Traccar API: Crate two sessions ate the same time

Victor Butler2 years ago

Hello,

Quick question, would it be possible to create two sessions via API from the same device?

I want to allow a non admin user to login via API. After that (on button click or whatever), I want to create a second session, this time with Admin credentials in order to assign one of the Admin devices to a user group. The idea is to allow the user to "see" a device that is assigned to another user without a need for manual intervention from the Admin.

Is this possible?
If yes, what would be the best option? Via temporary admin token?

Anton Tananaev2 years ago

Not sure I understand the use case.

Victor Butler2 years ago

There are two use cases:

  1. Users can only "add" pre-authorized devices. Those devices would have already been added by Admin. Now a user can make a "pull" request by entering an already existing DeviceID and assigning the device to his group as opposed to Admin doing the same action manually.
  2. Two unrelated users will be able to "share" devices between themselves without an action needed from the Admin.

The only way I can think of doing that is by creating a temporary admin token for the user to perform the necessary action.

Maybe you would have a better suggestion?

Anton Tananaev2 years ago

You shouldn't give admin access to users. That would be a security issue. With admin access they would be able to do anything.

Instead you should just your use cases in Traccar or in some external service. For external service you can use an admin access, but you should provide admin access directly to users.

Victor Butler2 years ago

I am using an external service which communicates with Traccar server via the official API.

Providing temporary Admin access to a select set of users will not be a problem in my use case.

The question is, how do I provide the users with the right permissions in order to update the groupid of an existing device already assigned to another user.

I have found topics on the forum, where other users ask about the possibility to share devices between unrelated users. So this use case is not so uncommon.

Maybe you can help us all to look for a workaround without a need to customize the server?

Anton Tananaev2 years ago

Just curious why admin access is not a problem? If it's not a problem, why not give admin access permanently and not worry about this temporary thing?

As for providing device/group permissions, you should use the standard permissions API for that.

Victor Butler2 years ago

Admin access won't be a problem for providing temporary admin rights in order to add an already existing device via controlled external service. Still, I don't want the users to have Admin access in general.
The suggestion for granting Admin access is an idea for lack of a better alternative. Can you suggest another or better approach?

The use case again: Admin user adds a deviceID manually. Then unrelated user comes in, enters the already existing deviceID and we assign a new group (that belongs to the user) in the groupid in tc_devices?

The relevant API call would be: /api/devices/Admindeviceid
and the payload would be: {"id":Admindeviceid,"attributes":{},"groupId":UsergroupId,"name":"devicename",...}

Anton Tananaev2 years ago

If you have an external service, you can just have an admin access there and do any linking you need. I'm still very confused about your setup.

Victor Butler2 years ago

Well, that's the thing, I can not sure if I can configure two sessions at the same time - one user session (for regular user access) and one temporary Admin session in order to perform the required linking.

Once the linking is completed, we kill the Admin session and user continues to browse using his own session.

Can I create a second session using an Admin token? I definitely don't want to use the admin credentials.

Anton Tananaev2 years ago

Why do you need two sessions? You said you have an external service for this? Maybe you can draw some diagram for us to understand your setup.

Victor Butler2 years ago

Ok let me see how I can visualize the setup and I will post it here a bit later...

Victor Butler2 years ago

Hi again,

Here I have tried to graphically represent one of the suggested use cases:

I want Admin to add the authorized devices and then each user can make a self registration and assign the devices to one of their groups without the need for the Admin to do this manually:

Image

Anton Tananaev2 years ago

Where's your external service on the picture?

Victor Butler2 years ago

Consider it between the user and the API. I didn't add it in order to keep the graphic as simple as possible.

Anton Tananaev2 years ago

But that's the key piece that's not clear to me. That's exactly what I keep asking about, but you can't really explain the flow.