aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/BaseObjectResource.java26
-rw-r--r--src/org/traccar/api/MediaFilter.java90
-rw-r--r--src/org/traccar/api/SecurityRequestFilter.java4
-rw-r--r--src/org/traccar/api/resource/AttributeResource.java6
-rw-r--r--src/org/traccar/api/resource/DeviceResource.java7
-rw-r--r--src/org/traccar/api/resource/EventResource.java4
-rw-r--r--src/org/traccar/api/resource/MaintenanceResource.java36
-rw-r--r--src/org/traccar/api/resource/SessionResource.java17
8 files changed, 173 insertions, 17 deletions
diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java
index 806c78624..7de6a3877 100644
--- a/src/org/traccar/api/BaseObjectResource.java
+++ b/src/org/traccar/api/BaseObjectResource.java
@@ -1,6 +1,6 @@
/*
- * Copyright 2017 Anton Tananaev (anton@traccar.org)
- * Copyright 2017 Andrey Kunitsyn (andrey@traccar.org)
+ * Copyright 2017 - 2018 Anton Tananaev (anton@traccar.org)
+ * Copyright 2017 - 2018 Andrey Kunitsyn (andrey@traccar.org)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -33,9 +33,12 @@ import org.traccar.database.ManagableObjects;
import org.traccar.database.SimpleObjectManager;
import org.traccar.helper.LogAction;
import org.traccar.model.BaseModel;
+import org.traccar.model.Calendar;
import org.traccar.model.Command;
import org.traccar.model.Device;
import org.traccar.model.Group;
+import org.traccar.model.GroupedModel;
+import org.traccar.model.ScheduledModel;
import org.traccar.model.User;
public abstract class BaseObjectResource<T extends BaseModel> extends BaseResource {
@@ -77,6 +80,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
Context.getPermissionsManager().checkDeviceLimit(getUserId());
} else if (baseClass.equals(Command.class)) {
Context.getPermissionsManager().checkLimitCommands(getUserId());
+ } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Group.class, getUserId(), ((GroupedModel) entity).getGroupId());
+ } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId());
}
BaseObjectManager<T> manager = Context.getManager(baseClass);
@@ -106,6 +115,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity);
} else if (baseClass.equals(Command.class)) {
Context.getPermissionsManager().checkLimitCommands(getUserId());
+ } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Group.class, getUserId(), ((GroupedModel) entity).getGroupId());
+ } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId());
}
Context.getPermissionsManager().checkPermission(baseClass, getUserId(), entity.getId());
@@ -141,12 +156,19 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
}
}
if (baseClass.equals(Group.class) || baseClass.equals(Device.class) || baseClass.equals(User.class)) {
+ if (baseClass.equals(Group.class)) {
+ Context.getGroupsManager().updateGroupCache(true);
+ Context.getDeviceManager().updateDeviceCache(true);
+ }
Context.getPermissionsManager().refreshDeviceAndGroupPermissions();
if (baseClass.equals(User.class)) {
Context.getPermissionsManager().refreshAllUsersPermissions();
} else {
Context.getPermissionsManager().refreshAllExtendedPermissions();
}
+ } else if (baseClass.equals(Calendar.class)) {
+ Context.getGeofenceManager().refreshItems();
+ Context.getNotificationManager().refreshItems();
}
return Response.noContent().build();
}
diff --git a/src/org/traccar/api/MediaFilter.java b/src/org/traccar/api/MediaFilter.java
new file mode 100644
index 000000000..25e242b01
--- /dev/null
+++ b/src/org/traccar/api/MediaFilter.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2018 Anton Tananaev (anton@traccar.org)
+ * Copyright 2018 Andrey Kunitsyn (andrey@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.api;
+
+import java.io.IOException;
+import java.sql.SQLException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.traccar.Context;
+import org.traccar.api.resource.SessionResource;
+import org.traccar.helper.Log;
+import org.traccar.model.Device;
+
+public class MediaFilter implements Filter {
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ try {
+ HttpSession session = ((HttpServletRequest) request).getSession(false);
+ Long userId = null;
+ if (session != null) {
+ userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY);
+ if (userId != null) {
+ Context.getPermissionsManager().checkUserEnabled(userId);
+ Context.getStatisticsManager().registerRequest(userId);
+ }
+ }
+ if (userId == null) {
+ httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ return;
+ }
+
+ String path = ((HttpServletRequest) request).getPathInfo();
+ String[] parts = path.split("/");
+ if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) {
+ Context.getPermissionsManager().checkAdmin(userId);
+ } else {
+ Device device = Context.getDeviceManager().getByUniqueId(parts[1]);
+ if (device != null) {
+ Context.getPermissionsManager().checkDevice(userId, device.getId());
+ } else {
+ httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
+ return;
+ }
+ }
+
+ chain.doFilter(request, response);
+ } catch (SecurityException e) {
+ httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ httpResponse.getWriter().println(Log.exceptionStack(e));
+ } catch (SQLException e) {
+ httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ httpResponse.getWriter().println(Log.exceptionStack(e));
+ }
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+}
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index 7024bdbc9..aace9f705 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -17,6 +17,7 @@ package org.traccar.api;
import org.traccar.Context;
import org.traccar.api.resource.SessionResource;
+import org.traccar.helper.DataConverter;
import org.traccar.helper.Log;
import org.traccar.model.User;
@@ -28,7 +29,6 @@ import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
-import javax.xml.bind.DatatypeConverter;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
@@ -43,7 +43,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
public static String[] decodeBasicAuth(String auth) {
auth = auth.replaceFirst("[B|b]asic ", "");
- byte[] decodedBytes = DatatypeConverter.parseBase64Binary(auth);
+ byte[] decodedBytes = DataConverter.parseBase64(auth);
if (decodedBytes != null && decodedBytes.length > 0) {
return new String(decodedBytes, StandardCharsets.US_ASCII).split(":", 2);
}
diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java
index 26a1f6931..8f0bac473 100644
--- a/src/org/traccar/api/resource/AttributeResource.java
+++ b/src/org/traccar/api/resource/AttributeResource.java
@@ -52,9 +52,11 @@ public class AttributeResource extends ExtendedObjectResource<Attribute> {
if (result != null) {
switch (entity.getType()) {
case "number":
- return Response.ok((Number) result).build();
+ Number numberValue = (Number) result;
+ return Response.ok(numberValue).build();
case "boolean":
- return Response.ok((Boolean) result).build();
+ Boolean booleanValue = (Boolean) result;
+ return Response.ok(booleanValue).build();
default:
return Response.ok(result.toString()).build();
}
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index 0ea532567..87927e45b 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -71,7 +71,7 @@ public class DeviceResource extends BaseObjectResource<Device> {
result = deviceManager.getUserItems(userId);
}
} else {
- result = new HashSet<Long>();
+ result = new HashSet<>();
for (String uniqueId : uniqueIds) {
Device device = deviceManager.getByUniqueId(uniqueId);
Context.getPermissionsManager().checkDevice(getUserId(), device.getId());
@@ -88,7 +88,10 @@ public class DeviceResource extends BaseObjectResource<Device> {
@Path("{id}/distance")
@PUT
public Response updateTotalDistance(DeviceTotalDistance entity) throws SQLException {
- Context.getPermissionsManager().checkAdmin(getUserId());
+ if (!Context.getPermissionsManager().getUserAdmin(getUserId())) {
+ Context.getPermissionsManager().checkManager(getUserId());
+ Context.getPermissionsManager().checkPermission(Device.class, getUserId(), entity.getDeviceId());
+ }
Context.getDeviceManager().resetTotalDistance(entity);
LogAction.resetTotalDistance(getUserId(), entity.getDeviceId());
return Response.noContent().build();
diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java
index a7cf9edbd..e0ccf7020 100644
--- a/src/org/traccar/api/resource/EventResource.java
+++ b/src/org/traccar/api/resource/EventResource.java
@@ -13,6 +13,7 @@ import org.traccar.Context;
import org.traccar.api.BaseResource;
import org.traccar.model.Event;
import org.traccar.model.Geofence;
+import org.traccar.model.Maintenance;
@Path("events")
@Produces(MediaType.APPLICATION_JSON)
@@ -28,6 +29,9 @@ public class EventResource extends BaseResource {
if (event.getGeofenceId() != 0) {
Context.getPermissionsManager().checkPermission(Geofence.class, getUserId(), event.getGeofenceId());
}
+ if (event.getMaintenanceId() != 0) {
+ Context.getPermissionsManager().checkPermission(Maintenance.class, getUserId(), event.getMaintenanceId());
+ }
return event;
}
diff --git a/src/org/traccar/api/resource/MaintenanceResource.java b/src/org/traccar/api/resource/MaintenanceResource.java
new file mode 100644
index 000000000..b3726b429
--- /dev/null
+++ b/src/org/traccar/api/resource/MaintenanceResource.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2018 Anton Tananaev (anton@traccar.org)
+ * Copyright 2018 Andrey Kunitsyn (andrey@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.api.resource;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import org.traccar.api.ExtendedObjectResource;
+import org.traccar.model.Maintenance;
+
+@Path("maintenances")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class MaintenanceResource extends ExtendedObjectResource<Maintenance> {
+
+ public MaintenanceResource() {
+ super(Maintenance.class);
+ }
+
+}
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 3f7842626..fd331c766 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -17,6 +17,7 @@ package org.traccar.api.resource;
import org.traccar.Context;
import org.traccar.api.BaseResource;
+import org.traccar.helper.DataConverter;
import org.traccar.helper.LogAction;
import org.traccar.model.User;
@@ -34,7 +35,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import javax.xml.bind.DatatypeConverter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
@@ -61,15 +61,14 @@ public class SessionResource extends BaseResource {
Cookie[] cookies = request.getCookies();
String email = null, password = null;
if (cookies != null) {
- for (int i = 0; i < cookies.length; i++) {
- if (cookies[i].getName().equals(USER_COOKIE_KEY)) {
- byte[] emailBytes = DatatypeConverter.parseBase64Binary(
- URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name()));
+ for (Cookie cookie : cookies) {
+ if (cookie.getName().equals(USER_COOKIE_KEY)) {
+ byte[] emailBytes = DataConverter.parseBase64(
+ URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name()));
email = new String(emailBytes, StandardCharsets.UTF_8);
- }
- if (cookies[i].getName().equals(PASS_COOKIE_KEY)) {
- byte[] passwordBytes = DatatypeConverter.parseBase64Binary(
- URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name()));
+ } else if (cookie.getName().equals(PASS_COOKIE_KEY)) {
+ byte[] passwordBytes = DataConverter.parseBase64(
+ URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name()));
password = new String(passwordBytes, StandardCharsets.UTF_8);
}
}