diff options
Diffstat (limited to 'src/org/traccar/api/resource')
-rw-r--r-- | src/org/traccar/api/resource/DeviceResource.java | 7 | ||||
-rw-r--r-- | src/org/traccar/api/resource/SessionResource.java | 12 | ||||
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 13 |
3 files changed, 26 insertions, 6 deletions
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index f20ed86ad..0b389ede1 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -58,6 +58,13 @@ public class DeviceResource extends BaseResource { @POST public Response add(Device entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + int deviceLimit = Context.getPermissionsManager().getUser(getUserId()).getDeviceLimit(); + if (deviceLimit != 0) { + int deviceCount = Context.getPermissionsManager().getDevicePermissions(getUserId()).size(); + if (deviceCount >= deviceLimit) { + throw new SecurityException("User device limit reached"); + } + } Context.getDeviceManager().addDevice(entity); Context.getDataManager().linkDevice(getUserId(), entity.getId()); Context.getPermissionsManager().refreshPermissions(); diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java index 2847e41c1..996865c4b 100644 --- a/src/org/traccar/api/resource/SessionResource.java +++ b/src/org/traccar/api/resource/SessionResource.java @@ -29,6 +29,7 @@ import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -48,7 +49,7 @@ public class SessionResource extends BaseResource { @PermitAll @GET - public User get() throws SQLException { + public User get(@QueryParam("token") String token) throws SQLException { Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); if (userId == null) { Cookie[] cookies = request.getCookies(); @@ -64,7 +65,13 @@ public class SessionResource extends BaseResource { } } if (email != null && password != null) { - User user = Context.getDataManager().login(email, password); + User user = Context.getPermissionsManager().login(email, password); + if (user != null) { + userId = user.getId(); + request.getSession().setAttribute(USER_ID_KEY, userId); + } + } else if (token != null) { + User user = Context.getPermissionsManager().getUserByToken(token); if (user != null) { userId = user.getId(); request.getSession().setAttribute(USER_ID_KEY, userId); @@ -73,6 +80,7 @@ public class SessionResource extends BaseResource { } if (userId != null) { + Context.getPermissionsManager().checkUser(userId); return Context.getPermissionsManager().getUser(userId); } else { throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index f0a8597cc..2ff1639f6 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -60,13 +60,18 @@ public class UserResource extends BaseResource { @Path("{id}") @PUT public Response update(@PathParam("id") long id, User entity) throws SQLException { - if (entity.getAdmin()) { + User old = Context.getPermissionsManager().getUser(entity.getId()); + if (old.getExpirationTime() == null && entity.getExpirationTime() != null + || old.getExpirationTime() != null && !old.getExpirationTime().equals(entity.getExpirationTime()) + || old.getAdmin() != entity.getAdmin() + || old.getReadonly() != entity.getReadonly() + || old.getDisabled() != entity.getDisabled() + || old.getDeviceLimit() != entity.getDeviceLimit() + || old.getToken() == null && entity.getToken() != null + || old.getToken() != null && !old.getToken().equals(entity.getToken())) { Context.getPermissionsManager().checkAdmin(getUserId()); } else { Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); - if (!entity.getReadonly()) { - Context.getPermissionsManager().checkReadonly(entity.getId()); - } } Context.getPermissionsManager().updateUser(entity); if (Context.getNotificationManager() != null) { |