From 3eff91673944f202e0aebe20faa925011568b685 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Sun, 20 Dec 2015 14:40:15 +1300 Subject: Check permissions for REST API calls --- src/org/traccar/api/resource/SessionResource.java | 35 +++++++++-------------- 1 file changed, 14 insertions(+), 21 deletions(-) (limited to 'src/org/traccar/api/resource/SessionResource.java') diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java index 554b6760e..745088a4d 100644 --- a/src/org/traccar/api/resource/SessionResource.java +++ b/src/org/traccar/api/resource/SessionResource.java @@ -45,32 +45,25 @@ public class SessionResource extends BaseResource { @PermitAll @GET - public User get() { - try { - Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); - if (userId != null) { - return Context.getDataManager().getUser(userId); - } else { - throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); - } - } catch (SQLException e) { - throw new WebApplicationException(e); + public User get() throws SQLException { + Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); + if (userId != null) { + return Context.getDataManager().getUser(userId); + } else { + throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); } } @PermitAll @POST - public User add(@FormParam("email") String email, @FormParam("password") String password) { - try { - User user = Context.getDataManager().login(email, password); - if (user != null) { - request.getSession().setAttribute(USER_ID_KEY, user.getId()); - return user; - } else { - throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build()); - } - } catch (SQLException e) { - throw new WebApplicationException(e); + public User add( + @FormParam("email") String email, @FormParam("password") String password) throws SQLException { + User user = Context.getDataManager().login(email, password); + if (user != null) { + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + return user; + } else { + throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build()); } } -- cgit v1.2.3