diff options
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r-- | src/org/traccar/api/BaseObjectResource.java | 26 | ||||
-rw-r--r-- | src/org/traccar/api/MediaFilter.java | 90 | ||||
-rw-r--r-- | src/org/traccar/api/SecurityRequestFilter.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/AttributeResource.java | 6 | ||||
-rw-r--r-- | src/org/traccar/api/resource/DeviceResource.java | 7 | ||||
-rw-r--r-- | src/org/traccar/api/resource/EventResource.java | 4 | ||||
-rw-r--r-- | src/org/traccar/api/resource/MaintenanceResource.java | 36 | ||||
-rw-r--r-- | src/org/traccar/api/resource/SessionResource.java | 17 |
8 files changed, 173 insertions, 17 deletions
diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java index 806c78624..7de6a3877 100644 --- a/src/org/traccar/api/BaseObjectResource.java +++ b/src/org/traccar/api/BaseObjectResource.java @@ -1,6 +1,6 @@ /* - * Copyright 2017 Anton Tananaev (anton@traccar.org) - * Copyright 2017 Andrey Kunitsyn (andrey@traccar.org) + * Copyright 2017 - 2018 Anton Tananaev (anton@traccar.org) + * Copyright 2017 - 2018 Andrey Kunitsyn (andrey@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,9 +33,12 @@ import org.traccar.database.ManagableObjects; import org.traccar.database.SimpleObjectManager; import org.traccar.helper.LogAction; import org.traccar.model.BaseModel; +import org.traccar.model.Calendar; import org.traccar.model.Command; import org.traccar.model.Device; import org.traccar.model.Group; +import org.traccar.model.GroupedModel; +import org.traccar.model.ScheduledModel; import org.traccar.model.User; public abstract class BaseObjectResource<T extends BaseModel> extends BaseResource { @@ -77,6 +80,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour Context.getPermissionsManager().checkDeviceLimit(getUserId()); } else if (baseClass.equals(Command.class)) { Context.getPermissionsManager().checkLimitCommands(getUserId()); + } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) { + Context.getPermissionsManager().checkPermission( + Group.class, getUserId(), ((GroupedModel) entity).getGroupId()); + } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) { + Context.getPermissionsManager().checkPermission( + Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId()); } BaseObjectManager<T> manager = Context.getManager(baseClass); @@ -106,6 +115,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity); } else if (baseClass.equals(Command.class)) { Context.getPermissionsManager().checkLimitCommands(getUserId()); + } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) { + Context.getPermissionsManager().checkPermission( + Group.class, getUserId(), ((GroupedModel) entity).getGroupId()); + } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) { + Context.getPermissionsManager().checkPermission( + Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId()); } Context.getPermissionsManager().checkPermission(baseClass, getUserId(), entity.getId()); @@ -141,12 +156,19 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour } } if (baseClass.equals(Group.class) || baseClass.equals(Device.class) || baseClass.equals(User.class)) { + if (baseClass.equals(Group.class)) { + Context.getGroupsManager().updateGroupCache(true); + Context.getDeviceManager().updateDeviceCache(true); + } Context.getPermissionsManager().refreshDeviceAndGroupPermissions(); if (baseClass.equals(User.class)) { Context.getPermissionsManager().refreshAllUsersPermissions(); } else { Context.getPermissionsManager().refreshAllExtendedPermissions(); } + } else if (baseClass.equals(Calendar.class)) { + Context.getGeofenceManager().refreshItems(); + Context.getNotificationManager().refreshItems(); } return Response.noContent().build(); } diff --git a/src/org/traccar/api/MediaFilter.java b/src/org/traccar/api/MediaFilter.java new file mode 100644 index 000000000..25e242b01 --- /dev/null +++ b/src/org/traccar/api/MediaFilter.java @@ -0,0 +1,90 @@ +/* + * Copyright 2018 Anton Tananaev (anton@traccar.org) + * Copyright 2018 Andrey Kunitsyn (andrey@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api; + +import java.io.IOException; +import java.sql.SQLException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.traccar.Context; +import org.traccar.api.resource.SessionResource; +import org.traccar.helper.Log; +import org.traccar.model.Device; + +public class MediaFilter implements Filter { + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletResponse httpResponse = (HttpServletResponse) response; + try { + HttpSession session = ((HttpServletRequest) request).getSession(false); + Long userId = null; + if (session != null) { + userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY); + if (userId != null) { + Context.getPermissionsManager().checkUserEnabled(userId); + Context.getStatisticsManager().registerRequest(userId); + } + } + if (userId == null) { + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + + String path = ((HttpServletRequest) request).getPathInfo(); + String[] parts = path.split("/"); + if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) { + Context.getPermissionsManager().checkAdmin(userId); + } else { + Device device = Context.getDeviceManager().getByUniqueId(parts[1]); + if (device != null) { + Context.getPermissionsManager().checkDevice(userId, device.getId()); + } else { + httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } + } + + chain.doFilter(request, response); + } catch (SecurityException e) { + httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); + httpResponse.getWriter().println(Log.exceptionStack(e)); + } catch (SQLException e) { + httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST); + httpResponse.getWriter().println(Log.exceptionStack(e)); + } + } + + @Override + public void destroy() { + } + +} diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index 7024bdbc9..aace9f705 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -17,6 +17,7 @@ package org.traccar.api; import org.traccar.Context; import org.traccar.api.resource.SessionResource; +import org.traccar.helper.DataConverter; import org.traccar.helper.Log; import org.traccar.model.User; @@ -28,7 +29,6 @@ import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.ResourceInfo; import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; -import javax.xml.bind.DatatypeConverter; import java.lang.reflect.Method; import java.nio.charset.StandardCharsets; import java.sql.SQLException; @@ -43,7 +43,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter { public static String[] decodeBasicAuth(String auth) { auth = auth.replaceFirst("[B|b]asic ", ""); - byte[] decodedBytes = DatatypeConverter.parseBase64Binary(auth); + byte[] decodedBytes = DataConverter.parseBase64(auth); if (decodedBytes != null && decodedBytes.length > 0) { return new String(decodedBytes, StandardCharsets.US_ASCII).split(":", 2); } diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java index 26a1f6931..8f0bac473 100644 --- a/src/org/traccar/api/resource/AttributeResource.java +++ b/src/org/traccar/api/resource/AttributeResource.java @@ -52,9 +52,11 @@ public class AttributeResource extends ExtendedObjectResource<Attribute> { if (result != null) { switch (entity.getType()) { case "number": - return Response.ok((Number) result).build(); + Number numberValue = (Number) result; + return Response.ok(numberValue).build(); case "boolean": - return Response.ok((Boolean) result).build(); + Boolean booleanValue = (Boolean) result; + return Response.ok(booleanValue).build(); default: return Response.ok(result.toString()).build(); } diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index 0ea532567..87927e45b 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -71,7 +71,7 @@ public class DeviceResource extends BaseObjectResource<Device> { result = deviceManager.getUserItems(userId); } } else { - result = new HashSet<Long>(); + result = new HashSet<>(); for (String uniqueId : uniqueIds) { Device device = deviceManager.getByUniqueId(uniqueId); Context.getPermissionsManager().checkDevice(getUserId(), device.getId()); @@ -88,7 +88,10 @@ public class DeviceResource extends BaseObjectResource<Device> { @Path("{id}/distance") @PUT public Response updateTotalDistance(DeviceTotalDistance entity) throws SQLException { - Context.getPermissionsManager().checkAdmin(getUserId()); + if (!Context.getPermissionsManager().getUserAdmin(getUserId())) { + Context.getPermissionsManager().checkManager(getUserId()); + Context.getPermissionsManager().checkPermission(Device.class, getUserId(), entity.getDeviceId()); + } Context.getDeviceManager().resetTotalDistance(entity); LogAction.resetTotalDistance(getUserId(), entity.getDeviceId()); return Response.noContent().build(); diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java index a7cf9edbd..e0ccf7020 100644 --- a/src/org/traccar/api/resource/EventResource.java +++ b/src/org/traccar/api/resource/EventResource.java @@ -13,6 +13,7 @@ import org.traccar.Context; import org.traccar.api.BaseResource; import org.traccar.model.Event; import org.traccar.model.Geofence; +import org.traccar.model.Maintenance; @Path("events") @Produces(MediaType.APPLICATION_JSON) @@ -28,6 +29,9 @@ public class EventResource extends BaseResource { if (event.getGeofenceId() != 0) { Context.getPermissionsManager().checkPermission(Geofence.class, getUserId(), event.getGeofenceId()); } + if (event.getMaintenanceId() != 0) { + Context.getPermissionsManager().checkPermission(Maintenance.class, getUserId(), event.getMaintenanceId()); + } return event; } diff --git a/src/org/traccar/api/resource/MaintenanceResource.java b/src/org/traccar/api/resource/MaintenanceResource.java new file mode 100644 index 000000000..b3726b429 --- /dev/null +++ b/src/org/traccar/api/resource/MaintenanceResource.java @@ -0,0 +1,36 @@ +/* + * Copyright 2018 Anton Tananaev (anton@traccar.org) + * Copyright 2018 Andrey Kunitsyn (andrey@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import javax.ws.rs.Consumes; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import org.traccar.api.ExtendedObjectResource; +import org.traccar.model.Maintenance; + +@Path("maintenances") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class MaintenanceResource extends ExtendedObjectResource<Maintenance> { + + public MaintenanceResource() { + super(Maintenance.class); + } + +} diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java index 3f7842626..fd331c766 100644 --- a/src/org/traccar/api/resource/SessionResource.java +++ b/src/org/traccar/api/resource/SessionResource.java @@ -17,6 +17,7 @@ package org.traccar.api.resource; import org.traccar.Context; import org.traccar.api.BaseResource; +import org.traccar.helper.DataConverter; import org.traccar.helper.LogAction; import org.traccar.model.User; @@ -34,7 +35,6 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import javax.xml.bind.DatatypeConverter; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; @@ -61,15 +61,14 @@ public class SessionResource extends BaseResource { Cookie[] cookies = request.getCookies(); String email = null, password = null; if (cookies != null) { - for (int i = 0; i < cookies.length; i++) { - if (cookies[i].getName().equals(USER_COOKIE_KEY)) { - byte[] emailBytes = DatatypeConverter.parseBase64Binary( - URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name())); + for (Cookie cookie : cookies) { + if (cookie.getName().equals(USER_COOKIE_KEY)) { + byte[] emailBytes = DataConverter.parseBase64( + URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name())); email = new String(emailBytes, StandardCharsets.UTF_8); - } - if (cookies[i].getName().equals(PASS_COOKIE_KEY)) { - byte[] passwordBytes = DatatypeConverter.parseBase64Binary( - URLDecoder.decode(cookies[i].getValue(), StandardCharsets.US_ASCII.name())); + } else if (cookie.getName().equals(PASS_COOKIE_KEY)) { + byte[] passwordBytes = DataConverter.parseBase64( + URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII.name())); password = new String(passwordBytes, StandardCharsets.UTF_8); } } |