aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/BaseResource.java9
-rw-r--r--src/org/traccar/api/resource/AttributeResource.java4
-rw-r--r--src/org/traccar/api/resource/CalendarResource.java4
-rw-r--r--src/org/traccar/api/resource/DriverResource.java4
-rw-r--r--src/org/traccar/api/resource/EventResource.java2
-rw-r--r--src/org/traccar/api/resource/GeofenceResource.java4
6 files changed, 15 insertions, 12 deletions
diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java
index 9ac30f5a7..4ad1477c2 100644
--- a/src/org/traccar/api/BaseResource.java
+++ b/src/org/traccar/api/BaseResource.java
@@ -22,6 +22,7 @@ import java.util.Map;
import javax.ws.rs.core.SecurityContext;
import org.traccar.Context;
+import org.traccar.database.DataManager;
import org.traccar.model.BaseModel;
public class BaseResource {
@@ -44,19 +45,21 @@ public class BaseResource {
Iterator<String> iterator = entity.keySet().iterator();
String owner = iterator.next();
String property = iterator.next();
+
long ownerId = entity.get(owner);
long propertyId = entity.get(property);
- if (!link && owner.equals("userId") && property.equals("deviceId")) {
+ if (!link && DataManager.makeName(owner).equals(Context.TYPE_USER)
+ && DataManager.makeName(property).equals(Context.TYPE_DEVICE)) {
if (getUserId() != ownerId) {
Context.getPermissionsManager().checkUser(getUserId(), ownerId);
} else {
Context.getPermissionsManager().checkAdmin(getUserId());
}
} else {
- Context.getPermissionsManager().checkPermission(owner.replace("Id", ""), getUserId(), ownerId);
+ Context.getPermissionsManager().checkPermission(owner, getUserId(), ownerId);
}
- Context.getPermissionsManager().checkPermission(property.replace("Id", ""), getUserId(), propertyId);
+ Context.getPermissionsManager().checkPermission(property, getUserId(), propertyId);
Context.getDataManager().linkObject(owner, ownerId, property, propertyId, link);
}
diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java
index c6c95e05c..63cdfb2a7 100644
--- a/src/org/traccar/api/resource/AttributeResource.java
+++ b/src/org/traccar/api/resource/AttributeResource.java
@@ -128,7 +128,7 @@ public class AttributeResource extends BaseResource {
@PUT
public Response update(Attribute entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("attribute", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), entity.getId());
Context.getAttributesManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -137,7 +137,7 @@ public class AttributeResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("attribute", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), id);
Context.getAttributesManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/resource/CalendarResource.java b/src/org/traccar/api/resource/CalendarResource.java
index 0666f2fed..d29080ee2 100644
--- a/src/org/traccar/api/resource/CalendarResource.java
+++ b/src/org/traccar/api/resource/CalendarResource.java
@@ -75,7 +75,7 @@ public class CalendarResource extends BaseResource {
@PUT
public Response update(Calendar entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("calendar", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), entity.getId());
Context.getCalendarManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -84,7 +84,7 @@ public class CalendarResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("calendar", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), id);
Context.getCalendarManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/resource/DriverResource.java b/src/org/traccar/api/resource/DriverResource.java
index 749674002..b528a197a 100644
--- a/src/org/traccar/api/resource/DriverResource.java
+++ b/src/org/traccar/api/resource/DriverResource.java
@@ -95,7 +95,7 @@ public class DriverResource extends BaseResource {
@PUT
public Response update(Driver entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("driver", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), entity.getId());
Context.getDriversManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -104,7 +104,7 @@ public class DriverResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("driver", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), id);
Context.getDriversManager().removeItem(id);
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java
index 9b43bf4b0..85f981514 100644
--- a/src/org/traccar/api/resource/EventResource.java
+++ b/src/org/traccar/api/resource/EventResource.java
@@ -25,7 +25,7 @@ public class EventResource extends BaseResource {
Event event = Context.getDataManager().getEvent(id);
Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId());
if (event.getGeofenceId() != 0) {
- Context.getPermissionsManager().checkPermission("geofence", getUserId(), event.getGeofenceId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), event.getGeofenceId());
}
return event;
}
diff --git a/src/org/traccar/api/resource/GeofenceResource.java b/src/org/traccar/api/resource/GeofenceResource.java
index df4947a1b..c9cc72bd7 100644
--- a/src/org/traccar/api/resource/GeofenceResource.java
+++ b/src/org/traccar/api/resource/GeofenceResource.java
@@ -94,7 +94,7 @@ public class GeofenceResource extends BaseResource {
@PUT
public Response update(Geofence entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("geofence", getUserId(), entity.getId());
+ Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), entity.getId());
Context.getGeofenceManager().updateItem(entity);
return Response.ok(entity).build();
}
@@ -103,7 +103,7 @@ public class GeofenceResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
- Context.getPermissionsManager().checkPermission("geofence", getUserId(), id);
+ Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), id);
Context.getGeofenceManager().removeItem(id);
return Response.noContent().build();
}