1 files changed, 74 insertions, 15 deletions

diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java
index c0b0cea0d..89bba7237 100644
--- a/src/main/java/org/traccar/api/resource/DeviceResource.java
+++ b/src/main/java/org/traccar/api/resource/DeviceResource.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2024 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,12 +15,17 @@
  */
 package org.traccar.api.resource;
 
+import jakarta.ws.rs.FormParam;
 import org.traccar.api.BaseObjectResource;
+import org.traccar.api.signature.TokenManager;
 import org.traccar.broadcast.BroadcastService;
+import org.traccar.config.Config;
+import org.traccar.config.Keys;
 import org.traccar.database.MediaManager;
 import org.traccar.helper.LogAction;
 import org.traccar.model.Device;
 import org.traccar.model.DeviceAccumulators;
+import org.traccar.model.Permission;
 import org.traccar.model.Position;
 import org.traccar.model.User;
 import org.traccar.session.ConnectionManager;
@@ -30,23 +35,25 @@ import org.traccar.storage.query.Columns;
 import org.traccar.storage.query.Condition;
 import org.traccar.storage.query.Request;
 
-import javax.inject.Inject;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.PUT;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.util.Collection;
+import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -56,6 +63,9 @@ import java.util.List;
 public class DeviceResource extends BaseObjectResource<Device> {
 
     @Inject
+    private Config config;
+
+    @Inject
     private CacheManager cacheManager;
 
     @Inject
@@ -67,6 +77,9 @@ public class DeviceResource extends BaseObjectResource<Device> {
     @Inject
     private MediaManager mediaManager;
 
+    @Inject
+    private TokenManager tokenManager;
+
     public DeviceResource() {
         super(Device.class);
     }
@@ -120,7 +133,7 @@ public class DeviceResource extends BaseObjectResource<Device> {
 
     @Path("{id}/accumulators")
     @PUT
-    public Response updateAccumulators(DeviceAccumulators entity) throws StorageException {
+    public Response updateAccumulators(DeviceAccumulators entity) throws Exception {
         if (permissionsService.notAdmin(getUserId())) {
             permissionsService.checkManager(getUserId());
             permissionsService.checkPermission(Device.class, getUserId(), entity.getDeviceId());
@@ -183,4 +196,50 @@ public class DeviceResource extends BaseObjectResource<Device> {
         return Response.status(Response.Status.NOT_FOUND).build();
     }
 
+    @Path("share")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @POST
+    public String shareDevice(
+            @FormParam("deviceId") long deviceId,
+            @FormParam("expiration") Date expiration) throws StorageException, GeneralSecurityException, IOException {
+
+        User user = permissionsService.getUser(getUserId());
+        if (permissionsService.getServer().getBoolean(Keys.DEVICE_SHARE_DISABLE.getKey())) {
+            throw new SecurityException("Sharing is disabled");
+        }
+        if (user.getTemporary()) {
+            throw new SecurityException("Temporary user");
+        }
+        if (user.getExpirationTime() != null && user.getExpirationTime().before(expiration)) {
+            expiration = user.getExpirationTime();
+        }
+
+        Device device = storage.getObject(Device.class, new Request(
+                new Columns.All(),
+                new Condition.And(
+                        new Condition.Equals("id", deviceId),
+                        new Condition.Permission(User.class, user.getId(), Device.class))));
+
+        String shareEmail = user.getEmail() + ":" + device.getUniqueId();
+        User share = storage.getObject(User.class, new Request(
+                new Columns.All(), new Condition.Equals("email", shareEmail)));
+
+        if (share == null) {
+            share = new User();
+            share.setName(device.getName());
+            share.setEmail(shareEmail);
+            share.setExpirationTime(expiration);
+            share.setTemporary(true);
+            share.setReadonly(true);
+            share.setLimitCommands(user.getLimitCommands() || !config.getBoolean(Keys.WEB_SHARE_DEVICE_COMMANDS));
+            share.setDisableReports(user.getDisableReports() || !config.getBoolean(Keys.WEB_SHARE_DEVICE_REPORTS));
+
+            share.setId(storage.addObject(share, new Request(new Columns.Exclude("id"))));
+
+            storage.addPermission(new Permission(User.class, share.getId(), Device.class, deviceId));
+        }
+
+        return tokenManager.generateToken(share.getId(), expiration);
+    }
+
 }