Group access denied - SecurityException (PermissionsService:196 < *:130 < BaseObjectResource:84 < ...)
Please provide steps to reproduce.
There realy where not special steps
I shared connected a device to a user. That user went into the device settings and added notification and geofence.
on hitting save this error occured
Error occures whenever hitting SAVE but settings are saved never the less
Im using traccar 5.5 latest
I could reproduce that error.
Share a device from admin to a new user (the user has no restrictions). login to the new user account. Click on devices and select the shared device to edit. Just add a phonenumber or anything else and clicking save with throw the above error.
When i created the device with the admin account i also added a geo-fence to it under connections. Under the new user account this same geo-fence cant be seen on the map or selected from connections / geofences. I can create a new geofence through the new user account for the shared device (with the same SecurityException message).
The error indicated that the device is in a group. You have to have access to the group.
By steps to reproduce I mean how to reproduce the issue for us starting from a clean server, not for you.
Ok well then:
Install server from scratch, Create devices as admin, group some together, create a new user without any restrictions by admin, share a device to that user, login as that user and edit sth in the device. Changes will be saved but error occurs.
Track-trace also got this error.
There is no point in being able to share single devices if it’s restricted if they are in a group.
Sometimes you just want to share one device not the whole group ?
@Anton and Systado It is indeed true that the device that i shared to a new user already was member of a group.
From the admin panel i created a group to add saved commands to it. So that all new devices that i add to that group instantly have all the saved command that i have created (which is very handy).
You would indeed think that the new user who received the shared device would also have those saved commands delegated to it.
If this is not the case then a new user would need to create its own saved commands ? (and add it to a group if he want to use it on more shared devices ?)
Improved the check here:
https://github.com/traccar/traccar/commit/b2f021bc447884d85c9fbcce93bb708d3702d1d8
It will only check group permissions if group has changed.
Tested that code change for PermissionsService.java Its working.
Also, i wrote about saved commands, now i understand that the saved commands that the admin has created can be shared to new users by editing the new user and select the saved commands through, Connections / Saved commands.
When a user tries to save geofences and notifications with a device they are shared by another user
thi smessage apears but noting in logfile