From e74c64f27dc30473d9ef866c5c52e3dd6bee2fc3 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Thu, 16 Jun 2022 07:45:19 -0700 Subject: Refactor device permissions check --- src/main/java/org/traccar/api/MediaFilter.java | 23 ++++++++++---- .../org/traccar/api/resource/EventResource.java | 4 +-- .../traccar/api/security/PermissionsService.java | 13 ++++++++ .../org/traccar/database/PermissionsManager.java | 35 ---------------------- .../org/traccar/reports/EventsReportProvider.java | 6 ++-- .../org/traccar/reports/RouteReportProvider.java | 6 ++-- .../org/traccar/reports/StopsReportProvider.java | 6 ++-- .../org/traccar/reports/SummaryReportProvider.java | 4 +-- .../org/traccar/reports/TripsReportProvider.java | 6 ++-- .../org/traccar/reports/common/ReportUtils.java | 12 ++++++++ 10 files changed, 62 insertions(+), 53 deletions(-) (limited to 'src/main') diff --git a/src/main/java/org/traccar/api/MediaFilter.java b/src/main/java/org/traccar/api/MediaFilter.java index 0433147f8..c6ac811d7 100644 --- a/src/main/java/org/traccar/api/MediaFilter.java +++ b/src/main/java/org/traccar/api/MediaFilter.java @@ -28,12 +28,17 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.traccar.Context; import org.traccar.Main; import org.traccar.api.resource.SessionResource; +import org.traccar.api.security.PermissionsService; import org.traccar.database.StatisticsManager; import org.traccar.helper.Log; import org.traccar.model.Device; +import org.traccar.storage.Storage; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; public class MediaFilter implements Filter { @@ -44,6 +49,11 @@ public class MediaFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + + PermissionsService permissionsService = Main.getInjector().getInstance(PermissionsService.class); + Storage storage = Main.getInjector().getInstance(Storage.class); + StatisticsManager statisticsManager = Main.getInjector().getInstance(StatisticsManager.class); + HttpServletResponse httpResponse = (HttpServletResponse) response; try { HttpSession session = ((HttpServletRequest) request).getSession(false); @@ -51,8 +61,8 @@ public class MediaFilter implements Filter { if (session != null) { userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY); if (userId != null) { - Context.getPermissionsManager().checkUserEnabled(userId); - Main.getInjector().getInstance(StatisticsManager.class).registerRequest(userId); + permissionsService.checkUserEnabled(userId); + statisticsManager.registerRequest(userId); } } if (userId == null) { @@ -63,16 +73,17 @@ public class MediaFilter implements Filter { String path = ((HttpServletRequest) request).getPathInfo(); String[] parts = path != null ? path.split("/") : null; if (parts != null && parts.length >= 2) { - Device device = Context.getDeviceManager().getByUniqueId(parts[1]); + Device device = storage.getObject(Device.class, new Request( + new Columns.All(), new Condition.Equals("uniqueId", "uniqueId", parts[1]))); if (device != null) { - Context.getPermissionsManager().checkDevice(userId, device.getId()); + permissionsService.checkPermission(Device.class, userId, device.getId()); chain.doFilter(request, response); return; } } httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN); - } catch (SecurityException e) { + } catch (SecurityException | StorageException e) { httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); httpResponse.getWriter().println(Log.exceptionStack(e)); } diff --git a/src/main/java/org/traccar/api/resource/EventResource.java b/src/main/java/org/traccar/api/resource/EventResource.java index eb373946a..3870e9af9 100644 --- a/src/main/java/org/traccar/api/resource/EventResource.java +++ b/src/main/java/org/traccar/api/resource/EventResource.java @@ -15,8 +15,8 @@ */ package org.traccar.api.resource; -import org.traccar.Context; import org.traccar.api.BaseResource; +import org.traccar.model.Device; import org.traccar.model.Event; import org.traccar.storage.StorageException; import org.traccar.storage.query.Columns; @@ -45,7 +45,7 @@ public class EventResource extends BaseResource { if (event == null) { throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); } - Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId()); + permissionsService.checkPermission(Device.class, getUserId(), event.getDeviceId()); return event; } diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java index f39ded2b7..8732a0d04 100644 --- a/src/main/java/org/traccar/api/security/PermissionsService.java +++ b/src/main/java/org/traccar/api/security/PermissionsService.java @@ -92,6 +92,19 @@ public class PermissionsService { } } + public void checkUserEnabled(long userId) throws StorageException, SecurityException { + User user = getUser(userId); + if (user == null) { + throw new SecurityException("Unknown account"); + } + if (user.getDisabled()) { + throw new SecurityException("Account is disabled"); + } + if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) { + throw new SecurityException("Account has expired"); + } + } + public void checkEdit(long userId, Class clazz, boolean addition) throws StorageException, SecurityException { if (!getUser(userId).getAdministrator()) { boolean denied = false; diff --git a/src/main/java/org/traccar/database/PermissionsManager.java b/src/main/java/org/traccar/database/PermissionsManager.java index 3d4e6425a..f6fbd9489 100644 --- a/src/main/java/org/traccar/database/PermissionsManager.java +++ b/src/main/java/org/traccar/database/PermissionsManager.java @@ -18,7 +18,6 @@ package org.traccar.database; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.traccar.Context; -import org.traccar.api.security.PermissionsService; import org.traccar.model.Device; import org.traccar.model.Group; import org.traccar.model.Permission; @@ -117,21 +116,6 @@ public class PermissionsManager { } } - public Set getDeviceUsers(long deviceId) { - Device device = Context.getIdentityManager().getById(deviceId); - if (device != null && !device.getDisabled()) { - return getAllDeviceUsers(deviceId); - } else { - Set result = new HashSet<>(); - for (long userId : getAllDeviceUsers(deviceId)) { - if (getUserAdmin(userId)) { - result.add(userId); - } - } - return result; - } - } - public Set getGroupDevices(long groupId) { readLock(); try { @@ -195,12 +179,6 @@ public class PermissionsManager { return user != null && user.getAdministrator(); } - public void checkAdmin(long userId) throws SecurityException { - if (!getUserAdmin(userId)) { - throw new SecurityException("Admin access required"); - } - } - public boolean getUserManager(long userId) { User user = getUser(userId); return user != null && user.getUserLimit() != 0; @@ -212,11 +190,6 @@ public class PermissionsManager { } } - public boolean getUserReadonly(long userId) { - User user = getUser(userId); - return user != null && user.getReadonly(); - } - public void checkUserEnabled(long userId) throws SecurityException { User user = getUser(userId); if (user == null) { @@ -230,14 +203,6 @@ public class PermissionsManager { } } - public void checkDevice(long userId, long deviceId) throws SecurityException { - try { - new PermissionsService(storage).checkPermission(Device.class, userId, deviceId); - } catch (StorageException e) { - throw new RuntimeException(e); - } - } - public void refreshPermissions(Permission permission) { if (permission.getOwnerClass().equals(User.class)) { if (permission.getPropertyClass().equals(Device.class) diff --git a/src/main/java/org/traccar/reports/EventsReportProvider.java b/src/main/java/org/traccar/reports/EventsReportProvider.java index b1f7149a2..4db842fdb 100644 --- a/src/main/java/org/traccar/reports/EventsReportProvider.java +++ b/src/main/java/org/traccar/reports/EventsReportProvider.java @@ -74,9 +74,10 @@ public class EventsReportProvider { long userId, Collection deviceIds, Collection groupIds, Collection types, Date from, Date to) throws StorageException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList result = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); Collection events = getEvents(deviceId, from, to); boolean all = types.isEmpty() || types.contains(Event.ALL_EVENTS); for (Event event : events) { @@ -98,12 +99,13 @@ public class EventsReportProvider { OutputStream outputStream, long userId, Collection deviceIds, Collection groupIds, Collection types, Date from, Date to) throws StorageException, IOException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList devicesEvents = new ArrayList<>(); ArrayList sheetNames = new ArrayList<>(); HashMap geofenceNames = new HashMap<>(); HashMap maintenanceNames = new HashMap<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); Collection events = getEvents(deviceId, from, to); boolean all = types.isEmpty() || types.contains(Event.ALL_EVENTS); for (Iterator iterator = events.iterator(); iterator.hasNext();) { diff --git a/src/main/java/org/traccar/reports/RouteReportProvider.java b/src/main/java/org/traccar/reports/RouteReportProvider.java index 903dfe369..b4401bc87 100644 --- a/src/main/java/org/traccar/reports/RouteReportProvider.java +++ b/src/main/java/org/traccar/reports/RouteReportProvider.java @@ -59,9 +59,10 @@ public class RouteReportProvider { public Collection getObjects(long userId, Collection deviceIds, Collection groupIds, Date from, Date to) throws StorageException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList result = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); result.addAll(PositionUtil.getPositions(storage, deviceId, from, to)); } return result; @@ -71,10 +72,11 @@ public class RouteReportProvider { long userId, Collection deviceIds, Collection groupIds, Date from, Date to) throws StorageException, IOException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList devicesRoutes = new ArrayList<>(); ArrayList sheetNames = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); var positions = PositionUtil.getPositions(storage, deviceId, from, to); DeviceReportSection deviceRoutes = new DeviceReportSection(); Device device = Context.getIdentityManager().getById(deviceId); diff --git a/src/main/java/org/traccar/reports/StopsReportProvider.java b/src/main/java/org/traccar/reports/StopsReportProvider.java index b9d36eb97..a63d7ee21 100644 --- a/src/main/java/org/traccar/reports/StopsReportProvider.java +++ b/src/main/java/org/traccar/reports/StopsReportProvider.java @@ -67,9 +67,10 @@ public class StopsReportProvider { long userId, Collection deviceIds, Collection groupIds, Date from, Date to) throws StorageException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList result = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); result.addAll(detectStops(deviceId, from, to)); } return result; @@ -79,10 +80,11 @@ public class StopsReportProvider { OutputStream outputStream, long userId, Collection deviceIds, Collection groupIds, Date from, Date to) throws StorageException, IOException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList devicesStops = new ArrayList<>(); ArrayList sheetNames = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); Collection stops = detectStops(deviceId, from, to); DeviceReportSection deviceStops = new DeviceReportSection(); Device device = Context.getIdentityManager().getById(deviceId); diff --git a/src/main/java/org/traccar/reports/SummaryReportProvider.java b/src/main/java/org/traccar/reports/SummaryReportProvider.java index 68976b987..86d76b4e3 100644 --- a/src/main/java/org/traccar/reports/SummaryReportProvider.java +++ b/src/main/java/org/traccar/reports/SummaryReportProvider.java @@ -146,9 +146,10 @@ public class SummaryReportProvider { long userId, Collection deviceIds, Collection groupIds, Date from, Date to, boolean daily) throws StorageException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList result = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); Collection deviceResults = calculateSummaryResults(userId, deviceId, from, to, daily); for (SummaryReportItem summaryReport : deviceResults) { if (summaryReport.getStartTime() != null && summaryReport.getEndTime() != null) { @@ -162,7 +163,6 @@ public class SummaryReportProvider { public void getExcel(OutputStream outputStream, long userId, Collection deviceIds, Collection groupIds, Date from, Date to, boolean daily) throws StorageException, IOException { - reportUtils.checkPeriodLimit(from, to); Collection summaries = getObjects(userId, deviceIds, groupIds, from, to, daily); File file = Paths.get(config.getString(Keys.TEMPLATES_ROOT), "export", "summary.xlsx").toFile(); diff --git a/src/main/java/org/traccar/reports/TripsReportProvider.java b/src/main/java/org/traccar/reports/TripsReportProvider.java index 97cfccf74..bec4c39fd 100644 --- a/src/main/java/org/traccar/reports/TripsReportProvider.java +++ b/src/main/java/org/traccar/reports/TripsReportProvider.java @@ -67,9 +67,10 @@ public class TripsReportProvider { public Collection getObjects(long userId, Collection deviceIds, Collection groupIds, Date from, Date to) throws StorageException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList result = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); result.addAll(detectTrips(deviceId, from, to)); } return result; @@ -79,10 +80,11 @@ public class TripsReportProvider { long userId, Collection deviceIds, Collection groupIds, Date from, Date to) throws StorageException, IOException { reportUtils.checkPeriodLimit(from, to); + reportUtils.checkPermissions(userId, deviceIds, groupIds); + ArrayList devicesTrips = new ArrayList<>(); ArrayList sheetNames = new ArrayList<>(); for (long deviceId: reportUtils.getDeviceList(deviceIds, groupIds)) { - Context.getPermissionsManager().checkDevice(userId, deviceId); Collection trips = detectTrips(deviceId, from, to); DeviceReportSection deviceTrips = new DeviceReportSection(); Device device = Context.getIdentityManager().getById(deviceId); diff --git a/src/main/java/org/traccar/reports/common/ReportUtils.java b/src/main/java/org/traccar/reports/common/ReportUtils.java index 95c43f8a0..84866a67b 100644 --- a/src/main/java/org/traccar/reports/common/ReportUtils.java +++ b/src/main/java/org/traccar/reports/common/ReportUtils.java @@ -38,8 +38,10 @@ import org.traccar.helper.UnitsConverter; import org.traccar.helper.model.PositionUtil; import org.traccar.helper.model.UserUtil; import org.traccar.model.BaseModel; +import org.traccar.model.Device; import org.traccar.model.Driver; import org.traccar.model.Event; +import org.traccar.model.Group; import org.traccar.model.Position; import org.traccar.model.User; import org.traccar.reports.model.BaseReportItem; @@ -109,6 +111,16 @@ public class ReportUtils { } } + public void checkPermissions( + long userId, Collection deviceIds, Collection groupIds) throws StorageException { + for (long deviceId : deviceIds) { + permissionsService.checkPermission(Device.class, userId, deviceId); + } + for (long groupId : groupIds) { + permissionsService.checkPermission(Group.class, userId, groupId); + } + } + public Collection getDeviceList(Collection deviceIds, Collection groupIds) { Collection result = new LinkedHashSet<>(deviceIds); for (long groupId : groupIds) { -- cgit v1.2.3