diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2017-01-26 21:29:17 +1300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-26 21:29:17 +1300 |
commit | 3a0f3d948952c18260d739c02794848a2cfc0d25 (patch) | |
tree | 21fd0f2a1ae71d020c9d4e2f645101b6987b1695 | |
parent | 3155b8697a9b3f8023e085a766a439eee4c058db (diff) | |
parent | e40094735b4ddaf4de68bcf3858a9317adc8b3b7 (diff) | |
download | trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.tar.gz trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.tar.bz2 trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.zip |
Merge pull request #2835 from Abyss777/devicereadonly_aliases
Device readonly user shouldn't be able edit attribute aliases
-rw-r--r-- | src/org/traccar/api/resource/AttributeAliasResource.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/AttributeAliasResource.java b/src/org/traccar/api/resource/AttributeAliasResource.java index db767616f..b2636acf1 100644 --- a/src/org/traccar/api/resource/AttributeAliasResource.java +++ b/src/org/traccar/api/resource/AttributeAliasResource.java @@ -55,6 +55,7 @@ public class AttributeAliasResource extends BaseResource { @POST public Response add(AttributeAlias entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + Context.getPermissionsManager().checkDeviceReadonly(getUserId()); if (!Context.getPermissionsManager().isAdmin(getUserId())) { Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId()); } @@ -66,6 +67,7 @@ public class AttributeAliasResource extends BaseResource { @PUT public Response update(AttributeAlias entity) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + Context.getPermissionsManager().checkDeviceReadonly(getUserId()); if (!Context.getPermissionsManager().isAdmin(getUserId())) { AttributeAlias oldEntity = Context.getAliasesManager().getAttributeAlias(entity.getId()); Context.getPermissionsManager().checkDevice(getUserId(), oldEntity.getDeviceId()); @@ -79,6 +81,7 @@ public class AttributeAliasResource extends BaseResource { @DELETE public Response remove(@PathParam("id") long id) throws SQLException { Context.getPermissionsManager().checkReadonly(getUserId()); + Context.getPermissionsManager().checkDeviceReadonly(getUserId()); if (!Context.getPermissionsManager().isAdmin(getUserId())) { AttributeAlias entity = Context.getAliasesManager().getAttributeAlias(id); Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId()); |