From 2bb63a0b1c82c42c0d13614c5a67521130165368 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Sun, 20 Dec 2015 21:12:37 +1300
Subject: Check readonly and registration flags

---
 src/org/traccar/api/resource/DeviceResource.java | 3 +++
 src/org/traccar/api/resource/ServerResource.java | 1 +
 src/org/traccar/api/resource/UserResource.java   | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/org/traccar/api')

diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index a25201678..a4bfc1030 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -55,6 +55,7 @@ public class DeviceResource extends BaseResource {
 
     @POST
     public Response add(Device entity) throws SQLException {
+        Context.getPermissionsManager().checkReadonly(getUserId());
         Context.getDataManager().addDevice(entity);
         Context.getDataManager().linkDevice(getUserId(), entity.getId());
         Context.getPermissionsManager().refresh();
@@ -64,6 +65,7 @@ public class DeviceResource extends BaseResource {
     @Path("{id}")
     @PUT
     public Response update(@PathParam("id") long id, Device entity) throws SQLException {
+        Context.getPermissionsManager().checkReadonly(getUserId());
         Context.getPermissionsManager().checkDevice(getUserId(), id);
         Context.getDataManager().updateDevice(entity);
         return Response.ok(entity).build();
@@ -72,6 +74,7 @@ public class DeviceResource extends BaseResource {
     @Path("{id}")
     @DELETE
     public Response remove(@PathParam("id") long id) throws SQLException {
+        Context.getPermissionsManager().checkReadonly(getUserId());
         Context.getPermissionsManager().checkDevice(getUserId(), id);
         Context.getDataManager().removeDevice(id);
         Context.getPermissionsManager().refresh();
diff --git a/src/org/traccar/api/resource/ServerResource.java b/src/org/traccar/api/resource/ServerResource.java
index 54c04d21b..9e42687ab 100644
--- a/src/org/traccar/api/resource/ServerResource.java
+++ b/src/org/traccar/api/resource/ServerResource.java
@@ -44,6 +44,7 @@ public class ServerResource extends BaseResource {
     public Response update(Server entity) throws SQLException {
         Context.getPermissionsManager().checkAdmin(getUserId());
         Context.getDataManager().updateServer(entity);
+        Context.getPermissionsManager().refresh();
         return Response.ok(entity).build();
     }
 
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index bf4cb85c3..4d57d5b0c 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -47,7 +47,7 @@ public class UserResource extends BaseResource {
     @PermitAll
     @POST
     public Response add(User entity) throws SQLException {
-        Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
+        Context.getPermissionsManager().checkRegistration(getUserId());
         Context.getDataManager().addUser(entity);
         Context.getPermissionsManager().refresh();
         return Response.ok(entity).build();
-- 
cgit v1.2.3