aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/MediaFilter.java41
1 files changed, 15 insertions, 26 deletions
diff --git a/src/org/traccar/api/MediaFilter.java b/src/org/traccar/api/MediaFilter.java
index c07175d40..b3dcbbd66 100644
--- a/src/org/traccar/api/MediaFilter.java
+++ b/src/org/traccar/api/MediaFilter.java
@@ -36,24 +36,8 @@ import org.traccar.model.Device;
public class MediaFilter implements Filter {
- private boolean dirAllowed;
-
@Override
public void init(FilterConfig filterConfig) throws ServletException {
- dirAllowed = Context.getConfig().getBoolean("media.dirAllowed");
- }
-
- private static void formatError(HttpServletResponse response, Exception e) throws IOException {
- if (e instanceof SecurityException) {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- } else if (e instanceof IllegalArgumentException) {
- response.setStatus(HttpServletResponse.SC_NOT_FOUND);
- } else if (e instanceof NotAuthorizedException) {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- } else {
- response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- }
- response.getWriter().println(Log.exceptionStack(e));
}
@Override
@@ -73,15 +57,10 @@ public class MediaFilter implements Filter {
throw new NotAuthorizedException("Not authorized");
}
- String[] parts = ((HttpServletRequest) request).getPathInfo().split("/");
- if (parts.length < 2) {
- if (dirAllowed) {
- Context.getPermissionsManager().checkAdmin(userId);
- } else {
- throw new SecurityException("Wrong path");
- }
- } else if (parts.length == 2 && !dirAllowed) {
- throw new SecurityException("Wrong path");
+ String path = ((HttpServletRequest) request).getPathInfo();
+ String[] parts = path.split("/");
+ if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) {
+ Context.getPermissionsManager().checkAdmin(userId);
} else {
Device device = Context.getIdentityManager().getByUniqueId(parts[1]);
if (device != null) {
@@ -93,7 +72,17 @@ public class MediaFilter implements Filter {
chain.doFilter(request, response);
} catch (Exception e) {
- formatError((HttpServletResponse) response, e);
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ if (e instanceof SecurityException) {
+ httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ } else if (e instanceof IllegalArgumentException) {
+ httpResponse.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ } else if (e instanceof NotAuthorizedException) {
+ httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ } else {
+ httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ }
+ response.getWriter().println(Log.exceptionStack(e));
}
}