From 8ed7d6cd19f221c40e9994c0469009ff9c0e46b1 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Fri, 27 May 2022 17:27:10 -0700
Subject: Fix several manager issues

---
 .../java/org/traccar/api/security/PermissionsService.java    | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/main/java/org/traccar/api/security/PermissionsService.java')

diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index 4d5cd88ab..ac687fc1c 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -21,6 +21,7 @@ import org.traccar.model.Command;
 import org.traccar.model.Device;
 import org.traccar.model.Group;
 import org.traccar.model.GroupedModel;
+import org.traccar.model.ManagedUser;
 import org.traccar.model.ScheduledModel;
 import org.traccar.model.Server;
 import org.traccar.model.User;
@@ -60,9 +61,13 @@ public class PermissionsService {
         return user;
     }
 
+    public boolean isAdmin(long userId) throws StorageException {
+        return getUser(userId).getAdministrator();
+    }
+
     public void checkAdmin(long userId) throws StorageException, SecurityException {
         if (!getUser(userId).getAdministrator()) {
-            throw new SecurityException("Account is readonly");
+            throw new SecurityException("Administrator access required");
         }
     }
 
@@ -118,7 +123,7 @@ public class PermissionsService {
     public void checkUser(long userId, long managedUserId) throws StorageException, SecurityException {
         if (userId != managedUserId && !getUser(userId).getAdministrator()) {
             if (!getUser(userId).getManager()
-                    || storage.getPermissions(User.class, userId, User.class, managedUserId).isEmpty()) {
+                    || storage.getPermissions(User.class, userId, ManagedUser.class, managedUserId).isEmpty()) {
                 throw new SecurityException("User access denied");
             }
         }
@@ -129,7 +134,8 @@ public class PermissionsService {
         if (!getUser(userId).getAdministrator() && !(clazz.equals(User.class) && userId == objectId)) {
             var objects = storage.getObjects(clazz, new Request(
                     new Columns.Include("id"),
-                    new Condition.Permission(User.class, userId, clazz)));
+                    new Condition.Permission(
+                            User.class, userId, clazz.equals(User.class) ? ManagedUser.class : clazz)));
             boolean found = false;
             for (var object : objects) {
                 if (object.getId() == objectId) {
-- 
cgit v1.2.3