aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
authorAbyss777 <abyss@fox5.ru>2017-02-07 11:38:57 +0500
committerAbyss777 <abyss@fox5.ru>2017-02-07 11:38:57 +0500
commit648096e5bad55a22f4e45a455eb219692039e900 (patch)
tree141ba8e05018e59e227e7460b5e033c9a7221201 /src/org/traccar/api
parent61738a2b4911c502bce2d06e002b8d825d3fccb2 (diff)
downloadtraccar-server-648096e5bad55a22f4e45a455eb219692039e900.tar.gz
traccar-server-648096e5bad55a22f4e45a455eb219692039e900.tar.bz2
traccar-server-648096e5bad55a22f4e45a455eb219692039e900.zip
Do not allow readonly users send commands
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/resource/CommandResource.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/CommandResource.java b/src/org/traccar/api/resource/CommandResource.java
index cce2dac2b..e13ae9de8 100644
--- a/src/org/traccar/api/resource/CommandResource.java
+++ b/src/org/traccar/api/resource/CommandResource.java
@@ -33,6 +33,8 @@ public class CommandResource extends BaseResource {
@POST
public Response add(Command entity) {
+ Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
Context.getConnectionManager().getActiveDevice(entity.getDeviceId()).sendCommand(entity);
return Response.ok(entity).build();