From cffbce4b3bc5ef817c4063a74f148a2a5986d58a Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Fri, 13 Jan 2017 09:26:52 +0500 Subject: Initial manager implementation --- src/org/traccar/database/CalendarManager.java | 14 ++- src/org/traccar/database/DataManager.java | 22 +++- src/org/traccar/database/DeviceManager.java | 20 +++- src/org/traccar/database/GeofenceManager.java | 11 +- src/org/traccar/database/PermissionsManager.java | 134 ++++++++++++++++++++--- 5 files changed, 183 insertions(+), 18 deletions(-) (limited to 'src/org/traccar/database') diff --git a/src/org/traccar/database/CalendarManager.java b/src/org/traccar/database/CalendarManager.java index 3e95f6698..d755bd396 100644 --- a/src/org/traccar/database/CalendarManager.java +++ b/src/org/traccar/database/CalendarManager.java @@ -1,6 +1,6 @@ /* - * Copyright 2016 Anton Tananaev (anton@traccar.org) - * Copyright 2016 Andrey Kunitsyn (andrey@traccar.org) + * Copyright 2016 - 2017 Anton Tananaev (anton@traccar.org) + * Copyright 2016 - 2017 Andrey Kunitsyn (andrey@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +24,7 @@ import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; +import org.traccar.Context; import org.traccar.helper.Log; import org.traccar.model.Calendar; import org.traccar.model.CalendarPermission; @@ -69,6 +70,15 @@ public class CalendarManager { return result; } + public Collection getManagedCalendars(long userId) { + ArrayList result = new ArrayList<>(); + result.addAll(getUserCalendars(userId)); + for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + result.addAll(getUserCalendars(otherUserId)); + } + return result; + } + public final void refreshUserCalendars() { if (dataManager != null) { try { diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index 278109229..2dea7ef40 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2012 - 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2012 - 2017 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,6 +51,7 @@ import org.traccar.model.Position; import org.traccar.model.Server; import org.traccar.model.Statistics; import org.traccar.model.User; +import org.traccar.model.UserPermission; import org.traccar.model.DeviceGeofence; import org.traccar.model.GeofencePermission; @@ -527,4 +528,23 @@ public class DataManager { .setLong("calendarId", calendarId) .executeUpdate(); } + + public Collection getUserPermissions() throws SQLException { + return QueryBuilder.create(dataSource, getQuery("database.selectUserPermissions")) + .executeQuery(UserPermission.class); + } + + public void linkUser(long userId, long otherUserId) throws SQLException { + QueryBuilder.create(dataSource, getQuery("database.linkUser")) + .setLong("userId", userId) + .setLong("otherUserId", otherUserId) + .executeUpdate(); + } + + public void unlinkUser(long userId, long otherUserId) throws SQLException { + QueryBuilder.create(dataSource, getQuery("database.unlinkUser")) + .setLong("userId", userId) + .setLong("otherUserId", otherUserId) + .executeUpdate(); + } } diff --git a/src/org/traccar/database/DeviceManager.java b/src/org/traccar/database/DeviceManager.java index c70e67231..bcb3185ca 100644 --- a/src/org/traccar/database/DeviceManager.java +++ b/src/org/traccar/database/DeviceManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2016 - 2017 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -160,6 +160,15 @@ public class DeviceManager implements IdentityManager { return devices; } + public Collection getManagedDevices(long userId) throws SQLException { + Collection devices = new ArrayList<>(); + devices.addAll(getDevices(userId)); + for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + devices.addAll(getDevices(otherUserId)); + } + return devices; + } + public void addDevice(Device device) throws SQLException { dataManager.addDevice(device); @@ -289,6 +298,15 @@ public class DeviceManager implements IdentityManager { return groups; } + public Collection getManagedGroups(long userId) throws SQLException { + Collection groups = new ArrayList<>(); + groups.addAll(getGroups(userId)); + for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + groups.addAll(getGroups(otherUserId)); + } + return groups; + } + private void checkGroupCycles(Group group) { Set groups = new HashSet<>(); while (group != null) { diff --git a/src/org/traccar/database/GeofenceManager.java b/src/org/traccar/database/GeofenceManager.java index e2e0c12d4..adc93aa29 100644 --- a/src/org/traccar/database/GeofenceManager.java +++ b/src/org/traccar/database/GeofenceManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2016 - 2017 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -242,6 +242,15 @@ public class GeofenceManager { } } + public final Set getManagedGeofencesIds(long userId) { + Set geofences = new HashSet<>(); + geofences.addAll(getUserGeofencesIds(userId)); + for (long otherUserId : Context.getPermissionsManager().getUserPermissions(userId)) { + geofences.addAll(getUserGeofencesIds(otherUserId)); + } + return geofences; + } + public final Collection getGeofences(Set geofencesIds) { geofencesLock.readLock().lock(); try { diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index 6c0610655..3c62f84c2 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2017 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,11 +23,14 @@ import org.traccar.model.Group; import org.traccar.model.GroupPermission; import org.traccar.model.Server; import org.traccar.model.User; +import org.traccar.model.UserPermission; import java.sql.SQLException; +import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; +import java.util.Iterator; import java.util.Map; import java.util.Objects; import java.util.Set; @@ -47,6 +50,8 @@ public class PermissionsManager { private final Map> deviceUsers = new HashMap<>(); private final Map> groupDevices = new HashMap<>(); + private final Map> userPermissions = new HashMap<>(); + public Set getGroupPermissions(long userId) { if (!groupPermissions.containsKey(userId)) { groupPermissions.put(userId, new HashSet()); @@ -75,10 +80,18 @@ public class PermissionsManager { return groupDevices.get(groupId); } + public Set getUserPermissions(long userId) { + if (!userPermissions.containsKey(userId)) { + userPermissions.put(userId, new HashSet()); + } + return userPermissions.get(userId); + } + public PermissionsManager(DataManager dataManager) { this.dataManager = dataManager; refreshUsers(); refreshPermissions(); + refreshUserPermissions(); } public final void refreshUsers() { @@ -97,6 +110,17 @@ public class PermissionsManager { } } + public final void refreshUserPermissions() { + userPermissions.clear(); + try { + for (UserPermission permission : dataManager.getUserPermissions()) { + getUserPermissions(permission.getUserId()).add(permission.getOtherUserId()); + } + } catch (SQLException error) { + Log.warning(error); + } + } + public final void refreshPermissions() { groupPermissions.clear(); devicePermissions.clear(); @@ -146,6 +170,39 @@ public class PermissionsManager { } } + public boolean isManager(long userId) { + return users.containsKey(userId) && users.get(userId).getUserLimit() > 0; + } + + public void checkManager(long userId) throws SecurityException { + if (!isManager(userId)) { + throw new SecurityException("Manager access required"); + } + } + + public void checkManager(long userId, long otherUserId) throws SecurityException { + checkManager(userId); + if (!userPermissions.get(userId).contains(otherUserId)) { + throw new SecurityException("User access denied"); + } + } + + public void checkUserLimit(long userId) throws SecurityException { + if (!isAdmin(userId) && userPermissions.get(userId).size() >= users.get(userId).getUserLimit()) { + throw new SecurityException("Manager user limit reached"); + } + } + + public void checkDeviceLimit(long userId) throws SecurityException { + int deviceLimit = users.get(userId).getDeviceLimit(); + if (deviceLimit != 0) { + int deviceCount = getDevicePermissions(userId).size(); + if (deviceCount >= deviceLimit) { + throw new SecurityException("User device limit reached"); + } + } + } + public boolean isReadonly(long userId) { return users.containsKey(userId) && users.get(userId).getReadonly(); } @@ -168,30 +225,52 @@ public class PermissionsManager { public void checkUserUpdate(long userId, User before, User after) throws SecurityException { if (before.getAdmin() != after.getAdmin() - || before.getReadonly() != after.getReadonly() - || before.getDisabled() != after.getDisabled() || before.getDeviceLimit() != after.getDeviceLimit() + || before.getUserLimit() != after.getUserLimit()) { + checkAdmin(userId); + } + if (before.getReadonly() != after.getReadonly() + || before.getDisabled() != after.getDisabled() || !Objects.equals(before.getExpirationTime(), after.getExpirationTime()) || !Objects.equals(before.getToken(), after.getToken())) { - checkAdmin(userId); + if (userId == after.getId()) { + checkAdmin(userId); + } + if (!isAdmin(userId)) { + checkManager(userId); + } } } public void checkUser(long userId, long otherUserId) throws SecurityException { - if (userId != otherUserId) { - checkAdmin(userId); + if (userId != otherUserId && !isAdmin(userId)) { + checkManager(userId, otherUserId); } } public void checkGroup(long userId, long groupId) throws SecurityException { - if (!getGroupPermissions(userId).contains(groupId)) { - throw new SecurityException("Group access denied"); + if (!getGroupPermissions(userId).contains(groupId) && !isAdmin(userId)) { + Iterator iterator = getUserPermissions(userId).iterator(); + boolean managed = false; + while (!managed && iterator.hasNext()) { + managed = getGroupPermissions(iterator.next()).contains(groupId); + } + if (!managed) { + throw new SecurityException("Group access denied"); + } } } public void checkDevice(long userId, long deviceId) throws SecurityException { - if (!getDevicePermissions(userId).contains(deviceId)) { - throw new SecurityException("Device access denied"); + if (!getDevicePermissions(userId).contains(deviceId) && !isAdmin(userId)) { + Iterator iterator = getUserPermissions(userId).iterator(); + boolean managed = false; + while (!managed && iterator.hasNext()) { + managed = getDevicePermissions(iterator.next()).contains(deviceId); + } + if (!managed) { + throw new SecurityException("Device access denied"); + } } } @@ -203,13 +282,27 @@ public class PermissionsManager { public void checkGeofence(long userId, long geofenceId) throws SecurityException { if (!Context.getGeofenceManager().checkGeofence(userId, geofenceId) && !isAdmin(userId)) { - throw new SecurityException("Geofence access denied"); + Iterator iterator = getUserPermissions(userId).iterator(); + boolean managed = false; + while (!managed && iterator.hasNext()) { + managed = Context.getGeofenceManager().checkGeofence(iterator.next(), geofenceId); + } + if (!managed) { + throw new SecurityException("Geofence access denied"); + } } } public void checkCalendar(long userId, long calendarId) throws SecurityException { if (!Context.getCalendarManager().checkCalendar(userId, calendarId) && !isAdmin(userId)) { - throw new SecurityException("Calendar access denied"); + Iterator iterator = getUserPermissions(userId).iterator(); + boolean managed = false; + while (!managed && iterator.hasNext()) { + managed = Context.getCalendarManager().checkCalendar(iterator.next(), calendarId); + } + if (!managed) { + throw new SecurityException("Calendar access denied"); + } } } @@ -222,10 +315,24 @@ public class PermissionsManager { this.server = server; } - public Collection getUsers() { + public Collection getAllUsers() { return users.values(); } + public Collection getUsers(long userId) { + Collection result = new ArrayList<>(); + for (long otherUserId : getUserPermissions(userId)) { + result.add(users.get(otherUserId)); + } + return result; + } + + public Collection getManagedUsers(long userId) { + Collection result = getUsers(userId); + result.add(users.get(userId)); + return result; + } + public User getUser(long userId) { return users.get(userId); } @@ -257,6 +364,7 @@ public class PermissionsManager { usersTokens.remove(users.get(userId).getToken()); users.remove(userId); refreshPermissions(); + refreshUserPermissions(); } public User login(String email, String password) throws SQLException { -- cgit v1.2.3