aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-08-01 01:11:45 +1200
committerAnton Tananaev <anton.tananaev@gmail.com>2015-08-01 01:11:45 +1200
commit8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58 (patch)
tree0b8facf68f2c954abe0dba5652ff3f1e9db45e5d
parent41c39eed934f106d1bc290d9310da202ccd1da95 (diff)
downloadtraccar-server-8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58.tar.gz
traccar-server-8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58.tar.bz2
traccar-server-8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58.zip
Check permissions for commands
-rw-r--r--src/org/traccar/web/CommandServlet.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/org/traccar/web/CommandServlet.java b/src/org/traccar/web/CommandServlet.java
index f638520ec..f7f071f57 100644
--- a/src/org/traccar/web/CommandServlet.java
+++ b/src/org/traccar/web/CommandServlet.java
@@ -36,6 +36,7 @@ public class CommandServlet extends BaseServlet {
private void send(HttpServletRequest req, HttpServletResponse resp) throws Exception {
Command command = JsonConverter.objectFromJson(req.getReader(), new Command());
+ Context.getPermissionsManager().checkDevice(getUserId(req), command.getDeviceId());
getActiveDevice(command.getDeviceId()).sendCommand(command);
sendResponse(resp.getWriter(), true);
}
@@ -45,6 +46,7 @@ public class CommandServlet extends BaseServlet {
JsonObject json = Json.createReader(req.getReader()).readObject();
long deviceId = json.getJsonNumber("deviceId").longValue();
String command = json.getString("command");
+ Context.getPermissionsManager().checkDevice(getUserId(req), deviceId);
getActiveDevice(deviceId).write(command);
sendResponse(resp.getWriter(), true);
}