aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/database/PermissionsManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/database/PermissionsManager.java')
-rw-r--r--src/org/traccar/database/PermissionsManager.java56
1 files changed, 41 insertions, 15 deletions
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index 0708cc5c9..0d9c780a6 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -20,6 +20,7 @@ import org.traccar.helper.Log;
import org.traccar.model.Attribute;
import org.traccar.model.BaseModel;
import org.traccar.model.Calendar;
+import org.traccar.model.Command;
import org.traccar.model.Device;
import org.traccar.model.Driver;
import org.traccar.model.Geofence;
@@ -136,24 +137,24 @@ public class PermissionsManager {
}
}
- public boolean isAdmin(long userId) {
+ public boolean getUserAdmin(long userId) {
User user = getUser(userId);
return user != null && user.getAdmin();
}
public void checkAdmin(long userId) throws SecurityException {
- if (!isAdmin(userId)) {
+ if (!getUserAdmin(userId)) {
throw new SecurityException("Admin access required");
}
}
- public boolean isManager(long userId) {
+ public boolean getUserManager(long userId) {
User user = getUser(userId);
return user != null && user.getUserLimit() != 0;
}
public void checkManager(long userId) throws SecurityException {
- if (!isManager(userId)) {
+ if (!getUserManager(userId)) {
throw new SecurityException("Manager access required");
}
}
@@ -176,7 +177,7 @@ public class PermissionsManager {
int deviceLimit = getUser(userId).getDeviceLimit();
if (deviceLimit != -1) {
int deviceCount = 0;
- if (isManager(userId)) {
+ if (getUserManager(userId)) {
deviceCount = Context.getDeviceManager().getManagedItems(userId).size();
} else {
deviceCount = Context.getDeviceManager().getUserItems(userId).size();
@@ -187,28 +188,45 @@ public class PermissionsManager {
}
}
- public boolean isReadonly(long userId) {
+ public boolean getUserReadonly(long userId) {
User user = getUser(userId);
return user != null && user.getReadonly();
}
- public boolean isDeviceReadonly(long userId) {
+ public boolean getUserDeviceReadonly(long userId) {
User user = getUser(userId);
return user != null && user.getDeviceReadonly();
}
+ public boolean getUserLimitCommands(long userId) {
+ User user = getUser(userId);
+ return user != null && user.getLimitCommands();
+ }
+
public void checkReadonly(long userId) throws SecurityException {
- if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) {
+ if (!getUserAdmin(userId) && (server.getReadonly() || getUserReadonly(userId))) {
throw new SecurityException("Account is readonly");
}
}
public void checkDeviceReadonly(long userId) throws SecurityException {
- if (!isAdmin(userId) && (server.getDeviceReadonly() || isDeviceReadonly(userId))) {
+ if (!getUserAdmin(userId) && (server.getDeviceReadonly() || getUserDeviceReadonly(userId))) {
throw new SecurityException("Account is device readonly");
}
}
+ public void checkLimitCommands(long userId) throws SecurityException {
+ if (!getUserAdmin(userId) && (server.getLimitCommands() || getUserLimitCommands(userId))) {
+ throw new SecurityException("Account has limit sending commands");
+ }
+ }
+
+ public void checkUserDeviceCommand(long userId, long deviceId, long commandId) throws SecurityException {
+ if (!getUserAdmin(userId) && Context.getCommandsManager().checkDeviceCommand(deviceId, commandId)) {
+ throw new SecurityException("Command can not be sent to this device");
+ }
+ }
+
public void checkUserEnabled(long userId) throws SecurityException {
User user = getUser(userId);
if (user == null) {
@@ -240,20 +258,20 @@ public class PermissionsManager {
if (userId == after.getId()) {
checkAdmin(userId);
}
- if (!isAdmin(userId)) {
+ if (!getUserAdmin(userId)) {
checkManager(userId);
}
}
}
public void checkUser(long userId, long managedUserId) throws SecurityException {
- if (userId != managedUserId && !isAdmin(userId)) {
+ if (userId != managedUserId && !getUserAdmin(userId)) {
checkManager(userId, managedUserId);
}
}
public void checkGroup(long userId, long groupId) throws SecurityException {
- if (!getGroupPermissions(userId).contains(groupId) && !isAdmin(userId)) {
+ if (!getGroupPermissions(userId).contains(groupId) && !getUserAdmin(userId)) {
checkManager(userId);
for (long managedUserId : usersManager.getUserItems(userId)) {
if (getGroupPermissions(managedUserId).contains(groupId)) {
@@ -265,7 +283,7 @@ public class PermissionsManager {
}
public void checkDevice(long userId, long deviceId) throws SecurityException {
- if (!Context.getDeviceManager().getUserItems(userId).contains(deviceId) && !isAdmin(userId)) {
+ if (!Context.getDeviceManager().getUserItems(userId).contains(deviceId) && !getUserAdmin(userId)) {
checkManager(userId);
for (long managedUserId : usersManager.getUserItems(userId)) {
if (Context.getDeviceManager().getUserItems(managedUserId).contains(deviceId)) {
@@ -277,7 +295,7 @@ public class PermissionsManager {
}
public void checkRegistration(long userId) {
- if (!server.getRegistration() && !isAdmin(userId)) {
+ if (!server.getRegistration() && !getUserAdmin(userId)) {
throw new SecurityException("Registration disabled");
}
}
@@ -300,11 +318,13 @@ public class PermissionsManager {
manager = Context.getDriversManager();
} else if (object.equals(Calendar.class)) {
manager = Context.getCalendarManager();
+ } else if (object.equals(Command.class)) {
+ manager = Context.getCommandsManager();
} else {
throw new IllegalArgumentException("Unknown object type");
}
- if (manager != null && !manager.checkItemPermission(userId, objectId) && !isAdmin(userId)) {
+ if (manager != null && !manager.checkItemPermission(userId, objectId) && !getUserAdmin(userId)) {
checkManager(userId);
for (long managedUserId : usersManager.getManagedItems(userId)) {
if (manager.checkItemPermission(managedUserId, objectId)) {
@@ -322,6 +342,7 @@ public class PermissionsManager {
Context.getCalendarManager().refreshUserItems();
Context.getDriversManager().refreshUserItems();
Context.getAttributesManager().refreshUserItems();
+ Context.getCommandsManager().refreshUserItems();
if (Context.getNotificationManager() != null) {
Context.getNotificationManager().refresh();
}
@@ -333,6 +354,7 @@ public class PermissionsManager {
}
Context.getDriversManager().refreshExtendedPermissions();
Context.getAttributesManager().refreshExtendedPermissions();
+ Context.getCommandsManager().refreshExtendedPermissions();
}
public void refreshPermissions(Permission permission) {
@@ -351,6 +373,8 @@ public class PermissionsManager {
Context.getAttributesManager().refreshUserItems();
} else if (permission.getPropertyClass().equals(Calendar.class)) {
Context.getCalendarManager().refreshUserItems();
+ } else if (permission.getPropertyClass().equals(Command.class)) {
+ Context.getCommandsManager().refreshUserItems();
}
} else if (permission.getOwnerClass().equals(Device.class) || permission.getOwnerClass().equals(Group.class)) {
if (permission.getPropertyClass().equals(Geofence.class) && Context.getGeofenceManager() != null) {
@@ -359,6 +383,8 @@ public class PermissionsManager {
Context.getDriversManager().refreshExtendedPermissions();
} else if (permission.getPropertyClass().equals(Attribute.class)) {
Context.getAttributesManager().refreshExtendedPermissions();
+ } else if (permission.getPropertyClass().equals(Command.class)) {
+ Context.getCommandsManager().refreshExtendedPermissions();
}
}
}