From afb9a199f57824ec06c993b6028c35b616f64885 Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Thu, 20 Jul 2017 08:56:29 +0500 Subject: Combine permission resources and reuse common database functions --- .../traccar/api/resource/PermissionsResource.java | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 src/org/traccar/api/resource/PermissionsResource.java (limited to 'src/org/traccar/api/resource/PermissionsResource.java') diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java new file mode 100644 index 000000000..ac7acb93f --- /dev/null +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -0,0 +1,62 @@ +/* + * Copyright 2017 Anton Tananaev (anton@traccar.org) + * Copyright 2017 Andrey Kunitsyn (andrey@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import java.sql.SQLException; +import java.util.Map; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import org.traccar.Context; +import org.traccar.api.BaseResource; + +@Path("permissions") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class PermissionsResource extends BaseResource { + + @Path("/{slave : (users|devices|groups|geofences|drivers|attributes|calendars)}") + @POST + public Response add(Map entity) throws SQLException { + Context.getPermissionsManager().checkReadonly(getUserId()); + for (String key : entity.keySet()) { + Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); + } + Context.getDataManager().linkObject(entity, true); + Context.getPermissionsManager().refreshPermissions(entity); + return Response.noContent().build(); + } + + @Path("/{slave : (users|devices|groups|geofences|drivers|attributes|calendars)}") + @DELETE + public Response remove(Map entity) throws SQLException { + Context.getPermissionsManager().checkReadonly(getUserId()); + for (String key : entity.keySet()) { + Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); + } + Context.getDataManager().linkObject(entity, false); + Context.getPermissionsManager().refreshPermissions(entity); + return Response.noContent().build(); + } + +} -- cgit v1.2.3 From 0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0 Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Thu, 20 Jul 2017 10:05:33 +0500 Subject: Make permissions resources more strict --- src/org/traccar/api/resource/DeviceResource.java | 6 ++++++ src/org/traccar/api/resource/GroupResource.java | 6 ++++++ src/org/traccar/api/resource/PermissionsResource.java | 6 ++++++ 3 files changed, 18 insertions(+) (limited to 'src/org/traccar/api/resource/PermissionsResource.java') diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index 41a8970e2..0f7579bae 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -125,6 +125,9 @@ public class DeviceResource extends BaseResource { @POST public Response add(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } @@ -140,6 +143,9 @@ public class DeviceResource extends BaseResource { for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } Context.getDataManager().linkObject(entity, false); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java index 97b6d671d..0d9572332 100644 --- a/src/org/traccar/api/resource/GroupResource.java +++ b/src/org/traccar/api/resource/GroupResource.java @@ -97,6 +97,9 @@ public class GroupResource extends BaseResource { @POST public Response add(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } @@ -109,6 +112,9 @@ public class GroupResource extends BaseResource { @DELETE public Response remove(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java index ac7acb93f..e22ffae36 100644 --- a/src/org/traccar/api/resource/PermissionsResource.java +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -39,6 +39,9 @@ public class PermissionsResource extends BaseResource { @POST public Response add(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } @@ -51,6 +54,9 @@ public class PermissionsResource extends BaseResource { @DELETE public Response remove(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } for (String key : entity.keySet()) { Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); } -- cgit v1.2.3 From f77912f14ed17bfbe533b664b6b82154c80e3b58 Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Fri, 21 Jul 2017 11:55:38 +0500 Subject: - Combine all permissions to one resource - Add two helpers to BaseResource --- src/org/traccar/api/BaseResource.java | 36 +++++++++++++++++++++ .../traccar/api/resource/AttributeResource.java | 7 ++-- src/org/traccar/api/resource/CalendarResource.java | 6 +--- src/org/traccar/api/resource/DeviceResource.java | 37 +--------------------- src/org/traccar/api/resource/DriverResource.java | 6 +--- src/org/traccar/api/resource/GeofenceResource.java | 6 +--- src/org/traccar/api/resource/GroupResource.java | 37 +--------------------- .../traccar/api/resource/PermissionsResource.java | 18 ++--------- src/org/traccar/api/resource/UserResource.java | 6 +--- src/org/traccar/database/DataManager.java | 18 ++++++----- 10 files changed, 56 insertions(+), 121 deletions(-) (limited to 'src/org/traccar/api/resource/PermissionsResource.java') diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java index 44ef33c53..9ac30f5a7 100644 --- a/src/org/traccar/api/BaseResource.java +++ b/src/org/traccar/api/BaseResource.java @@ -15,8 +15,15 @@ */ package org.traccar.api; +import java.sql.SQLException; +import java.util.Iterator; +import java.util.Map; + import javax.ws.rs.core.SecurityContext; +import org.traccar.Context; +import org.traccar.model.BaseModel; + public class BaseResource { @javax.ws.rs.core.Context @@ -29,4 +36,33 @@ public class BaseResource { } return 0; } + + protected void handlePermission(Map entity, boolean link) throws SQLException { + if (entity.size() != 2) { + throw new IllegalArgumentException(); + } + Iterator iterator = entity.keySet().iterator(); + String owner = iterator.next(); + String property = iterator.next(); + long ownerId = entity.get(owner); + long propertyId = entity.get(property); + + if (!link && owner.equals("userId") && property.equals("deviceId")) { + if (getUserId() != ownerId) { + Context.getPermissionsManager().checkUser(getUserId(), ownerId); + } else { + Context.getPermissionsManager().checkAdmin(getUserId()); + } + } else { + Context.getPermissionsManager().checkPermission(owner.replace("Id", ""), getUserId(), ownerId); + } + Context.getPermissionsManager().checkPermission(property.replace("Id", ""), getUserId(), propertyId); + + Context.getDataManager().linkObject(owner, ownerId, property, propertyId, link); + } + + protected void linkNew(BaseModel entity) throws SQLException { + Context.getDataManager().linkObject("userId", getUserId(), + entity.getClass().getSimpleName(), entity.getId(), true); + } } diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java index 2f731e3a7..c6c95e05c 100644 --- a/src/org/traccar/api/resource/AttributeResource.java +++ b/src/org/traccar/api/resource/AttributeResource.java @@ -19,7 +19,6 @@ package org.traccar.api.resource; import java.sql.SQLException; import java.util.Collection; import java.util.HashSet; -import java.util.LinkedHashMap; import java.util.Set; import javax.ws.rs.Consumes; @@ -86,11 +85,9 @@ public class AttributeResource extends BaseResource { } private Response add(Attribute entity) throws SQLException { + Context.getPermissionsManager().checkReadonly(getUserId()); Context.getAttributesManager().addItem(entity); - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("attributeId", entity.getId()); - Context.getDataManager().linkObject(link, true); + linkNew(entity); Context.getAttributesManager().refreshUserItems(); return Response.ok(entity).build(); } diff --git a/src/org/traccar/api/resource/CalendarResource.java b/src/org/traccar/api/resource/CalendarResource.java index f4ff9d4e9..0666f2fed 100644 --- a/src/org/traccar/api/resource/CalendarResource.java +++ b/src/org/traccar/api/resource/CalendarResource.java @@ -18,7 +18,6 @@ package org.traccar.api.resource; import java.sql.SQLException; import java.util.Collection; -import java.util.LinkedHashMap; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -67,10 +66,7 @@ public class CalendarResource extends BaseResource { public Response add(Calendar entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getCalendarManager().addItem(entity); - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("calendarId", entity.getId()); - Context.getDataManager().linkObject(link, true); + linkNew(entity); Context.getCalendarManager().refreshUserItems(); return Response.ok(entity).build(); } diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index 0f7579bae..285ed6a31 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -35,9 +35,7 @@ import javax.ws.rs.core.Response; import java.sql.SQLException; import java.util.ArrayList; import java.util.Collection; -import java.util.LinkedHashMap; import java.util.List; -import java.util.Map; @Path("devices") @Produces(MediaType.APPLICATION_JSON) @@ -79,10 +77,7 @@ public class DeviceResource extends BaseResource { Context.getPermissionsManager().checkDeviceReadonly(getUserId()); Context.getPermissionsManager().checkDeviceLimit(getUserId()); Context.getDeviceManager().addDevice(entity); - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("deviceId", entity.getId()); - Context.getDataManager().linkObject(link, true); + linkNew(entity); Context.getPermissionsManager().refreshPermissions(); Context.getPermissionsManager().refreshAllExtendedPermissions(); return Response.ok(entity).build(); @@ -121,34 +116,4 @@ public class DeviceResource extends BaseResource { return Response.noContent().build(); } - @Path("/{slave : (geofences|drivers|attributes)}") - @POST - public Response add(Map entity) throws SQLException { - Context.getPermissionsManager().checkReadonly(getUserId()); - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } - for (String key : entity.keySet()) { - Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); - } - Context.getDataManager().linkObject(entity, true); - Context.getPermissionsManager().refreshPermissions(entity); - return Response.noContent().build(); - } - - @Path("/{slave : (geofences|drivers|attributes)}") - @DELETE - public Response remove(Map entity) throws SQLException { - Context.getPermissionsManager().checkReadonly(getUserId()); - for (String key : entity.keySet()) { - Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); - } - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } - Context.getDataManager().linkObject(entity, false); - Context.getPermissionsManager().refreshPermissions(entity); - return Response.noContent().build(); - } - } diff --git a/src/org/traccar/api/resource/DriverResource.java b/src/org/traccar/api/resource/DriverResource.java index 91a502790..749674002 100644 --- a/src/org/traccar/api/resource/DriverResource.java +++ b/src/org/traccar/api/resource/DriverResource.java @@ -19,7 +19,6 @@ package org.traccar.api.resource; import java.sql.SQLException; import java.util.Collection; import java.util.HashSet; -import java.util.LinkedHashMap; import java.util.Set; import javax.ws.rs.Consumes; @@ -87,10 +86,7 @@ public class DriverResource extends BaseResource { public Response add(Driver entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getDriversManager().addItem(entity); - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("driverId", entity.getId()); - Context.getDataManager().linkObject(link, true); + linkNew(entity); Context.getDriversManager().refreshUserItems(); return Response.ok(entity).build(); } diff --git a/src/org/traccar/api/resource/GeofenceResource.java b/src/org/traccar/api/resource/GeofenceResource.java index c39d882b6..df4947a1b 100644 --- a/src/org/traccar/api/resource/GeofenceResource.java +++ b/src/org/traccar/api/resource/GeofenceResource.java @@ -35,7 +35,6 @@ import javax.ws.rs.core.Response; import java.sql.SQLException; import java.util.Collection; import java.util.HashSet; -import java.util.LinkedHashMap; import java.util.Set; @Path("geofences") @@ -86,10 +85,7 @@ public class GeofenceResource extends BaseResource { public Response add(Geofence entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getGeofenceManager().addItem(entity); - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("geofenceId", entity.getId()); - Context.getDataManager().linkObject(link, true); + linkNew(entity); Context.getGeofenceManager().refreshUserItems(); return Response.ok(entity).build(); } diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java index 0d9572332..5d575ebfe 100644 --- a/src/org/traccar/api/resource/GroupResource.java +++ b/src/org/traccar/api/resource/GroupResource.java @@ -32,8 +32,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.sql.SQLException; import java.util.Collection; -import java.util.LinkedHashMap; -import java.util.Map; @Path("groups") @Produces(MediaType.APPLICATION_JSON) @@ -63,10 +61,7 @@ public class GroupResource extends BaseResource { public Response add(Group entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getDeviceManager().addGroup(entity); - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("groupId", entity.getId()); - Context.getDataManager().linkObject(link, true); + linkNew(entity); Context.getPermissionsManager().refreshPermissions(); Context.getPermissionsManager().refreshAllExtendedPermissions(); return Response.ok(entity).build(); @@ -93,34 +88,4 @@ public class GroupResource extends BaseResource { return Response.noContent().build(); } - @Path("/{slave : (geofences|drivers|attributes)}") - @POST - public Response add(Map entity) throws SQLException { - Context.getPermissionsManager().checkReadonly(getUserId()); - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } - for (String key : entity.keySet()) { - Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); - } - Context.getDataManager().linkObject(entity, true); - Context.getPermissionsManager().refreshPermissions(entity); - return Response.noContent().build(); - } - - @Path("/{slave : (geofences|drivers|attributes)}") - @DELETE - public Response remove(Map entity) throws SQLException { - Context.getPermissionsManager().checkReadonly(getUserId()); - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } - for (String key : entity.keySet()) { - Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); - } - Context.getDataManager().linkObject(entity, false); - Context.getPermissionsManager().refreshPermissions(entity); - return Response.noContent().build(); - } - } diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java index e22ffae36..707242cf1 100644 --- a/src/org/traccar/api/resource/PermissionsResource.java +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -35,32 +35,18 @@ import org.traccar.api.BaseResource; @Consumes(MediaType.APPLICATION_JSON) public class PermissionsResource extends BaseResource { - @Path("/{slave : (users|devices|groups|geofences|drivers|attributes|calendars)}") @POST public Response add(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } - for (String key : entity.keySet()) { - Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); - } - Context.getDataManager().linkObject(entity, true); + handlePermission(entity, true); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); } - @Path("/{slave : (users|devices|groups|geofences|drivers|attributes|calendars)}") @DELETE public Response remove(Map entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } - for (String key : entity.keySet()) { - Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key)); - } - Context.getDataManager().linkObject(entity, false); + handlePermission(entity, false); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index 94cc56b47..e710c940d 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -34,7 +34,6 @@ import javax.ws.rs.core.Response; import java.sql.SQLException; import java.util.Collection; import java.util.Date; -import java.util.LinkedHashMap; @Path("users") @Produces(MediaType.APPLICATION_JSON) @@ -75,10 +74,7 @@ public class UserResource extends BaseResource { } Context.getPermissionsManager().addUser(entity); if (Context.getPermissionsManager().isManager(getUserId())) { - LinkedHashMap link = new LinkedHashMap<>(); - link.put("userId", getUserId()); - link.put("managedUserId", entity.getId()); - Context.getDataManager().linkObject(link, true); + Context.getDataManager().linkObject("userId", getUserId(), "managedUserId", entity.getId(), true); } Context.getPermissionsManager().refreshUserPermissions(); if (Context.getNotificationManager() != null) { diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index 39a80ee72..9d8167acc 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -272,15 +272,17 @@ public class DataManager { return object.substring(0, 1).toUpperCase() + object.replace("Id", "").substring(1); } - public void linkObject(Map permission, boolean link) throws SQLException { - String query = "database." + (!link ? "un" : "") + "link"; - for (String key : permission.keySet()) { - query += makeName(key); - } + private String makeNameId(String object) { + return object.substring(0, 1).toLowerCase() + object.substring(1) + (object.indexOf("Id") == -1 ? "Id" : ""); + } + + public void linkObject(String owner, long ownerId, String property, long propertyId, + boolean link) throws SQLException { + String query = "database." + (!link ? "un" : "") + "link" + makeName(owner) + makeName(property); QueryBuilder queryBuilder = QueryBuilder.create(dataSource, getQuery(query)); - for (String key : permission.keySet()) { - queryBuilder.setLong(key, permission.get(key)); - } + + queryBuilder.setLong(makeNameId(owner), ownerId); + queryBuilder.setLong(makeNameId(property), propertyId); queryBuilder.executeUpdate(); } -- cgit v1.2.3 From 69c46399ee0f6b3dd2b0589cb412e9e17f040369 Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Fri, 21 Jul 2017 18:41:49 +0500 Subject: Use classes instead of constants everywhere --- setup/default.xml | 14 ++-- src/org/traccar/Context.java | 8 -- src/org/traccar/api/BaseResource.java | 29 +++---- .../traccar/api/resource/AttributeResource.java | 6 +- src/org/traccar/api/resource/CalendarResource.java | 6 +- src/org/traccar/api/resource/DeviceResource.java | 2 +- src/org/traccar/api/resource/DriverResource.java | 6 +- src/org/traccar/api/resource/EventResource.java | 3 +- src/org/traccar/api/resource/GeofenceResource.java | 6 +- src/org/traccar/api/resource/GroupResource.java | 2 +- .../traccar/api/resource/PermissionsResource.java | 10 +-- src/org/traccar/api/resource/UserResource.java | 3 +- src/org/traccar/database/DataManager.java | 21 +++-- src/org/traccar/database/DriversManager.java | 2 +- .../traccar/database/ExtendedObjectManager.java | 14 ++-- src/org/traccar/database/PermissionsManager.java | 96 +++++++++++----------- src/org/traccar/database/SimpleObjectManager.java | 16 ++-- src/org/traccar/model/ManagedUser.java | 21 +++++ 18 files changed, 144 insertions(+), 121 deletions(-) create mode 100644 src/org/traccar/model/ManagedUser.java (limited to 'src/org/traccar/api/resource/PermissionsResource.java') diff --git a/setup/default.xml b/setup/default.xml index dcf995af0..f0f9ef4a3 100644 --- a/setup/default.xml +++ b/setup/default.xml @@ -103,11 +103,11 @@ DELETE FROM users WHERE id = :id - + SELECT userId, deviceId FROM user_device - + SELECT userId, groupId FROM user_group @@ -230,7 +230,7 @@ DELETE FROM geofences WHERE id = :id - + SELECT userId, geofenceId FROM user_geofence @@ -349,7 +349,7 @@ DELETE FROM calendars WHERE id = :id - + SELECT userId, calendarId FROM user_calendar @@ -361,7 +361,7 @@ DELETE FROM user_calendar WHERE userId = :userId AND calendarId = :calendarId - + SELECT userId, managedUserId FROM user_user @@ -395,7 +395,7 @@ DELETE FROM attributes WHERE id = :id - + SELECT userId, attributeId FROM user_attribute @@ -452,7 +452,7 @@ DELETE FROM drivers WHERE id = :id - + SELECT userId, driverId FROM user_driver diff --git a/src/org/traccar/Context.java b/src/org/traccar/Context.java index 57c6bc908..a4fc5b679 100644 --- a/src/org/traccar/Context.java +++ b/src/org/traccar/Context.java @@ -59,14 +59,6 @@ import org.traccar.web.WebServer; public final class Context { - public static final String TYPE_USER = "User"; - public static final String TYPE_DEVICE = "Device"; - public static final String TYPE_GROUP = "Group"; - public static final String TYPE_GEOFENCE = "Geofence"; - public static final String TYPE_CALENDAR = "Calendar"; - public static final String TYPE_ATTRIBUTE = "Attribute"; - public static final String TYPE_DRIVER = "Driver"; - private Context() { } diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java index 4ad1477c2..920bb3931 100644 --- a/src/org/traccar/api/BaseResource.java +++ b/src/org/traccar/api/BaseResource.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2017 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,13 +17,15 @@ package org.traccar.api; import java.sql.SQLException; import java.util.Iterator; -import java.util.Map; +import java.util.LinkedHashMap; import javax.ws.rs.core.SecurityContext; import org.traccar.Context; import org.traccar.database.DataManager; import org.traccar.model.BaseModel; +import org.traccar.model.Device; +import org.traccar.model.User; public class BaseResource { @@ -38,34 +40,33 @@ public class BaseResource { return 0; } - protected void handlePermission(Map entity, boolean link) throws SQLException { - if (entity.size() != 2) { - throw new IllegalArgumentException(); - } + protected void checkAndLinkPermission(LinkedHashMap entity, boolean link) + throws SQLException, ClassNotFoundException { Iterator iterator = entity.keySet().iterator(); String owner = iterator.next(); + Class ownerClass = DataManager.getClassByName(owner); String property = iterator.next(); + Class propertyClass = DataManager.getClassByName(property); long ownerId = entity.get(owner); long propertyId = entity.get(property); - if (!link && DataManager.makeName(owner).equals(Context.TYPE_USER) - && DataManager.makeName(property).equals(Context.TYPE_DEVICE)) { + if (!link && ownerClass.equals(User.class) + && propertyClass.equals(Device.class)) { if (getUserId() != ownerId) { Context.getPermissionsManager().checkUser(getUserId(), ownerId); } else { Context.getPermissionsManager().checkAdmin(getUserId()); } } else { - Context.getPermissionsManager().checkPermission(owner, getUserId(), ownerId); + Context.getPermissionsManager().checkPermission(ownerClass, getUserId(), ownerId); } - Context.getPermissionsManager().checkPermission(property, getUserId(), propertyId); + Context.getPermissionsManager().checkPermission(propertyClass, getUserId(), propertyId); - Context.getDataManager().linkObject(owner, ownerId, property, propertyId, link); + Context.getDataManager().linkObject(ownerClass, ownerId, propertyClass, propertyId, link); } - protected void linkNew(BaseModel entity) throws SQLException { - Context.getDataManager().linkObject("userId", getUserId(), - entity.getClass().getSimpleName(), entity.getId(), true); + protected void linkNewEntity(BaseModel entity) throws SQLException { + Context.getDataManager().linkObject(User.class, getUserId(), entity.getClass(), entity.getId(), true); } } diff --git a/src/org/traccar/api/resource/AttributeResource.java b/src/org/traccar/api/resource/AttributeResource.java index 63cdfb2a7..7e6947d26 100644 --- a/src/org/traccar/api/resource/AttributeResource.java +++ b/src/org/traccar/api/resource/AttributeResource.java @@ -87,7 +87,7 @@ public class AttributeResource extends BaseResource { private Response add(Attribute entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getAttributesManager().addItem(entity); - linkNew(entity); + linkNewEntity(entity); Context.getAttributesManager().refreshUserItems(); return Response.ok(entity).build(); } @@ -128,7 +128,7 @@ public class AttributeResource extends BaseResource { @PUT public Response update(Attribute entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Attribute.class, getUserId(), entity.getId()); Context.getAttributesManager().updateItem(entity); return Response.ok(entity).build(); } @@ -137,7 +137,7 @@ public class AttributeResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_ATTRIBUTE, getUserId(), id); + Context.getPermissionsManager().checkPermission(Attribute.class, getUserId(), id); Context.getAttributesManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/CalendarResource.java b/src/org/traccar/api/resource/CalendarResource.java index d29080ee2..30f5df6b8 100644 --- a/src/org/traccar/api/resource/CalendarResource.java +++ b/src/org/traccar/api/resource/CalendarResource.java @@ -66,7 +66,7 @@ public class CalendarResource extends BaseResource { public Response add(Calendar entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getCalendarManager().addItem(entity); - linkNew(entity); + linkNewEntity(entity); Context.getCalendarManager().refreshUserItems(); return Response.ok(entity).build(); } @@ -75,7 +75,7 @@ public class CalendarResource extends BaseResource { @PUT public Response update(Calendar entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(), entity.getId()); Context.getCalendarManager().updateItem(entity); return Response.ok(entity).build(); } @@ -84,7 +84,7 @@ public class CalendarResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_CALENDAR, getUserId(), id); + Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(), id); Context.getCalendarManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index 285ed6a31..e1c0fc96d 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -77,7 +77,7 @@ public class DeviceResource extends BaseResource { Context.getPermissionsManager().checkDeviceReadonly(getUserId()); Context.getPermissionsManager().checkDeviceLimit(getUserId()); Context.getDeviceManager().addDevice(entity); - linkNew(entity); + linkNewEntity(entity); Context.getPermissionsManager().refreshPermissions(); Context.getPermissionsManager().refreshAllExtendedPermissions(); return Response.ok(entity).build(); diff --git a/src/org/traccar/api/resource/DriverResource.java b/src/org/traccar/api/resource/DriverResource.java index b528a197a..cf80bf7df 100644 --- a/src/org/traccar/api/resource/DriverResource.java +++ b/src/org/traccar/api/resource/DriverResource.java @@ -86,7 +86,7 @@ public class DriverResource extends BaseResource { public Response add(Driver entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getDriversManager().addItem(entity); - linkNew(entity); + linkNewEntity(entity); Context.getDriversManager().refreshUserItems(); return Response.ok(entity).build(); } @@ -95,7 +95,7 @@ public class DriverResource extends BaseResource { @PUT public Response update(Driver entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Driver.class, getUserId(), entity.getId()); Context.getDriversManager().updateItem(entity); return Response.ok(entity).build(); } @@ -104,7 +104,7 @@ public class DriverResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_DRIVER, getUserId(), id); + Context.getPermissionsManager().checkPermission(Driver.class, getUserId(), id); Context.getDriversManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java index 85f981514..b7fda6f73 100644 --- a/src/org/traccar/api/resource/EventResource.java +++ b/src/org/traccar/api/resource/EventResource.java @@ -12,6 +12,7 @@ import javax.ws.rs.core.MediaType; import org.traccar.Context; import org.traccar.api.BaseResource; import org.traccar.model.Event; +import org.traccar.model.Geofence; @Path("events") @Produces(MediaType.APPLICATION_JSON) @@ -25,7 +26,7 @@ public class EventResource extends BaseResource { Event event = Context.getDataManager().getEvent(id); Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId()); if (event.getGeofenceId() != 0) { - Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), event.getGeofenceId()); + Context.getPermissionsManager().checkPermission(Geofence.class, getUserId(), event.getGeofenceId()); } return event; } diff --git a/src/org/traccar/api/resource/GeofenceResource.java b/src/org/traccar/api/resource/GeofenceResource.java index c9cc72bd7..341180cf8 100644 --- a/src/org/traccar/api/resource/GeofenceResource.java +++ b/src/org/traccar/api/resource/GeofenceResource.java @@ -85,7 +85,7 @@ public class GeofenceResource extends BaseResource { public Response add(Geofence entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getGeofenceManager().addItem(entity); - linkNew(entity); + linkNewEntity(entity); Context.getGeofenceManager().refreshUserItems(); return Response.ok(entity).build(); } @@ -94,7 +94,7 @@ public class GeofenceResource extends BaseResource { @PUT public Response update(Geofence entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), entity.getId()); + Context.getPermissionsManager().checkPermission(Geofence.class, getUserId(), entity.getId()); Context.getGeofenceManager().updateItem(entity); return Response.ok(entity).build(); } @@ -103,7 +103,7 @@ public class GeofenceResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); - Context.getPermissionsManager().checkPermission(Context.TYPE_GEOFENCE, getUserId(), id); + Context.getPermissionsManager().checkPermission(Geofence.class, getUserId(), id); Context.getGeofenceManager().removeItem(id); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java index 5d575ebfe..2ecd11fe5 100644 --- a/src/org/traccar/api/resource/GroupResource.java +++ b/src/org/traccar/api/resource/GroupResource.java @@ -61,7 +61,7 @@ public class GroupResource extends BaseResource { public Response add(Group entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); Context.getDeviceManager().addGroup(entity); - linkNew(entity); + linkNewEntity(entity); Context.getPermissionsManager().refreshPermissions(); Context.getPermissionsManager().refreshAllExtendedPermissions(); return Response.ok(entity).build(); diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java index 707242cf1..515efbe41 100644 --- a/src/org/traccar/api/resource/PermissionsResource.java +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -17,7 +17,7 @@ package org.traccar.api.resource; import java.sql.SQLException; -import java.util.Map; +import java.util.LinkedHashMap; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -36,17 +36,17 @@ import org.traccar.api.BaseResource; public class PermissionsResource extends BaseResource { @POST - public Response add(Map entity) throws SQLException { + public Response add(LinkedHashMap entity) throws SQLException, ClassNotFoundException { Context.getPermissionsManager().checkReadonly(getUserId()); - handlePermission(entity, true); + checkAndLinkPermission(entity, true); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); } @DELETE - public Response remove(Map entity) throws SQLException { + public Response remove(LinkedHashMap entity) throws SQLException, ClassNotFoundException { Context.getPermissionsManager().checkReadonly(getUserId()); - handlePermission(entity, false); + checkAndLinkPermission(entity, false); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); } diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index e710c940d..98395e3cc 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -17,6 +17,7 @@ package org.traccar.api.resource; import org.traccar.Context; import org.traccar.api.BaseResource; +import org.traccar.model.ManagedUser; import org.traccar.model.User; import javax.annotation.security.PermitAll; @@ -74,7 +75,7 @@ public class UserResource extends BaseResource { } Context.getPermissionsManager().addUser(entity); if (Context.getPermissionsManager().isManager(getUserId())) { - Context.getDataManager().linkObject("userId", getUserId(), "managedUserId", entity.getId(), true); + Context.getDataManager().linkObject(User.class, getUserId(), ManagedUser.class, entity.getId(), true); } Context.getPermissionsManager().refreshUserPermissions(); if (Context.getNotificationManager() != null) { diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index 3bb367ece..80b9f98e9 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -268,17 +268,19 @@ public class DataManager { .executeUpdate()); } - public static String makeName(String object) { - return object.substring(0, 1).toUpperCase() + object.replace("Id", "").substring(1); + public static Class getClassByName(String name) throws ClassNotFoundException { + return Class.forName("org.traccar.model." + + name.substring(0, 1).toUpperCase() + name.replace("Id", "").substring(1)); } - public static String makeNameId(String object) { - return object.substring(0, 1).toLowerCase() + object.substring(1) + (object.indexOf("Id") == -1 ? "Id" : ""); + public static String makeNameId(Class clazz) { + String name = clazz.getSimpleName(); + return name.substring(0, 1).toLowerCase() + name.substring(1) + (name.indexOf("Id") == -1 ? "Id" : ""); } - public void linkObject(String owner, long ownerId, String property, long propertyId, - boolean link) throws SQLException { - String query = "database." + (!link ? "un" : "") + "link" + makeName(owner) + makeName(property); + public void linkObject(Class owner, long ownerId, Class property, long propertyId, boolean link) + throws SQLException { + String query = "database." + (link ? "link" : "unlink") + owner.getSimpleName() + property.getSimpleName(); QueryBuilder queryBuilder = QueryBuilder.create(dataSource, getQuery(query)); queryBuilder.setLong(makeNameId(owner), ownerId); @@ -291,8 +293,9 @@ public class DataManager { return QueryBuilder.create(dataSource, getQuery(query)).executeQuery(clazz); } - public Collection> getPermissions(String owner, String property) throws SQLException { - String query = "database.select" + makeName(owner) + makeName(property) + "s"; + public Collection> getPermissions(Class owner, + Class property) throws SQLException { + String query = "database.select" + owner.getSimpleName() + property.getSimpleName() + "s"; return QueryBuilder.create(dataSource, getQuery(query)).executeMapQuery(Long.class); } diff --git a/src/org/traccar/database/DriversManager.java b/src/org/traccar/database/DriversManager.java index 8c35f3ddf..0dc2b102d 100644 --- a/src/org/traccar/database/DriversManager.java +++ b/src/org/traccar/database/DriversManager.java @@ -73,7 +73,7 @@ public class DriversManager extends ExtendedObjectManager { @Override public void removeItem(long driverId) throws SQLException { Driver cachedDriver = (Driver) getById(driverId); - getDataManager().removeObject(cachedDriver.getClass(), driverId); + getDataManager().removeObject(Driver.class, driverId); if (cachedDriver != null) { String driverUniqueId = cachedDriver.getUniqueId(); removeCachedItem(driverId); diff --git a/src/org/traccar/database/ExtendedObjectManager.java b/src/org/traccar/database/ExtendedObjectManager.java index fce32fb41..8380b9da2 100644 --- a/src/org/traccar/database/ExtendedObjectManager.java +++ b/src/org/traccar/database/ExtendedObjectManager.java @@ -26,6 +26,7 @@ import java.util.concurrent.ConcurrentHashMap; import org.traccar.Context; import org.traccar.helper.Log; import org.traccar.model.Device; +import org.traccar.model.Group; import org.traccar.model.BaseModel; public abstract class ExtendedObjectManager extends SimpleObjectManager { @@ -79,23 +80,26 @@ public abstract class ExtendedObjectManager extends SimpleObjectManager { try { Collection> databaseGroupPermissions = - getDataManager().getPermissions("Group", getBaseClassName()); + getDataManager().getPermissions(Group.class, getBaseClass()); clearGroupItems(); for (Map groupPermission : databaseGroupPermissions) { - getGroupItems(groupPermission.get("groupId")).add(groupPermission.get(getBaseClassIdName())); + getGroupItems(groupPermission.get(DataManager.makeNameId(Group.class))) + .add(groupPermission.get(getBaseClassIdName())); } Collection> databaseDevicePermissions = - getDataManager().getPermissions("Device", getBaseClassName()); + getDataManager().getPermissions(Device.class, getBaseClass()); Collection allDevices = Context.getDeviceManager().getAllDevices(); clearDeviceItems(); deviceItemsWithGroups.clear(); for (Map devicePermission : databaseDevicePermissions) { - getDeviceItems(devicePermission.get("deviceId")).add(devicePermission.get(getBaseClassIdName())); - getAllDeviceItems(devicePermission.get("deviceId")).add(devicePermission.get(getBaseClassIdName())); + getDeviceItems(devicePermission.get(DataManager.makeNameId(Device.class))) + .add(devicePermission.get(getBaseClassIdName())); + getAllDeviceItems(devicePermission.get(DataManager.makeNameId(Device.class))) + .add(devicePermission.get(getBaseClassIdName())); } for (Device device : allDevices) { diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 56a12e941..4008134ec 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -17,8 +17,13 @@ package org.traccar.database; import org.traccar.Context; import org.traccar.helper.Log; +import org.traccar.model.Attribute; +import org.traccar.model.Calendar; import org.traccar.model.Device; +import org.traccar.model.Driver; +import org.traccar.model.Geofence; import org.traccar.model.Group; +import org.traccar.model.ManagedUser; import org.traccar.model.Server; import org.traccar.model.User; @@ -109,8 +114,9 @@ public class PermissionsManager { public final void refreshUserPermissions() { userPermissions.clear(); try { - for (Map permission : dataManager.getPermissions("User", "Permission")) { - getUserPermissions(permission.get("userId")).add(permission.get("managedUserId")); + for (Map permission : dataManager.getPermissions(User.class, User.class)) { + getUserPermissions(permission.get(DataManager.makeNameId(User.class))) + .add(permission.get(DataManager.makeNameId(ManagedUser.class))); } } catch (SQLException error) { Log.warning(error); @@ -123,20 +129,23 @@ public class PermissionsManager { try { GroupTree groupTree = new GroupTree(Context.getDeviceManager().getAllGroups(), Context.getDeviceManager().getAllDevices()); - for (Map groupPermission : dataManager.getPermissions("Group", "Permission")) { - Set userGroupPermissions = getGroupPermissions(groupPermission.get("userId")); - Set userDevicePermissions = getDevicePermissions(groupPermission.get("userId")); - userGroupPermissions.add(groupPermission.get("groupId")); - for (Group group : groupTree.getGroups(groupPermission.get("groupId"))) { + for (Map groupPermission : dataManager.getPermissions(User.class, Group.class)) { + Set userGroupPermissions = getGroupPermissions(groupPermission + .get(DataManager.makeNameId(User.class))); + Set userDevicePermissions = getDevicePermissions(groupPermission + .get(DataManager.makeNameId(User.class))); + userGroupPermissions.add(groupPermission.get(DataManager.makeNameId(Group.class))); + for (Group group : groupTree.getGroups(groupPermission.get(DataManager.makeNameId(Group.class)))) { userGroupPermissions.add(group.getId()); } - for (Device device : groupTree.getDevices(groupPermission.get("groupId"))) { + for (Device device : groupTree.getDevices(groupPermission.get(DataManager.makeNameId(Group.class)))) { userDevicePermissions.add(device.getId()); } } - for (Map devicePermission : dataManager.getPermissions("Device", "Permission")) { - getDevicePermissions(devicePermission.get("userId")).add(devicePermission.get("deviceId")); + for (Map devicePermission : dataManager.getPermissions(User.class, Device.class)) { + getDevicePermissions(devicePermission.get(DataManager.makeNameId(User.class))) + .add(devicePermission.get(DataManager.makeNameId(Device.class))); } groupDevices.clear(); @@ -296,33 +305,26 @@ public class PermissionsManager { } } - public void checkPermission(String object, long userId, long objectId) throws SecurityException { + public void checkPermission(Class object, long userId, long objectId) + throws SecurityException { SimpleObjectManager manager = null; - switch (DataManager.makeName(object)) { - case Context.TYPE_DEVICE: - checkDevice(userId, objectId); - break; - case Context.TYPE_GROUP: - checkGroup(userId, objectId); - break; - case Context.TYPE_USER: - checkUser(userId, objectId); - break; - case Context.TYPE_GEOFENCE: - manager = Context.getGeofenceManager(); - break; - case Context.TYPE_ATTRIBUTE: - manager = Context.getAttributesManager(); - break; - case Context.TYPE_DRIVER: - manager = Context.getDriversManager(); - break; - case Context.TYPE_CALENDAR: - manager = Context.getCalendarManager(); - break; - default: - throw new IllegalArgumentException("Unknown object type"); + if (object.equals(Device.class)) { + checkDevice(userId, objectId); + } else if (object.equals(Group.class)) { + checkGroup(userId, objectId); + } else if (object.equals(User.class) || object.equals(ManagedUser.class)) { + checkUser(userId, objectId); + } else if (object.equals(Geofence.class)) { + manager = Context.getGeofenceManager(); + } else if (object.equals(Attribute.class)) { + manager = Context.getAttributesManager(); + } else if (object.equals(Driver.class)) { + manager = Context.getDriversManager(); + } else if (object.equals(Calendar.class)) { + manager = Context.getCalendarManager(); + } else { + throw new IllegalArgumentException("Unknown object type"); } if (manager != null) { @@ -347,31 +349,33 @@ public class PermissionsManager { } public void refreshPermissions(Map entity) { - if (entity.containsKey("userId")) { - if (entity.containsKey("deviceId") || entity.containsKey("groupId")) { + if (entity.containsKey(DataManager.makeNameId(User.class))) { + if (entity.containsKey(DataManager.makeNameId(Device.class)) + || entity.containsKey(DataManager.makeNameId(Group.class))) { refreshPermissions(); refreshAllExtendedPermissions(); - } else if (entity.containsKey("managedUserId")) { + } else if (entity.containsKey(DataManager.makeNameId(ManagedUser.class))) { refreshUserPermissions(); - } else if (entity.containsKey("geofenceId")) { + } else if (entity.containsKey(DataManager.makeNameId(Geofence.class))) { if (Context.getGeofenceManager() != null) { Context.getGeofenceManager().refreshUserItems(); } - } else if (entity.containsKey("driverId")) { + } else if (entity.containsKey(DataManager.makeNameId(Driver.class))) { Context.getDriversManager().refreshUserItems(); - } else if (entity.containsKey("attributeId")) { + } else if (entity.containsKey(DataManager.makeNameId(Attribute.class))) { Context.getAttributesManager().refreshUserItems(); - } else if (entity.containsKey("calendarId")) { + } else if (entity.containsKey(DataManager.makeNameId(Calendar.class))) { Context.getCalendarManager().refreshUserItems(); } - } else if (entity.containsKey("deviceId") || entity.containsKey("groupId")) { - if (entity.containsKey("geofenceId")) { + } else if (entity.containsKey(DataManager.makeNameId(Device.class)) + || entity.containsKey(DataManager.makeNameId(Group.class))) { + if (entity.containsKey(DataManager.makeNameId(Geofence.class))) { if (Context.getGeofenceManager() != null) { Context.getGeofenceManager().refreshExtendedPermissions(); } - } else if (entity.containsKey("driverId")) { + } else if (entity.containsKey(DataManager.makeNameId(Driver.class))) { Context.getDriversManager().refreshExtendedPermissions(); - } else if (entity.containsKey("attributeId")) { + } else if (entity.containsKey(DataManager.makeNameId(Attribute.class))) { Context.getAttributesManager().refreshExtendedPermissions(); } } diff --git a/src/org/traccar/database/SimpleObjectManager.java b/src/org/traccar/database/SimpleObjectManager.java index c4fc0e97a..0db8af658 100644 --- a/src/org/traccar/database/SimpleObjectManager.java +++ b/src/org/traccar/database/SimpleObjectManager.java @@ -27,6 +27,7 @@ import java.util.concurrent.ConcurrentHashMap; import org.traccar.Context; import org.traccar.helper.Log; import org.traccar.model.BaseModel; +import org.traccar.model.User; public abstract class SimpleObjectManager { @@ -36,14 +37,12 @@ public abstract class SimpleObjectManager { private final Map> userItems = new ConcurrentHashMap<>(); private Class baseClass; - private String baseClassName; private String baseClassIdName; protected SimpleObjectManager(DataManager dataManager, Class baseClass) { this.dataManager = dataManager; this.baseClass = baseClass; - baseClassName = baseClass.getSimpleName(); - baseClassIdName = baseClassName.substring(0, 1).toLowerCase() + baseClassName.substring(1) + "Id"; + baseClassIdName = DataManager.makeNameId(baseClass); } protected final DataManager getDataManager() { @@ -54,10 +53,6 @@ public abstract class SimpleObjectManager { return baseClass; } - protected final String getBaseClassName() { - return baseClassName; - } - protected final String getBaseClassIdName() { return baseClassIdName; } @@ -111,8 +106,9 @@ public abstract class SimpleObjectManager { if (dataManager != null) { try { clearUserItems(); - for (Map permission : dataManager.getPermissions(baseClassName, "Permission")) { - getUserItems(permission.get("userId")).add(permission.get(baseClassIdName)); + for (Map permission : dataManager.getPermissions(User.class, baseClass)) { + getUserItems(permission.get(DataManager.makeNameId(User.class))) + .add(permission.get(baseClassIdName)); } } catch (SQLException error) { Log.warning(error); @@ -133,7 +129,7 @@ public abstract class SimpleObjectManager { public void removeItem(long itemId) throws SQLException { BaseModel item = getById(itemId); if (item != null) { - dataManager.removeObject(item.getClass(), itemId); + dataManager.removeObject(baseClass, itemId); removeCachedItem(itemId); } refreshUserItems(); diff --git a/src/org/traccar/model/ManagedUser.java b/src/org/traccar/model/ManagedUser.java new file mode 100644 index 000000000..03c5ef48d --- /dev/null +++ b/src/org/traccar/model/ManagedUser.java @@ -0,0 +1,21 @@ +/* + * Copyright 2017 Anton Tananaev (anton@traccar.org) + * Copyright 2017 Andrey Kunitsyn (andrey@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.model; + +public class ManagedUser extends User { + +} -- cgit v1.2.3 From 4cb47c38af63696470acdc91d7b7d01512f6b2e7 Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Sat, 22 Jul 2017 11:16:14 +0500 Subject: - Add Permission helper Class - Reorganize permission check and link - Optimize calendar retrieving --- src/org/traccar/api/BaseResource.java | 30 ------------ src/org/traccar/api/resource/DeviceResource.java | 2 +- src/org/traccar/api/resource/GroupResource.java | 2 +- .../traccar/api/resource/PermissionsResource.java | 29 ++++++++++- src/org/traccar/events/GeofenceEventHandler.java | 16 +++--- src/org/traccar/model/Permission.java | 57 ++++++++++++++++++++++ 6 files changed, 96 insertions(+), 40 deletions(-) create mode 100644 src/org/traccar/model/Permission.java (limited to 'src/org/traccar/api/resource/PermissionsResource.java') diff --git a/src/org/traccar/api/BaseResource.java b/src/org/traccar/api/BaseResource.java index 920bb3931..502591efe 100644 --- a/src/org/traccar/api/BaseResource.java +++ b/src/org/traccar/api/BaseResource.java @@ -16,15 +16,11 @@ package org.traccar.api; import java.sql.SQLException; -import java.util.Iterator; -import java.util.LinkedHashMap; import javax.ws.rs.core.SecurityContext; import org.traccar.Context; -import org.traccar.database.DataManager; import org.traccar.model.BaseModel; -import org.traccar.model.Device; import org.traccar.model.User; public class BaseResource { @@ -40,32 +36,6 @@ public class BaseResource { return 0; } - protected void checkAndLinkPermission(LinkedHashMap entity, boolean link) - throws SQLException, ClassNotFoundException { - Iterator iterator = entity.keySet().iterator(); - String owner = iterator.next(); - Class ownerClass = DataManager.getClassByName(owner); - String property = iterator.next(); - Class propertyClass = DataManager.getClassByName(property); - - long ownerId = entity.get(owner); - long propertyId = entity.get(property); - - if (!link && ownerClass.equals(User.class) - && propertyClass.equals(Device.class)) { - if (getUserId() != ownerId) { - Context.getPermissionsManager().checkUser(getUserId(), ownerId); - } else { - Context.getPermissionsManager().checkAdmin(getUserId()); - } - } else { - Context.getPermissionsManager().checkPermission(ownerClass, getUserId(), ownerId); - } - Context.getPermissionsManager().checkPermission(propertyClass, getUserId(), propertyId); - - Context.getDataManager().linkObject(ownerClass, ownerId, propertyClass, propertyId, link); - } - protected void linkNewEntity(BaseModel entity) throws SQLException { Context.getDataManager().linkObject(User.class, getUserId(), entity.getClass(), entity.getId(), true); } diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java index e1c0fc96d..0d6e4f09c 100644 --- a/src/org/traccar/api/resource/DeviceResource.java +++ b/src/org/traccar/api/resource/DeviceResource.java @@ -95,7 +95,7 @@ public class DeviceResource extends BaseResource { return Response.ok(entity).build(); } - @Path("{id : \\d+}") + @Path("{id}") @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java index 2ecd11fe5..402e687e6 100644 --- a/src/org/traccar/api/resource/GroupResource.java +++ b/src/org/traccar/api/resource/GroupResource.java @@ -77,7 +77,7 @@ public class GroupResource extends BaseResource { return Response.ok(entity).build(); } - @Path("{id : \\d+}") + @Path("{id}") @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java index 515efbe41..88fd9d092 100644 --- a/src/org/traccar/api/resource/PermissionsResource.java +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -29,16 +29,38 @@ import javax.ws.rs.core.Response; import org.traccar.Context; import org.traccar.api.BaseResource; +import org.traccar.model.Device; +import org.traccar.model.Permission; +import org.traccar.model.User; @Path("permissions") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public class PermissionsResource extends BaseResource { + private void checkPermission(Permission permission, boolean link) { + if (!link && permission.getOwnerClass().equals(User.class) + && permission.getPropertyClass().equals(Device.class)) { + if (getUserId() != permission.getOwnerId()) { + Context.getPermissionsManager().checkUser(getUserId(), permission.getOwnerId()); + } else { + Context.getPermissionsManager().checkAdmin(getUserId()); + } + } else { + Context.getPermissionsManager().checkPermission( + permission.getOwnerClass(), getUserId(), permission.getOwnerId()); + } + Context.getPermissionsManager().checkPermission( + permission.getPropertyClass(), getUserId(), permission.getPropertyId()); + } + @POST public Response add(LinkedHashMap entity) throws SQLException, ClassNotFoundException { Context.getPermissionsManager().checkReadonly(getUserId()); - checkAndLinkPermission(entity, true); + Permission permission = new Permission(entity); + checkPermission(permission, true); + Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), + permission.getPropertyClass(), permission.getPropertyId(), true); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); } @@ -46,7 +68,10 @@ public class PermissionsResource extends BaseResource { @DELETE public Response remove(LinkedHashMap entity) throws SQLException, ClassNotFoundException { Context.getPermissionsManager().checkReadonly(getUserId()); - checkAndLinkPermission(entity, false); + Permission permission = new Permission(entity); + checkPermission(permission, false); + Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), + permission.getPropertyClass(), permission.getPropertyId(), false); Context.getPermissionsManager().refreshPermissions(entity); return Response.noContent().build(); } diff --git a/src/org/traccar/events/GeofenceEventHandler.java b/src/org/traccar/events/GeofenceEventHandler.java index cdac7993f..089d1e0ef 100644 --- a/src/org/traccar/events/GeofenceEventHandler.java +++ b/src/org/traccar/events/GeofenceEventHandler.java @@ -60,9 +60,11 @@ public class GeofenceEventHandler extends BaseEventHandler { Collection events = new ArrayList<>(); for (long geofenceId : newGeofences) { long calendarId = ((Geofence) geofenceManager.getById(geofenceId)).getCalendarId(); - if (calendarId == 0 || Context.getCalendarManager().getById(calendarId) == null - || ((Calendar) Context.getCalendarManager().getById(calendarId)) - .checkMoment(position.getFixTime())) { + Calendar calendar = null; + if (calendarId != 0) { + calendar = (Calendar) Context.getCalendarManager().getById(calendarId); + } + if (calendar == null || calendar.checkMoment(position.getFixTime())) { Event event = new Event(Event.TYPE_GEOFENCE_ENTER, position.getDeviceId(), position.getId()); event.setGeofenceId(geofenceId); events.add(event); @@ -70,9 +72,11 @@ public class GeofenceEventHandler extends BaseEventHandler { } for (long geofenceId : oldGeofences) { long calendarId = ((Geofence) geofenceManager.getById(geofenceId)).getCalendarId(); - if (calendarId == 0 || Context.getCalendarManager().getById(calendarId) == null - || ((Calendar) Context.getCalendarManager().getById(calendarId)) - .checkMoment(position.getFixTime())) { + Calendar calendar = null; + if (calendarId != 0) { + calendar = (Calendar) Context.getCalendarManager().getById(calendarId); + } + if (calendar == null || calendar.checkMoment(position.getFixTime())) { Event event = new Event(Event.TYPE_GEOFENCE_EXIT, position.getDeviceId(), position.getId()); event.setGeofenceId(geofenceId); events.add(event); diff --git a/src/org/traccar/model/Permission.java b/src/org/traccar/model/Permission.java new file mode 100644 index 000000000..1006b1c47 --- /dev/null +++ b/src/org/traccar/model/Permission.java @@ -0,0 +1,57 @@ +/* + * Copyright 2017 Anton Tananaev (anton@traccar.org) + * Copyright 2017 Andrey Kunitsyn (andrey@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.model; + +import java.util.Iterator; +import java.util.LinkedHashMap; +import java.util.Map; + +import org.traccar.database.DataManager; + +public class Permission { + + private Class ownerClass; + private long ownerId; + private Class propertyClass; + private long propertyId; + + public Permission(LinkedHashMap permissionMap) throws ClassNotFoundException { + Iterator> iterator = permissionMap.entrySet().iterator(); + String owner = iterator.next().getKey(); + ownerClass = DataManager.getClassByName(owner); + String property = iterator.next().getKey(); + propertyClass = DataManager.getClassByName(property); + ownerId = permissionMap.get(owner); + propertyId = permissionMap.get(property); + } + + public Class getOwnerClass() { + return ownerClass; + } + + public long getOwnerId() { + return ownerId; + } + + public Class getPropertyClass() { + return propertyClass; + } + + public long getPropertyId() { + return propertyId; + } +} -- cgit v1.2.3 From d2a2ce5d05572caadf13627d3e6c3767ad68688f Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Sun, 23 Jul 2017 08:32:55 +0500 Subject: Use Permission object instead of Map --- .../traccar/api/resource/PermissionsResource.java | 4 +-- .../traccar/database/ExtendedObjectManager.java | 3 +-- src/org/traccar/database/PermissionsManager.java | 29 +++++++++++----------- 3 files changed, 18 insertions(+), 18 deletions(-) (limited to 'src/org/traccar/api/resource/PermissionsResource.java') diff --git a/src/org/traccar/api/resource/PermissionsResource.java b/src/org/traccar/api/resource/PermissionsResource.java index 88fd9d092..9b9f65ad1 100644 --- a/src/org/traccar/api/resource/PermissionsResource.java +++ b/src/org/traccar/api/resource/PermissionsResource.java @@ -61,7 +61,7 @@ public class PermissionsResource extends BaseResource { checkPermission(permission, true); Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), permission.getPropertyClass(), permission.getPropertyId(), true); - Context.getPermissionsManager().refreshPermissions(entity); + Context.getPermissionsManager().refreshPermissions(permission); return Response.noContent().build(); } @@ -72,7 +72,7 @@ public class PermissionsResource extends BaseResource { checkPermission(permission, false); Context.getDataManager().linkObject(permission.getOwnerClass(), permission.getOwnerId(), permission.getPropertyClass(), permission.getPropertyId(), false); - Context.getPermissionsManager().refreshPermissions(entity); + Context.getPermissionsManager().refreshPermissions(permission); return Response.noContent().build(); } diff --git a/src/org/traccar/database/ExtendedObjectManager.java b/src/org/traccar/database/ExtendedObjectManager.java index 8380b9da2..483c3a09e 100644 --- a/src/org/traccar/database/ExtendedObjectManager.java +++ b/src/org/traccar/database/ExtendedObjectManager.java @@ -35,8 +35,7 @@ public abstract class ExtendedObjectManager extends SimpleObjectManager { private final Map> deviceItemsWithGroups = new ConcurrentHashMap<>(); private final Map> groupItems = new ConcurrentHashMap<>(); - protected ExtendedObjectManager(DataManager dataManager, - Class baseClass) { + protected ExtendedObjectManager(DataManager dataManager, Class baseClass) { super(dataManager, baseClass); } diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 4008134ec..8aa0dc9d7 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -24,6 +24,7 @@ import org.traccar.model.Driver; import org.traccar.model.Geofence; import org.traccar.model.Group; import org.traccar.model.ManagedUser; +import org.traccar.model.Permission; import org.traccar.model.Server; import org.traccar.model.User; @@ -348,34 +349,34 @@ public class PermissionsManager { Context.getAttributesManager().refreshExtendedPermissions(); } - public void refreshPermissions(Map entity) { - if (entity.containsKey(DataManager.makeNameId(User.class))) { - if (entity.containsKey(DataManager.makeNameId(Device.class)) - || entity.containsKey(DataManager.makeNameId(Group.class))) { + public void refreshPermissions(Permission permission) { + if (permission.getOwnerClass().equals(User.class)) { + if (permission.getPropertyClass().equals(Device.class) + || permission.getPropertyClass().equals(Group.class)) { refreshPermissions(); refreshAllExtendedPermissions(); - } else if (entity.containsKey(DataManager.makeNameId(ManagedUser.class))) { + } else if (permission.getPropertyClass().equals(ManagedUser.class)) { refreshUserPermissions(); - } else if (entity.containsKey(DataManager.makeNameId(Geofence.class))) { + } else if (permission.getPropertyClass().equals(Geofence.class)) { if (Context.getGeofenceManager() != null) { Context.getGeofenceManager().refreshUserItems(); } - } else if (entity.containsKey(DataManager.makeNameId(Driver.class))) { + } else if (permission.getPropertyClass().equals(Driver.class)) { Context.getDriversManager().refreshUserItems(); - } else if (entity.containsKey(DataManager.makeNameId(Attribute.class))) { + } else if (permission.getPropertyClass().equals(Attribute.class)) { Context.getAttributesManager().refreshUserItems(); - } else if (entity.containsKey(DataManager.makeNameId(Calendar.class))) { + } else if (permission.getPropertyClass().equals(Calendar.class)) { Context.getCalendarManager().refreshUserItems(); } - } else if (entity.containsKey(DataManager.makeNameId(Device.class)) - || entity.containsKey(DataManager.makeNameId(Group.class))) { - if (entity.containsKey(DataManager.makeNameId(Geofence.class))) { + } else if (permission.getOwnerClass().equals(Device.class) + || permission.getOwnerClass().equals(Group.class)) { + if (permission.getPropertyClass().equals(Geofence.class)) { if (Context.getGeofenceManager() != null) { Context.getGeofenceManager().refreshExtendedPermissions(); } - } else if (entity.containsKey(DataManager.makeNameId(Driver.class))) { + } else if (permission.getPropertyClass().equals(Driver.class)) { Context.getDriversManager().refreshExtendedPermissions(); - } else if (entity.containsKey(DataManager.makeNameId(Attribute.class))) { + } else if (permission.getPropertyClass().equals(Attribute.class)) { Context.getAttributesManager().refreshExtendedPermissions(); } } -- cgit v1.2.3