diff options
-rw-r--r-- | src/org/traccar/Context.java | 8 | ||||
-rw-r--r-- | src/org/traccar/api/BaseResource.java | 9 | ||||
-rw-r--r-- | src/org/traccar/api/resource/AttributeResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/CalendarResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/DriverResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/EventResource.java | 2 | ||||
-rw-r--r-- | src/org/traccar/api/resource/GeofenceResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/database/DataManager.java | 4 | ||||
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 16 |
9 files changed, 33 insertions, 22 deletions
diff --git a/src/org/traccar/Context.java b/src/org/traccar/Context.java index a4fc5b679..57c6bc908 100644 --- a/src/org/traccar/Context.java +++ b/src/org/traccar/Context.java @@ -59,6 +59,14 @@ import org.traccar.web.WebServer; public final class Context { + public static final String TYPE_USER = "User"; + public static final String TYPE_DEVICE = "Device"; + public static final String TYPE_GROUP = "Group"; + public static final String TYPE_GEOFENCE = "Geofence"; + public static final String TYPE_CALENDAR = "Calendar"; + public static final String TYPE_ATTRIBUTE = "Attribute"; + public static final String TYPE_DRIVER = "Driver"; + private Context() { } diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java index 9ac30f5a7..4ad1477c2 100644 --- a/src/org/traccar/api/BaseResource.java +++ b/src/org/traccar/api/BaseResource.java @@ -22,6 +22,7 @@ import java.util.Map; import javax.ws.rs.core.SecurityContext; import org.traccar.Context; +import org.traccar.database.DataManager; import org.traccar.model.BaseModel; public class BaseResource { @@ -44,19 +45,21 @@ public class BaseResource { Iterator<String> iterator = entity.keySet().iterator(); String owner = iterator.next(); String property = iterator.next(); + long ownerId = entity.get(owner); long propertyId = entity.get(property); - if (!link && owner.equals("userId") && property.equals("deviceId")) { + if (!link && DataManager.makeName(owner).equals(Context.TYPE_USER) + && DataManager.makeName(property).equals(Context.TYPE_DEVICE)) { if (getUserId() != ownerId) { Context.getPermissionsManager().checkUser(getUserId(), ownerId); } else { Context.getPermissionsManager().checkAdmin(getUserId()); } } else { - Context.getPermissionsManager().checkPermission(owner.replace("Id", ""), getUserId(), ownerId); + Context.getPermissionsManager().checkPermission(owner, getUserId(), ownerId); } - Context.getPermissionsManager().checkPermission(property.replace("Id", ""), getUserId(), propertyId); + Context.getPermissionsManager().checkPermission(property, getUserId(), propertyId); Context.getDataManager().linkObject(owner, ownerId, property, propertyId, link); } diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java index c6c95e05c..63cdfb2a7 100644 --- a/src/org/traccar/api/resource/AttributeResource.java +++ b/src/org/traccar/api/resource/AttributeResource.java @@ -128,7 +128,7 @@ public class AttributeResource extends BaseResource { @PUT public Response update(Attribute entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("attribute", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), entity.getId()); Context.getAttributesManager().updateItem(entity); return Response.ok(entity).build(); } @@ -137,7 +137,7 @@ public class AttributeResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("attribute", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), id); Context.getAttributesManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/CalendarResource.java b/src/org/traccar/api/resource/CalendarResource.java index 0666f2fed..d29080ee2 100644 --- a/src/org/traccar/api/resource/CalendarResource.java +++ b/src/org/traccar/api/resource/CalendarResource.java @@ -75,7 +75,7 @@ public class CalendarResource extends BaseResource { @PUT public Response update(Calendar entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("calendar", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), entity.getId()); Context.getCalendarManager().updateItem(entity); return Response.ok(entity).build(); } @@ -84,7 +84,7 @@ public class CalendarResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("calendar", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), id); Context.getCalendarManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/DriverResource.java b/src/org/traccar/api/resource/DriverResource.java index 749674002..b528a197a 100644 --- a/src/org/traccar/api/resource/DriverResource.java +++ b/src/org/traccar/api/resource/DriverResource.java @@ -95,7 +95,7 @@ public class DriverResource extends BaseResource { @PUT public Response update(Driver entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("driver", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), entity.getId()); Context.getDriversManager().updateItem(entity); return Response.ok(entity).build(); } @@ -104,7 +104,7 @@ public class DriverResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("driver", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), id); Context.getDriversManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java index 9b43bf4b0..85f981514 100644 --- a/src/org/traccar/api/resource/EventResource.java +++ b/src/org/traccar/api/resource/EventResource.java @@ -25,7 +25,7 @@ public class EventResource extends BaseResource { Event event = Context.getDataManager().getEvent(id); Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId()); if (event.getGeofenceId() != 0) { - Context.getPermissionsManager().checkPermission("geofence", getUserId(), event.getGeofenceId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), event.getGeofenceId()); } return event; } diff --git a/src/org/traccar/api/resource/GeofenceResource.java b/src/org/traccar/api/resource/GeofenceResource.java index df4947a1b..c9cc72bd7 100644 --- a/src/org/traccar/api/resource/GeofenceResource.java +++ b/src/org/traccar/api/resource/GeofenceResource.java @@ -94,7 +94,7 @@ public class GeofenceResource extends BaseResource { @PUT public Response update(Geofence entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("geofence", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), entity.getId()); Context.getGeofenceManager().updateItem(entity); return Response.ok(entity).build(); } @@ -103,7 +103,7 @@ public class GeofenceResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("geofence", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), id); Context.getGeofenceManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index 9d8167acc..3bb367ece 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -268,11 +268,11 @@ public class DataManager { .executeUpdate()); } - private String makeName(String object) { + public static String makeName(String object) { return object.substring(0, 1).toUpperCase() + object.replace("Id", "").substring(1); } - private String makeNameId(String object) { + public static String makeNameId(String object) { return object.substring(0, 1).toLowerCase() + object.substring(1) + (object.indexOf("Id") == -1 ? "Id" : ""); } diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 5f83a1274..56a12e941 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -299,26 +299,26 @@ public class PermissionsManager { public void checkPermission(String object, long userId, long objectId) throws SecurityException { SimpleObjectManager manager = null; - switch (object) { - case "device": + switch (DataManager.makeName(object)) { + case Context.TYPE_DEVICE: checkDevice(userId, objectId); break; - case "group": + case Context.TYPE_GROUP: checkGroup(userId, objectId); break; - case "user": + case Context.TYPE_USER: checkUser(userId, objectId); break; - case "geofence": + case Context.TYPE_GEOFENCE: manager = Context.getGeofenceManager(); break; - case "attribute": + case Context.TYPE_ATTRIBUTE: manager = Context.getAttributesManager(); break; - case "driver": + case Context.TYPE_DRIVER: manager = Context.getDriversManager(); break; - case "calendar": + case Context.TYPE_CALENDAR: manager = Context.getCalendarManager(); break; default: |