aboutsummaryrefslogtreecommitdiff
path: root/src/org
diff options
context:
space:
mode:
authorAbyss777 <abyss@fox5.ru>2017-01-26 11:33:24 +0500
committerAbyss777 <abyss@fox5.ru>2017-01-26 11:33:24 +0500
commite40094735b4ddaf4de68bcf3858a9317adc8b3b7 (patch)
treeadf0dc849d65304661fe3d4420f7e7c0d5ed97a3 /src/org
parentb1453ebd231009e9d9078377f2a1e063d852c444 (diff)
downloadtraccar-server-e40094735b4ddaf4de68bcf3858a9317adc8b3b7.tar.gz
traccar-server-e40094735b4ddaf4de68bcf3858a9317adc8b3b7.tar.bz2
traccar-server-e40094735b4ddaf4de68bcf3858a9317adc8b3b7.zip
Device readonly user can't edit attribute aliases
Diffstat (limited to 'src/org')
-rw-r--r--src/org/traccar/api/resource/AttributeAliasResource.java3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/AttributeAliasResource.java b/src/org/traccar/api/resource/AttributeAliasResource.java
index db767616f..b2636acf1 100644
--- a/src/org/traccar/api/resource/AttributeAliasResource.java
+++ b/src/org/traccar/api/resource/AttributeAliasResource.java
@@ -55,6 +55,7 @@ public class AttributeAliasResource extends BaseResource {
@POST
public Response add(AttributeAlias entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
if (!Context.getPermissionsManager().isAdmin(getUserId())) {
Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
}
@@ -66,6 +67,7 @@ public class AttributeAliasResource extends BaseResource {
@PUT
public Response update(AttributeAlias entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
if (!Context.getPermissionsManager().isAdmin(getUserId())) {
AttributeAlias oldEntity = Context.getAliasesManager().getAttributeAlias(entity.getId());
Context.getPermissionsManager().checkDevice(getUserId(), oldEntity.getDeviceId());
@@ -79,6 +81,7 @@ public class AttributeAliasResource extends BaseResource {
@DELETE
public Response remove(@PathParam("id") long id) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ Context.getPermissionsManager().checkDeviceReadonly(getUserId());
if (!Context.getPermissionsManager().isAdmin(getUserId())) {
AttributeAlias entity = Context.getAliasesManager().getAttributeAlias(id);
Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());