r-- | src/org/traccar/api/resource/DeviceResource.java | 6 | ||||
-rw-r--r-- | src/org/traccar/api/resource/GroupResource.java | 6 | ||||
-rw-r--r-- | src/org/traccar/api/resource/PermissionsResource.java | 6 |
3 files changed, 18 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index 41a8970e2..0f7579bae 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -125,6 +125,9 @@ public class DeviceResource extends BaseResource { @POST public Response add(Map<String, Long> entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } @@ -140,6 +143,9 @@ public class DeviceResource extends BaseResource { for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } Context.getDataManager().linkObject(entity, false); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java index 97b6d671d..0d9572332 100644 --- a/src/org/traccar/api/resource/GroupResource.java +++ b/src/org/traccar/api/resource/GroupResource.java @@ -97,6 +97,9 @@ public class GroupResource extends BaseResource { @POST public Response add(Map<String, Long> entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } @@ -109,6 +112,9 @@ public class GroupResource extends BaseResource { @DELETE public Response remove(Map<String, Long> entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java index ac7acb93f..e22ffae36 100644 --- a/src/org/traccar/api/resource/PermissionsResource.java +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -39,6 +39,9 @@ public class PermissionsResource extends BaseResource { @POST public Response add(Map<String, Long> entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } @@ -51,6 +54,9 @@ public class PermissionsResource extends BaseResource { @DELETE public Response remove(Map<String, Long> entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } |