diff options
Diffstat (limited to 'src/main/java/org/traccar/api')
3 files changed, 15 insertions, 5 deletions
diff --git a/src/main/java/org/traccar/api/ExtendedObjectResource.java b/src/main/java/org/traccar/api/ExtendedObjectResource.java index 6037118dd..e49f67bb9 100644 --- a/src/main/java/org/traccar/api/ExtendedObjectResource.java +++ b/src/main/java/org/traccar/api/ExtendedObjectResource.java @@ -44,7 +44,9 @@ public class ExtendedObjectResource<T extends BaseModel> extends BaseObjectResou var conditions = new LinkedList<Condition>(); if (all) { - permissionsService.checkAdmin(getUserId()); + if (!permissionsService.isAdmin(getUserId())) { + conditions.add(new Condition.Permission(User.class, getUserId(), baseClass)); + } } else { if (userId == 0) { conditions.add(new Condition.Permission(User.class, getUserId(), baseClass)); diff --git a/src/main/java/org/traccar/api/SimpleObjectResource.java b/src/main/java/org/traccar/api/SimpleObjectResource.java index c61101077..15a496c5f 100644 --- a/src/main/java/org/traccar/api/SimpleObjectResource.java +++ b/src/main/java/org/traccar/api/SimpleObjectResource.java @@ -41,7 +41,9 @@ public class SimpleObjectResource<T extends BaseModel> extends BaseObjectResourc var conditions = new LinkedList<Condition>(); if (all) { - permissionsService.checkAdmin(getUserId()); + if (!permissionsService.isAdmin(getUserId())) { + conditions.add(new Condition.Permission(User.class, getUserId(), baseClass)); + } } else { if (userId == 0) { userId = getUserId(); diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java index 4d5cd88ab..ac687fc1c 100644 --- a/src/main/java/org/traccar/api/security/PermissionsService.java +++ b/src/main/java/org/traccar/api/security/PermissionsService.java @@ -21,6 +21,7 @@ import org.traccar.model.Command; import org.traccar.model.Device; import org.traccar.model.Group; import org.traccar.model.GroupedModel; +import org.traccar.model.ManagedUser; import org.traccar.model.ScheduledModel; import org.traccar.model.Server; import org.traccar.model.User; @@ -60,9 +61,13 @@ public class PermissionsService { return user; } + public boolean isAdmin(long userId) throws StorageException { + return getUser(userId).getAdministrator(); + } + public void checkAdmin(long userId) throws StorageException, SecurityException { if (!getUser(userId).getAdministrator()) { - throw new SecurityException("Account is readonly"); + throw new SecurityException("Administrator access required"); } } @@ -118,7 +123,7 @@ public class PermissionsService { public void checkUser(long userId, long managedUserId) throws StorageException, SecurityException { if (userId != managedUserId && !getUser(userId).getAdministrator()) { if (!getUser(userId).getManager() - || storage.getPermissions(User.class, userId, User.class, managedUserId).isEmpty()) { + || storage.getPermissions(User.class, userId, ManagedUser.class, managedUserId).isEmpty()) { throw new SecurityException("User access denied"); } } @@ -129,7 +134,8 @@ public class PermissionsService { if (!getUser(userId).getAdministrator() && !(clazz.equals(User.class) && userId == objectId)) { var objects = storage.getObjects(clazz, new Request( new Columns.Include("id"), - new Condition.Permission(User.class, userId, clazz))); + new Condition.Permission( + User.class, userId, clazz.equals(User.class) ? ManagedUser.class : clazz))); boolean found = false; for (var object : objects) { if (object.getId() == objectId) { |