From bda31d967673477331caba9597c1ab57553c4b8d Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Mon, 29 Jan 2018 09:40:53 +0500 Subject: Fix ScheduledModel objects permission check --- src/org/traccar/api/BaseObjectResource.java | 11 ++++++++-- src/org/traccar/model/Device.java | 14 ++----------- src/org/traccar/model/Group.java | 14 ++----------- src/org/traccar/model/GroupedModel.java | 31 +++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 26 deletions(-) create mode 100644 src/org/traccar/model/GroupedModel.java (limited to 'src/org') diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java index e4e00938f..596195cae 100644 --- a/src/org/traccar/api/BaseObjectResource.java +++ b/src/org/traccar/api/BaseObjectResource.java @@ -37,6 +37,7 @@ import org.traccar.model.Calendar; import org.traccar.model.Command; import org.traccar.model.Device; import org.traccar.model.Group; +import org.traccar.model.GroupedModel; import org.traccar.model.ScheduledModel; import org.traccar.model.User; @@ -79,7 +80,10 @@ public abstract class BaseObjectResource extends BaseResour Context.getPermissionsManager().checkDeviceLimit(getUserId()); } else if (baseClass.equals(Command.class)) { Context.getPermissionsManager().checkLimitCommands(getUserId()); - } else if (entity instanceof ScheduledModel) { + } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) { + Context.getPermissionsManager().checkPermission(Group.class, getUserId(), + ((GroupedModel) entity).getGroupId()); + } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) { Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId()); } @@ -111,7 +115,10 @@ public abstract class BaseObjectResource extends BaseResour Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity); } else if (baseClass.equals(Command.class)) { Context.getPermissionsManager().checkLimitCommands(getUserId()); - } else if (entity instanceof ScheduledModel) { + } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) { + Context.getPermissionsManager().checkPermission(Group.class, getUserId(), + ((GroupedModel) entity).getGroupId()); + } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) { Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId()); } diff --git a/src/org/traccar/model/Device.java b/src/org/traccar/model/Device.java index 51b479b09..0c9be932d 100644 --- a/src/org/traccar/model/Device.java +++ b/src/org/traccar/model/Device.java @@ -1,5 +1,5 @@ /* - * Copyright 2012 - 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2012 - 2018 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ import java.util.List; import org.traccar.database.QueryExtended; import org.traccar.database.QueryIgnore; -public class Device extends ExtendedModel { +public class Device extends GroupedModel { private String name; @@ -88,16 +88,6 @@ public class Device extends ExtendedModel { this.positionId = positionId; } - private long groupId; - - public long getGroupId() { - return groupId; - } - - public void setGroupId(long groupId) { - this.groupId = groupId; - } - private List geofenceIds; @QueryIgnore diff --git a/src/org/traccar/model/Group.java b/src/org/traccar/model/Group.java index aad206aad..91ea2319d 100644 --- a/src/org/traccar/model/Group.java +++ b/src/org/traccar/model/Group.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Anton Tananaev (anton@traccar.org) + * Copyright 2016 - 2018 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ */ package org.traccar.model; -public class Group extends ExtendedModel { +public class Group extends GroupedModel { private String name; @@ -27,14 +27,4 @@ public class Group extends ExtendedModel { this.name = name; } - private long groupId; - - public long getGroupId() { - return groupId; - } - - public void setGroupId(long groupId) { - this.groupId = groupId; - } - } diff --git a/src/org/traccar/model/GroupedModel.java b/src/org/traccar/model/GroupedModel.java new file mode 100644 index 000000000..6b1aa75b1 --- /dev/null +++ b/src/org/traccar/model/GroupedModel.java @@ -0,0 +1,31 @@ +/* + * Copyright 2018 Anton Tananaev (anton@traccar.org) + * Copyright 2018 Andrey Kunitsyn (andrey@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.model; + +public class GroupedModel extends ExtendedModel { + + private long groupId; + + public long getGroupId() { + return groupId; + } + + public void setGroupId(long groupId) { + this.groupId = groupId; + } + +} -- cgit v1.2.3