diff options
-rw-r--r-- | schema/changelog-3.10.xml | 4 | ||||
-rw-r--r-- | setup/default.xml | 6 | ||||
-rw-r--r-- | src/org/traccar/api/resource/UserPermissionResource.java | 9 | ||||
-rw-r--r-- | src/org/traccar/database/CalendarManager.java | 4 | ||||
-rw-r--r-- | src/org/traccar/database/DataManager.java | 8 | ||||
-rw-r--r-- | src/org/traccar/database/DeviceManager.java | 8 | ||||
-rw-r--r-- | src/org/traccar/database/GeofenceManager.java | 4 | ||||
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 59 | ||||
-rw-r--r-- | src/org/traccar/model/UserPermission.java | 10 |
9 files changed, 53 insertions, 59 deletions
diff --git a/schema/changelog-3.10.xml b/schema/changelog-3.10.xml index 5ba882e0f..137b3bc82 100644 --- a/schema/changelog-3.10.xml +++ b/schema/changelog-3.10.xml @@ -56,13 +56,13 @@ <column name="userid" type="INT"> <constraints nullable="false" /> </column> - <column name="otheruserid" type="INT"> + <column name="manageduserid" type="INT"> <constraints nullable="false" /> </column> </createTable> <addForeignKeyConstraint baseTableName="user_user" baseColumnNames="userid" constraintName="fk_user_user_userid" referencedTableName="users" referencedColumnNames="id" onDelete="CASCADE" /> - <addForeignKeyConstraint baseTableName="user_user" baseColumnNames="otheruserid" constraintName="fk_user_user_otheruserid" referencedTableName="users" referencedColumnNames="id" onDelete="CASCADE" /> + <addForeignKeyConstraint baseTableName="user_user" baseColumnNames="manageduserid" constraintName="fk_user_user_manageduserid" referencedTableName="users" referencedColumnNames="id" onDelete="CASCADE" /> </changeSet> </databaseChangeLog> diff --git a/setup/default.xml b/setup/default.xml index eab11e10e..0ab3163f0 100644 --- a/setup/default.xml +++ b/setup/default.xml @@ -353,15 +353,15 @@ </entry> <entry key='database.selectUserPermissions'> - SELECT userId, otherUserId FROM user_user + SELECT userId, managedUserId FROM user_user </entry> <entry key='database.linkUser'> - INSERT INTO user_user (userId, otherUserId) VALUES (:userId, :otherUserId) + INSERT INTO user_user (userId, managedUserId) VALUES (:userId, :managedUserId) </entry> <entry key='database.unlinkUser'> - DELETE FROM user_user WHERE userId = :userId AND otherUserId = :otherUserId + DELETE FROM user_user WHERE userId = :userId AND managedUserId = :managedUserId </entry> <!-- PROTOCOL CONFIG --> diff --git a/src/org/traccar/api/resource/UserPermissionResource.java b/src/org/traccar/api/resource/UserPermissionResource.java index 35e22e6d4..a97c4a665 100644 --- a/src/org/traccar/api/resource/UserPermissionResource.java +++ b/src/org/traccar/api/resource/UserPermissionResource.java @@ -38,18 +38,17 @@ public class UserPermissionResource extends BaseResource { @POST public Response add(UserPermission entity) throws SQLException { Context.getPermissionsManager().checkAdmin(getUserId()); - if (entity.getUserId() == entity.getOtherUserId()) { - throw new SecurityException("Selfmanagement prohibited"); + if (entity.getUserId() != entity.getManagedUserId()) { + Context.getDataManager().linkUser(entity.getUserId(), entity.getManagedUserId()); + Context.getPermissionsManager().refreshUserPermissions(); } - Context.getDataManager().linkUser(entity.getUserId(), entity.getOtherUserId()); - Context.getPermissionsManager().refreshUserPermissions(); return Response.ok(entity).build(); } @DELETE public Response remove(UserPermission entity) throws SQLException { Context.getPermissionsManager().checkAdmin(getUserId()); - Context.getDataManager().unlinkUser(entity.getUserId(), entity.getOtherUserId()); + Context.getDataManager().unlinkUser(entity.getUserId(), entity.getManagedUserId()); Context.getPermissionsManager().refreshUserPermissions(); return Response.noContent().build(); } diff --git a/src/org/traccar/database/CalendarManager.java b/src/org/traccar/database/CalendarManager.java index d755bd396..31d484327 100644 --- a/src/org/traccar/database/CalendarManager.java +++ b/src/org/traccar/database/CalendarManager.java @@ -73,8 +73,8 @@ public class CalendarManager { public Collection<Calendar> getManagedCalendars(long userId) { ArrayList<Calendar> result = new ArrayList<>(); result.addAll(getUserCalendars(userId)); - for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { - result.addAll(getUserCalendars(otherUserId)); + for (long managedUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + result.addAll(getUserCalendars(managedUserId)); } return result; } diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index 2dea7ef40..8337762f7 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -534,17 +534,17 @@ public class DataManager { .executeQuery(UserPermission.class); } - public void linkUser(long userId, long otherUserId) throws SQLException { + public void linkUser(long userId, long managedUserId) throws SQLException { QueryBuilder.create(dataSource, getQuery("database.linkUser")) .setLong("userId", userId) - .setLong("otherUserId", otherUserId) + .setLong("managedUserId", managedUserId) .executeUpdate(); } - public void unlinkUser(long userId, long otherUserId) throws SQLException { + public void unlinkUser(long userId, long managedUserId) throws SQLException { QueryBuilder.create(dataSource, getQuery("database.unlinkUser")) .setLong("userId", userId) - .setLong("otherUserId", otherUserId) + .setLong("managedUserId", managedUserId) .executeUpdate(); } } diff --git a/src/org/traccar/database/DeviceManager.java b/src/org/traccar/database/DeviceManager.java index bcb3185ca..8e75903db 100644 --- a/src/org/traccar/database/DeviceManager.java +++ b/src/org/traccar/database/DeviceManager.java @@ -163,8 +163,8 @@ public class DeviceManager implements IdentityManager { public Collection<Device> getManagedDevices(long userId) throws SQLException { Collection<Device> devices = new ArrayList<>(); devices.addAll(getDevices(userId)); - for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { - devices.addAll(getDevices(otherUserId)); + for (long managedUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + devices.addAll(getDevices(managedUserId)); } return devices; } @@ -301,8 +301,8 @@ public class DeviceManager implements IdentityManager { public Collection<Group> getManagedGroups(long userId) throws SQLException { Collection<Group> groups = new ArrayList<>(); groups.addAll(getGroups(userId)); - for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { - groups.addAll(getGroups(otherUserId)); + for (long managedUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + groups.addAll(getGroups(managedUserId)); } return groups; } diff --git a/src/org/traccar/database/GeofenceManager.java b/src/org/traccar/database/GeofenceManager.java index adc93aa29..b8e6a5d73 100644 --- a/src/org/traccar/database/GeofenceManager.java +++ b/src/org/traccar/database/GeofenceManager.java @@ -245,8 +245,8 @@ public class GeofenceManager { public final Set<Long> getManagedGeofencesIds(long userId) { Set<Long> geofences = new HashSet<>(); geofences.addAll(getUserGeofencesIds(userId)); - for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { - geofences.addAll(getUserGeofencesIds(otherUserId)); + for (long managedUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + geofences.addAll(getUserGeofencesIds(managedUserId)); } return geofences; } diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 3c62f84c2..c49ffb00c 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -30,7 +30,6 @@ import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.Map; import java.util.Objects; import java.util.Set; @@ -114,7 +113,7 @@ public class PermissionsManager { userPermissions.clear(); try { for (UserPermission permission : dataManager.getUserPermissions()) { - getUserPermissions(permission.getUserId()).add(permission.getOtherUserId()); + getUserPermissions(permission.getUserId()).add(permission.getManagedUserId()); } } catch (SQLException error) { Log.warning(error); @@ -250,27 +249,25 @@ public class PermissionsManager { public void checkGroup(long userId, long groupId) throws SecurityException { if (!getGroupPermissions(userId).contains(groupId) && !isAdmin(userId)) { - Iterator<Long> iterator = getUserPermissions(userId).iterator(); - boolean managed = false; - while (!managed && iterator.hasNext()) { - managed = getGroupPermissions(iterator.next()).contains(groupId); - } - if (!managed) { - throw new SecurityException("Group access denied"); + checkManager(userId); + for (long managedUserId : getUserPermissions(userId)) { + if (getGroupPermissions(managedUserId).contains(groupId)) { + return; + } } + throw new SecurityException("Group access denied"); } } public void checkDevice(long userId, long deviceId) throws SecurityException { if (!getDevicePermissions(userId).contains(deviceId) && !isAdmin(userId)) { - Iterator<Long> iterator = getUserPermissions(userId).iterator(); - boolean managed = false; - while (!managed && iterator.hasNext()) { - managed = getDevicePermissions(iterator.next()).contains(deviceId); - } - if (!managed) { - throw new SecurityException("Device access denied"); + checkManager(userId); + for (long managedUserId : getUserPermissions(userId)) { + if (getDevicePermissions(managedUserId).contains(deviceId)) { + return; + } } + throw new SecurityException("Device access denied"); } } @@ -282,27 +279,25 @@ public class PermissionsManager { public void checkGeofence(long userId, long geofenceId) throws SecurityException { if (!Context.getGeofenceManager().checkGeofence(userId, geofenceId) && !isAdmin(userId)) { - Iterator<Long> iterator = getUserPermissions(userId).iterator(); - boolean managed = false; - while (!managed && iterator.hasNext()) { - managed = Context.getGeofenceManager().checkGeofence(iterator.next(), geofenceId); - } - if (!managed) { - throw new SecurityException("Geofence access denied"); + checkManager(userId); + for (long managedUserId : getUserPermissions(userId)) { + if (Context.getGeofenceManager().checkGeofence(managedUserId, geofenceId)) { + return; + } } + throw new SecurityException("Geofence access denied"); } } public void checkCalendar(long userId, long calendarId) throws SecurityException { if (!Context.getCalendarManager().checkCalendar(userId, calendarId) && !isAdmin(userId)) { - Iterator<Long> iterator = getUserPermissions(userId).iterator(); - boolean managed = false; - while (!managed && iterator.hasNext()) { - managed = Context.getCalendarManager().checkCalendar(iterator.next(), calendarId); - } - if (!managed) { - throw new SecurityException("Calendar access denied"); + checkManager(userId); + for (long managedUserId : getUserPermissions(userId)) { + if (Context.getCalendarManager().checkCalendar(managedUserId, calendarId)) { + return; + } } + throw new SecurityException("Calendar access denied"); } } @@ -321,8 +316,8 @@ public class PermissionsManager { public Collection<User> getUsers(long userId) { Collection<User> result = new ArrayList<>(); - for (long otherUserId : getUserPermissions(userId)) { - result.add(users.get(otherUserId)); + for (long managedUserId : getUserPermissions(userId)) { + result.add(users.get(managedUserId)); } return result; } diff --git a/src/org/traccar/model/UserPermission.java b/src/org/traccar/model/UserPermission.java index fce98edf0..39ead5ef1 100644 --- a/src/org/traccar/model/UserPermission.java +++ b/src/org/traccar/model/UserPermission.java @@ -28,14 +28,14 @@ public class UserPermission { this.userId = userId; } - private long otherUserId; + private long managedUserId; - public long getOtherUserId() { - return otherUserId; + public long getManagedUserId() { + return managedUserId; } - public void setOtherUserId(long otherUserId) { - this.otherUserId = otherUserId; + public void setManagedUserId(long managedUserId) { + this.managedUserId = managedUserId; } } |