aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/org/traccar/Context.java8
-rw-r--r--src/org/traccar/api/BaseResource.java9
-rw-r--r--src/org/traccar/api/resource/AttributeResource.java4
-rw-r--r--src/org/traccar/api/resource/CalendarResource.java4
-rw-r--r--src/org/traccar/api/resource/DriverResource.java4
-rw-r--r--src/org/traccar/api/resource/EventResource.java2
-rw-r--r--src/org/traccar/api/resource/GeofenceResource.java4
-rw-r--r--src/org/traccar/database/DataManager.java4
-rw-r--r--src/org/traccar/database/PermissionsManager.java16
9 files changed, 33 insertions, 22 deletions
diff --git a/src/org/traccar/Context.java b/src/org/traccar/Context.java
index a4fc5b679..57c6bc908 100644
--- a/src/org/traccar/Context.java
+++ b/src/org/traccar/Context.java
@@ -59,6 +59,14 @@ import org.traccar.web.WebServer;
public final class Context {
+ public static final String TYPE_USER = "User";
+ public static final String TYPE_DEVICE = "Device";
+ public static final String TYPE_GROUP = "Group";
+ public static final String TYPE_GEOFENCE = "Geofence";
+ public static final String TYPE_CALENDAR = "Calendar";
+ public static final String TYPE_ATTRIBUTE = "Attribute";
+ public static final String TYPE_DRIVER = "Driver";
+
private Context() {
}
diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java
index 9ac30f5a7..4ad1477c2 100644
--- a/src/org/traccar/api/BaseResource.java
+++ b/src/org/traccar/api/BaseResource.java
@@ -22,6 +22,7 @@ import java.util.Map;
import javax.ws.rs.core.SecurityContext;
import org.traccar.Context;
+import org.traccar.database.DataManager;
import org.traccar.model.BaseModel;
public class BaseResource {
@@ -44,19 +45,21 @@ public class BaseResource {
Iterator<String> iterator = entity.keySet().iterator();
String owner = iterator.next();
String property = iterator.next();
+
long ownerId = entity.get(owner);
long propertyId = entity.get(property);
- if (!link && owner.equals("userId") && property.equals("deviceId")) {
+ if (!link && DataManager.makeName(owner).equals(Context.TYPE_USER)
+ && DataManager.makeName(property).equals(Context.TYPE_DEVICE)) {
if (getUserId() != ownerId) {
Context.getPermissionsManager().checkUser(getUserId(), ownerId);
} else {
Context.getPermissionsManager().checkAdmin(getUserId());
}
} else {
- Context.getPermissionsManager().checkPermission(owner.replace("Id", ""), getUserId(), ownerId);
+ Context.getPermissionsManager().checkPermission(owner, getUserId(), ownerId);
}
- Context.getPermissionsManager().checkPermission(property.replace("Id", ""), getUserId(), propertyId);
+ Context.getPermissionsManager().checkPermission(property, getUserId(), propertyId);
Context.getDataManager().linkObject(owner, ownerId, property, propertyId, link);
}
diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java
index c6c95e05c..63cdfb2a7 100644
--- a/src/org/traccar/api/resource/AttributeResource.java
+++ b/src/org/traccar/api/resource/AttributeResource.java
@@ -128,7 +128,7 @@ public class AttributeResource extends BaseResource {
@PUT
public Response update(Attribute entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("attribute", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), entity.getId());
Context.getAttributesManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -137,7 +137,7 @@ public class AttributeResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("attribute", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), id);
Context.getAttributesManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/resource/CalendarResource.java b/src/org/traccar/api/resource/CalendarResource.java
index 0666f2fed..d29080ee2 100644
--- a/src/org/traccar/api/resource/CalendarResource.java
+++ b/src/org/traccar/api/resource/CalendarResource.java
@@ -75,7 +75,7 @@ public class CalendarResource extends BaseResource {
@PUT
public Response update(Calendar entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("calendar", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), entity.getId());
Context.getCalendarManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -84,7 +84,7 @@ public class CalendarResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("calendar", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), id);
Context.getCalendarManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/resource/DriverResource.java b/src/org/traccar/api/resource/DriverResource.java
index 749674002..b528a197a 100644
--- a/src/org/traccar/api/resource/DriverResource.java
+++ b/src/org/traccar/api/resource/DriverResource.java
@@ -95,7 +95,7 @@ public class DriverResource extends BaseResource {
@PUT
public Response update(Driver entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("driver", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), entity.getId());
Context.getDriversManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -104,7 +104,7 @@ public class DriverResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("driver", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), id);
Context.getDriversManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java
index 9b43bf4b0..85f981514 100644
--- a/src/org/traccar/api/resource/EventResource.java
+++ b/src/org/traccar/api/resource/EventResource.java
@@ -25,7 +25,7 @@ public class EventResource extends BaseResource {
Event event = Context.getDataManager().getEvent(id);
Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId());
if (event.getGeofenceId() != 0) {
- Context.getPermissionsManager().checkPermission("geofence", getUserId(), event.getGeofenceId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), event.getGeofenceId());
}
return event;
}
diff --git a/src/org/traccar/api/resource/GeofenceResource.java b/src/org/traccar/api/resource/GeofenceResource.java
index df4947a1b..c9cc72bd7 100644
--- a/src/org/traccar/api/resource/GeofenceResource.java
+++ b/src/org/traccar/api/resource/GeofenceResource.java
@@ -94,7 +94,7 @@ public class GeofenceResource extends BaseResource {
@PUT
public Response update(Geofence entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("geofence", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), entity.getId());
Context.getGeofenceManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -103,7 +103,7 @@ public class GeofenceResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("geofence", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), id);
Context.getGeofenceManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java
index 9d8167acc..3bb367ece 100644
--- a/src/org/traccar/database/DataManager.java
+++ b/src/org/traccar/database/DataManager.java
@@ -268,11 +268,11 @@ public class DataManager {
.executeUpdate());
}
- private String makeName(String object) {
+ public static String makeName(String object) {
return object.substring(0, 1).toUpperCase() + object.replace("Id", "").substring(1);
}
- private String makeNameId(String object) {
+ public static String makeNameId(String object) {
return object.substring(0, 1).toLowerCase() + object.substring(1) + (object.indexOf("Id") == -1 ? "Id" : "");
}
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index 5f83a1274..56a12e941 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -299,26 +299,26 @@ public class PermissionsManager {
public void checkPermission(String object, long userId, long objectId) throws SecurityException {
SimpleObjectManager manager = null;
- switch (object) {
- case "device":
+ switch (DataManager.makeName(object)) {
+ case Context.TYPE_DEVICE:
checkDevice(userId, objectId);
break;
- case "group":
+ case Context.TYPE_GROUP:
checkGroup(userId, objectId);
break;
- case "user":
+ case Context.TYPE_USER:
checkUser(userId, objectId);
break;
- case "geofence":
+ case Context.TYPE_GEOFENCE:
manager = Context.getGeofenceManager();
break;
- case "attribute":
+ case Context.TYPE_ATTRIBUTE:
manager = Context.getAttributesManager();
break;
- case "driver":
+ case Context.TYPE_DRIVER:
manager = Context.getDriversManager();
break;
- case "calendar":
+ case Context.TYPE_CALENDAR:
manager = Context.getCalendarManager();
break;
default: