diff options
Diffstat (limited to 'src/main/java/org/traccar/api')
12 files changed, 28 insertions, 24 deletions
diff --git a/src/main/java/org/traccar/api/BaseObjectResource.java b/src/main/java/org/traccar/api/BaseObjectResource.java index 0ec2bfeaa..904781e54 100644 --- a/src/main/java/org/traccar/api/BaseObjectResource.java +++ b/src/main/java/org/traccar/api/BaseObjectResource.java @@ -56,7 +56,7 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour public Response getSingle(@PathParam("id") long id) throws StorageException { permissionsService.checkPermission(baseClass, getUserId(), id); T entity = storage.getObject(baseClass, new Request( - new Columns.All(), new Condition.Equals("id", "id", id))); + new Columns.All(), new Condition.Equals("id", id))); if (entity != null) { return Response.ok(entity).build(); } else { @@ -86,7 +86,7 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour if (entity instanceof User) { User before = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", "id", entity.getId()))); + new Columns.All(), new Condition.Equals("id", entity.getId()))); permissionsService.checkUserUpdate(getUserId(), before, (User) entity); } else if (entity instanceof Group) { Group group = (Group) entity; @@ -97,12 +97,13 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour storage.updateObject(entity, new Request( new Columns.Exclude("id"), - new Condition.Equals("id", "id"))); + new Condition.Equals("id", entity.getId()))); if (entity instanceof User) { User user = (User) entity; if (user.getHashedPassword() != null) { storage.updateObject(entity, new Request( - new Columns.Include("hashedPassword", "salt"), new Condition.Equals("id", "id"))); + new Columns.Include("hashedPassword", "salt"), + new Condition.Equals("id", entity.getId()))); } } cacheManager.updateOrInvalidate(true, entity); @@ -117,7 +118,7 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour permissionsService.checkEdit(getUserId(), baseClass, false); permissionsService.checkPermission(baseClass, getUserId(), id); - storage.removeObject(baseClass, new Request(new Condition.Equals("id", "id", id))); + storage.removeObject(baseClass, new Request(new Condition.Equals("id", id))); cacheManager.invalidate(baseClass, id); LogAction.remove(getUserId(), baseClass, id); diff --git a/src/main/java/org/traccar/api/MediaFilter.java b/src/main/java/org/traccar/api/MediaFilter.java index 6d95c66a8..ab75bdc5d 100644 --- a/src/main/java/org/traccar/api/MediaFilter.java +++ b/src/main/java/org/traccar/api/MediaFilter.java @@ -84,7 +84,7 @@ public class MediaFilter implements Filter { String[] parts = path != null ? path.split("/") : null; if (parts != null && parts.length >= 2) { Device device = storage.getObject(Device.class, new Request( - new Columns.All(), new Condition.Equals("uniqueId", "uniqueId", parts[1]))); + new Columns.All(), new Condition.Equals("uniqueId", parts[1]))); if (device != null) { permissionsServiceProvider.get().checkPermission(Device.class, userId, device.getId()); chain.doFilter(request, response); diff --git a/src/main/java/org/traccar/api/resource/CommandResource.java b/src/main/java/org/traccar/api/resource/CommandResource.java index 92804e725..80b9fd18f 100644 --- a/src/main/java/org/traccar/api/resource/CommandResource.java +++ b/src/main/java/org/traccar/api/resource/CommandResource.java @@ -110,7 +110,7 @@ public class CommandResource extends ExtendedObjectResource<Command> { permissionsService.checkPermission(Command.class, getUserId(), entity.getId()); long deviceId = entity.getDeviceId(); entity = storage.getObject(baseClass, new Request( - new Columns.All(), new Condition.Equals("id", "id", entity.getId()))); + new Columns.All(), new Condition.Equals("id", entity.getId()))); entity.setDeviceId(deviceId); } else { permissionsService.checkRestriction(getUserId(), UserRestrictions::getLimitCommands); diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java index 1d9bc20ec..c0b0cea0d 100644 --- a/src/main/java/org/traccar/api/resource/DeviceResource.java +++ b/src/main/java/org/traccar/api/resource/DeviceResource.java @@ -84,14 +84,14 @@ public class DeviceResource extends BaseObjectResource<Device> { result.addAll(storage.getObjects(Device.class, new Request( new Columns.All(), new Condition.And( - new Condition.Equals("uniqueId", "uniqueId", uniqueId), + new Condition.Equals("uniqueId", uniqueId), new Condition.Permission(User.class, getUserId(), Device.class))))); } for (Long deviceId : deviceIds) { result.addAll(storage.getObjects(Device.class, new Request( new Columns.All(), new Condition.And( - new Condition.Equals("id", "id", deviceId), + new Condition.Equals("id", deviceId), new Condition.Permission(User.class, getUserId(), Device.class))))); } return result; @@ -142,7 +142,7 @@ public class DeviceResource extends BaseObjectResource<Device> { device.setPositionId(position.getId()); storage.updateObject(device, new Request( new Columns.Include("positionId"), - new Condition.Equals("id", "id"))); + new Condition.Equals("id", device.getId()))); try { cacheManager.addDevice(position.getDeviceId()); @@ -169,7 +169,7 @@ public class DeviceResource extends BaseObjectResource<Device> { Device device = storage.getObject(Device.class, new Request( new Columns.All(), new Condition.And( - new Condition.Equals("id", "id", deviceId), + new Condition.Equals("id", deviceId), new Condition.Permission(User.class, getUserId(), Device.class)))); if (device != null) { String name = "device"; diff --git a/src/main/java/org/traccar/api/resource/EventResource.java b/src/main/java/org/traccar/api/resource/EventResource.java index 3870e9af9..afdaf52b5 100644 --- a/src/main/java/org/traccar/api/resource/EventResource.java +++ b/src/main/java/org/traccar/api/resource/EventResource.java @@ -41,7 +41,7 @@ public class EventResource extends BaseResource { @GET public Event get(@PathParam("id") long id) throws StorageException { Event event = storage.getObject(Event.class, new Request( - new Columns.All(), new Condition.Equals("id", "id", id))); + new Columns.All(), new Condition.Equals("id", id))); if (event == null) { throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); } diff --git a/src/main/java/org/traccar/api/resource/PasswordResource.java b/src/main/java/org/traccar/api/resource/PasswordResource.java index 625ff4cb1..ebf4e3b91 100644 --- a/src/main/java/org/traccar/api/resource/PasswordResource.java +++ b/src/main/java/org/traccar/api/resource/PasswordResource.java @@ -59,7 +59,7 @@ public class PasswordResource extends BaseResource { throws StorageException, MessagingException, GeneralSecurityException, IOException { User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("email", "email", email))); + new Columns.All(), new Condition.Equals("email", email))); if (user != null) { var velocityContext = textTemplateFormatter.prepareContext(permissionsService.getServer(), user); velocityContext.put("token", tokenManager.generateToken(user.getId())); @@ -78,11 +78,12 @@ public class PasswordResource extends BaseResource { long userId = tokenManager.verifyToken(token); User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", "id", userId))); + new Columns.All(), new Condition.Equals("id", userId))); if (user != null) { user.setPassword(password); storage.updateObject(user, new Request( - new Columns.Include("hashedPassword", "salt"), new Condition.Equals("id", "id"))); + new Columns.Include("hashedPassword", "salt"), + new Condition.Equals("id", userId))); return Response.ok().build(); } return Response.status(Response.Status.NOT_FOUND).build(); diff --git a/src/main/java/org/traccar/api/resource/PositionResource.java b/src/main/java/org/traccar/api/resource/PositionResource.java index 7d7921085..042dd1e23 100644 --- a/src/main/java/org/traccar/api/resource/PositionResource.java +++ b/src/main/java/org/traccar/api/resource/PositionResource.java @@ -67,7 +67,7 @@ public class PositionResource extends BaseResource { var positions = new ArrayList<Position>(); for (long positionId : positionIds) { Position position = storage.getObject(Position.class, new Request( - new Columns.All(), new Condition.Equals("id", "id", positionId))); + new Columns.All(), new Condition.Equals("id", positionId))); permissionsService.checkPermission(Device.class, getUserId(), position.getDeviceId()); positions.add(position); } diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java index e35cd7d95..e7f0b93ca 100644 --- a/src/main/java/org/traccar/api/resource/ServerResource.java +++ b/src/main/java/org/traccar/api/resource/ServerResource.java @@ -76,7 +76,7 @@ public class ServerResource extends BaseResource { permissionsService.checkAdmin(getUserId()); storage.updateObject(entity, new Request( new Columns.Exclude("id"), - new Condition.Equals("id", "id"))); + new Condition.Equals("id", entity.getId()))); cacheManager.updateOrInvalidate(true, entity); LogAction.edit(getUserId(), entity); return Response.ok(entity).build(); diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 05f492d73..1e984fbd0 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -122,7 +122,7 @@ public class SessionResource extends BaseResource { public User get(@PathParam("id") long userId) throws StorageException { permissionsService.checkAdmin(getUserId()); User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", "id", userId))); + new Columns.All(), new Condition.Equals("id", userId))); request.getSession().setAttribute(USER_ID_KEY, user.getId()); LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); return user; diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java index dd71de4c6..91875ef51 100644 --- a/src/main/java/org/traccar/api/resource/UserResource.java +++ b/src/main/java/org/traccar/api/resource/UserResource.java @@ -100,7 +100,8 @@ public class UserResource extends BaseObjectResource<User> { entity.setId(storage.addObject(entity, new Request(new Columns.Exclude("id")))); storage.updateObject(entity, new Request( - new Columns.Include("hashedPassword", "salt"), new Condition.Equals("id", "id"))); + new Columns.Include("hashedPassword", "salt"), + new Condition.Equals("id", entity.getId()))); LogAction.create(getUserId(), entity); diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index 32487f06b..88bafcfb5 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -58,7 +58,7 @@ public class LoginService { } long userId = tokenManager.verifyToken(token); User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", "id", userId))); + new Columns.All(), new Condition.Equals("id", userId))); if (user != null) { checkUserEnabled(user); } @@ -66,11 +66,12 @@ public class LoginService { } public User login(String email, String password) throws StorageException { + email = email.trim(); User user = storage.getObject(User.class, new Request( new Columns.All(), new Condition.Or( - new Condition.Equals("email", "email", email.trim()), - new Condition.Equals("login", "email")))); + new Condition.Equals("email", email), + new Condition.Equals("login", email)))); if (user != null) { if (ldapProvider != null && user.getLogin() != null && ldapProvider.login(user.getLogin(), password) || !forceLdap && user.isPasswordValid(password)) { diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java index ddfaaab94..0d4877fdb 100644 --- a/src/main/java/org/traccar/api/security/PermissionsService.java +++ b/src/main/java/org/traccar/api/security/PermissionsService.java @@ -62,7 +62,7 @@ public class PermissionsService { user = new ServiceAccountUser(); } else { user = storage.getObject( - User.class, new Request(new Columns.All(), new Condition.Equals("id", "id", userId))); + User.class, new Request(new Columns.All(), new Condition.Equals("id", userId))); } } return user; @@ -187,7 +187,7 @@ public class PermissionsService { var object = storage.getObject(clazz, new Request( new Columns.Include("id"), new Condition.And( - new Condition.Equals("id", "id", objectId), + new Condition.Equals("id", objectId), new Condition.Permission( User.class, userId, clazz.equals(User.class) ? ManagedUser.class : clazz)))); if (object == null) { |