diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-08-01 01:11:45 +1200 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-08-01 01:11:45 +1200 |
commit | 8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58 (patch) | |
tree | 0b8facf68f2c954abe0dba5652ff3f1e9db45e5d | |
parent | 41c39eed934f106d1bc290d9310da202ccd1da95 (diff) | |
download | traccar-server-8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58.tar.gz traccar-server-8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58.tar.bz2 traccar-server-8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58.zip |
Check permissions for commands
-rw-r--r-- | src/org/traccar/web/CommandServlet.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/org/traccar/web/CommandServlet.java b/src/org/traccar/web/CommandServlet.java index f638520ec..f7f071f57 100644 --- a/src/org/traccar/web/CommandServlet.java +++ b/src/org/traccar/web/CommandServlet.java @@ -36,6 +36,7 @@ public class CommandServlet extends BaseServlet { private void send(HttpServletRequest req, HttpServletResponse resp) throws Exception { Command command = JsonConverter.objectFromJson(req.getReader(), new Command()); + Context.getPermissionsManager().checkDevice(getUserId(req), command.getDeviceId()); getActiveDevice(command.getDeviceId()).sendCommand(command); sendResponse(resp.getWriter(), true); } @@ -45,6 +46,7 @@ public class CommandServlet extends BaseServlet { JsonObject json = Json.createReader(req.getReader()).readObject(); long deviceId = json.getJsonNumber("deviceId").longValue(); String command = json.getString("command"); + Context.getPermissionsManager().checkDevice(getUserId(req), deviceId); getActiveDevice(deviceId).write(command); sendResponse(resp.getWriter(), true); } |