diff options
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r-- | src/org/traccar/api/BaseResource.java | 9 | ||||
-rw-r--r-- | src/org/traccar/api/resource/AttributeResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/CalendarResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/DriverResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/EventResource.java | 2 | ||||
-rw-r--r-- | src/org/traccar/api/resource/GeofenceResource.java | 4 |
6 files changed, 15 insertions, 12 deletions
diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java index 9ac30f5a7..4ad1477c2 100644 --- a/src/org/traccar/api/BaseResource.java +++ b/src/org/traccar/api/BaseResource.java @@ -22,6 +22,7 @@ import java.util.Map; import javax.ws.rs.core.SecurityContext; import org.traccar.Context; +import org.traccar.database.DataManager; import org.traccar.model.BaseModel; public class BaseResource { @@ -44,19 +45,21 @@ public class BaseResource { Iterator<String> iterator = entity.keySet().iterator(); String owner = iterator.next(); String property = iterator.next(); + long ownerId = entity.get(owner); long propertyId = entity.get(property); - if (!link && owner.equals("userId") && property.equals("deviceId")) { + if (!link && DataManager.makeName(owner).equals(Context.TYPE_USER) + && DataManager.makeName(property).equals(Context.TYPE_DEVICE)) { if (getUserId() != ownerId) { Context.getPermissionsManager().checkUser(getUserId(), ownerId); } else { Context.getPermissionsManager().checkAdmin(getUserId()); } } else { - Context.getPermissionsManager().checkPermission(owner.replace("Id", ""), getUserId(), ownerId); + Context.getPermissionsManager().checkPermission(owner, getUserId(), ownerId); } - Context.getPermissionsManager().checkPermission(property.replace("Id", ""), getUserId(), propertyId); + Context.getPermissionsManager().checkPermission(property, getUserId(), propertyId); Context.getDataManager().linkObject(owner, ownerId, property, propertyId, link); } diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java index c6c95e05c..63cdfb2a7 100644 --- a/src/org/traccar/api/resource/AttributeResource.java +++ b/src/org/traccar/api/resource/AttributeResource.java @@ -128,7 +128,7 @@ public class AttributeResource extends BaseResource { @PUT public Response update(Attribute entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("attribute", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), entity.getId()); Context.getAttributesManager().updateItem(entity); return Response.ok(entity).build(); } @@ -137,7 +137,7 @@ public class AttributeResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("attribute", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), id); Context.getAttributesManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/CalendarResource.java b/src/org/traccar/api/resource/CalendarResource.java index 0666f2fed..d29080ee2 100644 --- a/src/org/traccar/api/resource/CalendarResource.java +++ b/src/org/traccar/api/resource/CalendarResource.java @@ -75,7 +75,7 @@ public class CalendarResource extends BaseResource { @PUT public Response update(Calendar entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("calendar", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), entity.getId()); Context.getCalendarManager().updateItem(entity); return Response.ok(entity).build(); } @@ -84,7 +84,7 @@ public class CalendarResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("calendar", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), id); Context.getCalendarManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/DriverResource.java b/src/org/traccar/api/resource/DriverResource.java index 749674002..b528a197a 100644 --- a/src/org/traccar/api/resource/DriverResource.java +++ b/src/org/traccar/api/resource/DriverResource.java @@ -95,7 +95,7 @@ public class DriverResource extends BaseResource { @PUT public Response update(Driver entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("driver", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), entity.getId()); Context.getDriversManager().updateItem(entity); return Response.ok(entity).build(); } @@ -104,7 +104,7 @@ public class DriverResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("driver", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), id); Context.getDriversManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java index 9b43bf4b0..85f981514 100644 --- a/src/org/traccar/api/resource/EventResource.java +++ b/src/org/traccar/api/resource/EventResource.java @@ -25,7 +25,7 @@ public class EventResource extends BaseResource { Event event = Context.getDataManager().getEvent(id); Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId()); if (event.getGeofenceId() != 0) { - Context.getPermissionsManager().checkPermission("geofence", getUserId(), event.getGeofenceId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), event.getGeofenceId()); } return event; } diff --git a/src/org/traccar/api/resource/GeofenceResource.java b/src/org/traccar/api/resource/GeofenceResource.java index df4947a1b..c9cc72bd7 100644 --- a/src/org/traccar/api/resource/GeofenceResource.java +++ b/src/org/traccar/api/resource/GeofenceResource.java @@ -94,7 +94,7 @@ public class GeofenceResource extends BaseResource { @PUT public Response update(Geofence entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("geofence", getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), entity.getId()); Context.getGeofenceManager().updateItem(entity); return Response.ok(entity).build(); } @@ -103,7 +103,7 @@ public class GeofenceResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission("geofence", getUserId(), id); + Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), id); Context.getGeofenceManager().removeItem(id); return Response.noContent().build(); } |