diff options
author | Abyss777 <abyss@fox5.ru> | 2017-02-07 11:38:57 +0500 |
---|---|---|
committer | Abyss777 <abyss@fox5.ru> | 2017-02-07 11:38:57 +0500 |
commit | 648096e5bad55a22f4e45a455eb219692039e900 (patch) | |
tree | 141ba8e05018e59e227e7460b5e033c9a7221201 /src/org/traccar/api | |
parent | 61738a2b4911c502bce2d06e002b8d825d3fccb2 (diff) | |
download | traccar-server-648096e5bad55a22f4e45a455eb219692039e900.tar.gz traccar-server-648096e5bad55a22f4e45a455eb219692039e900.tar.bz2 traccar-server-648096e5bad55a22f4e45a455eb219692039e900.zip |
Do not allow readonly users send commands
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r-- | src/org/traccar/api/resource/CommandResource.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/CommandResource.java b/src/org/traccar/api/resource/CommandResource.java index cce2dac2b..e13ae9de8 100644 --- a/src/org/traccar/api/resource/CommandResource.java +++ b/src/org/traccar/api/resource/CommandResource.java @@ -33,6 +33,8 @@ public class CommandResource extends BaseResource { @POST public Response add(Command entity) { + Context.getPermissionsManager().checkReadonly(getUserId()); + Context.getPermissionsManager().checkDeviceReadonly(getUserId()); Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId()); Context.getConnectionManager().getActiveDevice(entity.getDeviceId()).sendCommand(entity); return Response.ok(entity).build(); |