From 8b5f47fdcc9da07c9d4063cbb22b12ba26c78f58 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Sat, 1 Aug 2015 01:11:45 +1200
Subject: Check permissions for commands

---
 src/org/traccar/web/CommandServlet.java | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/org/traccar/web/CommandServlet.java')

diff --git a/src/org/traccar/web/CommandServlet.java b/src/org/traccar/web/CommandServlet.java
index f638520ec..f7f071f57 100644
--- a/src/org/traccar/web/CommandServlet.java
+++ b/src/org/traccar/web/CommandServlet.java
@@ -36,6 +36,7 @@ public class CommandServlet extends BaseServlet {
     private void send(HttpServletRequest req, HttpServletResponse resp) throws Exception {
 
         Command command = JsonConverter.objectFromJson(req.getReader(), new Command());
+        Context.getPermissionsManager().checkDevice(getUserId(req), command.getDeviceId());
         getActiveDevice(command.getDeviceId()).sendCommand(command);
         sendResponse(resp.getWriter(), true);
     }
@@ -45,6 +46,7 @@ public class CommandServlet extends BaseServlet {
         JsonObject json = Json.createReader(req.getReader()).readObject();
         long deviceId = json.getJsonNumber("deviceId").longValue();
         String command = json.getString("command");
+        Context.getPermissionsManager().checkDevice(getUserId(req), deviceId);
         getActiveDevice(deviceId).write(command);
         sendResponse(resp.getWriter(), true);
     }
-- 
cgit v1.2.3