diff options
Diffstat (limited to 'src/org/traccar/database/PermissionsManager.java')
| -rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index b0ae504d0..71633f6ef 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -39,6 +39,7 @@ public class PermissionsManager { private volatile Server server; private final Map<Long, User> users = new ConcurrentHashMap<>(); + private final Map<String, Long> usersTokens = new HashMap<>(); private final Map<Long, Set<Long>> groupPermissions = new HashMap<>(); private final Map<Long, Set<Long>> devicePermissions = new HashMap<>(); @@ -81,10 +82,14 @@ public class PermissionsManager { public final void refreshUsers() { users.clear(); + usersTokens.clear(); try { server = dataManager.getServer(); for (User user : dataManager.getUsers()) { users.put(user.getId(), user); + if (user.getToken() != null) { + usersTokens.put(user.getToken(), user.getId()); + } } } catch (SQLException error) { Log.warning(error); @@ -146,7 +151,17 @@ public class PermissionsManager { public void checkReadonly(long userId) throws SecurityException { if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) { - throw new SecurityException("User is readonly"); + throw new SecurityException("Account is readonly"); + } + } + + public void checkUser(long userId) throws SecurityException { + User user = getUser(userId); + if (user.getDisabled()) { + throw new SecurityException("Account is disabled"); + } + if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) { + throw new SecurityException("Account has expired"); } } @@ -200,28 +215,43 @@ public class PermissionsManager { public void addUser(User user) throws SQLException { dataManager.addUser(user); users.put(user.getId(), user); + if (user.getToken() != null) { + usersTokens.put(user.getToken(), user.getId()); + } refreshPermissions(); } public void updateUser(User user) throws SQLException { dataManager.updateUser(user); + User old = users.get(user.getId()); users.put(user.getId(), user); + if (user.getToken() != null) { + usersTokens.put(user.getToken(), user.getId()); + } + if (old.getToken() != null && !old.getToken().equals(user.getToken())) { + usersTokens.remove(old.getToken()); + } refreshPermissions(); } public void removeUser(long userId) throws SQLException { dataManager.removeUser(userId); + usersTokens.remove(users.get(userId).getToken()); users.remove(userId); refreshPermissions(); } public User login(String email, String password) throws SQLException { User user = dataManager.login(email, password); - if (user != null && users.get(user.getId()) != null) { + if (user != null) { + checkUser(user.getId()); return users.get(user.getId()); - } else { - return null; } + return null; + } + + public User getUserByToken(String token) { + return users.get(usersTokens.get(token)); } } |