For #202 - fixed password reset by manager

src/main/java/org/traccar/web/server/model/DataServiceImpl.java

@@ -247,7 +247,9 @@ public User updateUser(User user) {
         if (user.getLogin().isEmpty() || user.getPassword().isEmpty()) {
             throw new IllegalArgumentException();
         }
-        if (currentUser.getAdmin() || (currentUser.getId() == user.getId() && !user.getAdmin())) {
+        if (currentUser.getAdmin()
+            || (currentUser.getManager() && currentUser.getAllManagedUsers().contains(user))
+            || (currentUser.getId() == user.getId() && !user.getAdmin())) {
             EntityManager entityManager = getSessionEntityManager();
             // TODO: better solution?
             if (currentUser.getId() == user.getId()) {

src/main/java/org/traccar/web/shared/model/User.java

@@ -46,6 +46,7 @@ public User(String login, String password) {
         this(login);
         this.password = password;
         this.geoFences = new HashSet<GeoFence>();
+        this.managedUsers = new HashSet<User>();
     }
 
     public User(User user) {

src/test/java/org/traccar/web/server/model/DataServiceTest.java

@@ -21,6 +21,8 @@
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.persist.PersistService;
+import com.google.inject.persist.Transactional;
+import com.google.inject.persist.UnitOfWork;
 import com.google.inject.persist.jpa.JpaPersistModule;
 import org.junit.After;
 import org.junit.BeforeClass;
@@ -34,8 +36,6 @@
 import javax.inject.Provider;
 import javax.persistence.EntityManager;
 import javax.servlet.http.HttpServletRequest;
-import java.io.File;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -47,6 +47,7 @@ public static class TestUserProvider implements Provider<User> {
         @Inject
         Provider<EntityManager> entityManager;
 
+        @Transactional
         @Override
         public User get() {
             if (currentUserId == null) {
@@ -61,6 +62,7 @@ public static class TestPersistenceModule extends AbstractModule {
         @Override
         protected void configure() {
             install(new JpaPersistModule("test"));
+
             bind(DataService.class).to(DataServiceImpl.class);
             bind(NotificationService.class).to(NotificationServiceImpl.class);
             bind(EventService.class).to(EventServiceImpl.class);
@@ -82,10 +84,13 @@ public static void init() throws Exception {
         injector.getInstance(PersistService.class).start();
         dataService = injector.getInstance(DataService.class);
 
+        UnitOfWork unitOfWork = injector.getInstance(UnitOfWork.class);
+        unitOfWork.begin();
         EntityManager entityManager = injector.getInstance(EntityManager.class);
         entityManager.getTransaction().begin();
         injector.getInstance(DBMigrations.CreateAdmin.class).migrate(entityManager);
         entityManager.getTransaction().commit();
+        unitOfWork.end();
     }
 
     @After
@@ -134,4 +139,38 @@ public void testDeleteUserWithNotificationSettings() {
         assertEquals(1, dataService.getUsers().size());
         assertEquals(originalUserId.longValue(), dataService.getUsers().get(0).getId());
     }
+
+    @Test
+    public void testResetPasswordByAdmin() {
+        User user = new User("test", "test");
+        user = dataService.addUser(user);
+
+        user.setPassword("test1");
+        user = dataService.updateUser(user);
+
+        dataService.removeUser(user);
+
+        assertEquals("test1", user.getPassword());
+    }
+
+    @Test
+    public void testResetPasswordByManager() {
+        User manager = new User("manager", "manager");
+        manager.setManager(Boolean.TRUE);
+        manager = dataService.addUser(manager);
+
+        currentUserId = manager.getId();
+
+        User user = new User("test", "test");
+        user = dataService.addUser(user);
+
+        user.setPassword("test1");
+        user = dataService.updateUser(user);
+
+        currentUserId = null;
+        dataService.removeUser(user);
+        dataService.removeUser(manager);
+
+        assertEquals("test1", user.getPassword());
+    }
 }