1 files changed, 11 insertions, 13 deletions

diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index a9edced25..678daac9b 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -32,6 +32,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.sql.SQLException;
 import java.util.Collection;
+import java.util.Date;
 
 @Path("users")
 @Produces(MediaType.APPLICATION_JSON)
@@ -49,6 +50,13 @@ public class UserResource extends BaseResource {
     public Response add(User entity) throws SQLException {
         if (!Context.getPermissionsManager().isAdmin(getUserId())) {
             Context.getPermissionsManager().checkRegistration(getUserId());
+            Context.getPermissionsManager().checkUserUpdate(getUserId(), new User(), entity);
+            entity.setDeviceLimit(Context.getConfig().getInteger("users.defaultDeviceLimit"));
+            int expirationDays = Context.getConfig().getInteger("users.defaultExpirationDays");
+            if (expirationDays > 0) {
+                entity.setExpirationTime(
+                    new Date(System.currentTimeMillis() + (long) expirationDays * 24 * 3600 * 1000));
+            }
         }
         Context.getPermissionsManager().addUser(entity);
         if (Context.getNotificationManager() != null) {
@@ -60,19 +68,9 @@ public class UserResource extends BaseResource {
     @Path("{id}")
     @PUT
     public Response update(User entity) throws SQLException {
-        User old = Context.getPermissionsManager().getUser(entity.getId());
-        if (old.getExpirationTime() == null && entity.getExpirationTime() != null
-                || old.getExpirationTime() != null && !old.getExpirationTime().equals(entity.getExpirationTime())
-                || old.getAdmin() != entity.getAdmin()
-                || old.getReadonly() != entity.getReadonly()
-                || old.getDisabled() != entity.getDisabled()
-                || old.getDeviceLimit() != entity.getDeviceLimit()
-                || old.getToken() == null && entity.getToken() != null
-                || old.getToken() != null && !old.getToken().equals(entity.getToken())) {
-            Context.getPermissionsManager().checkAdmin(getUserId());
-        } else {
-            Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
-        }
+        User before = Context.getPermissionsManager().getUser(entity.getId());
+        Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
+        Context.getPermissionsManager().checkUserUpdate(getUserId(), before, entity);
         Context.getPermissionsManager().updateUser(entity);
         if (Context.getNotificationManager() != null) {
             Context.getNotificationManager().refresh();