diff options
author | Anton Tananaev <anton@traccar.org> | 2022-05-23 18:22:42 -0700 |
---|---|---|
committer | Anton Tananaev <anton@traccar.org> | 2022-05-23 18:22:42 -0700 |
commit | 69d45b4429be70ce079b51200f6baefeb3873220 (patch) | |
tree | 94b12d8aa266435dad537c46cbe26d5de79dc812 /src/main/java | |
parent | 402fd2b7faf1528f887de22d8175ccd80acf24a2 (diff) | |
download | trackermap-server-69d45b4429be70ce079b51200f6baefeb3873220.tar.gz trackermap-server-69d45b4429be70ce079b51200f6baefeb3873220.tar.bz2 trackermap-server-69d45b4429be70ce079b51200f6baefeb3873220.zip |
Self access permission
Diffstat (limited to 'src/main/java')
-rw-r--r-- | src/main/java/org/traccar/api/security/PermissionsService.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java index c640f8d74..e7955086a 100644 --- a/src/main/java/org/traccar/api/security/PermissionsService.java +++ b/src/main/java/org/traccar/api/security/PermissionsService.java @@ -126,7 +126,7 @@ public class PermissionsService { public <T extends BaseModel> void checkPermission( Class<T> clazz, long userId, long objectId) throws StorageException, SecurityException { - if (!getUser(userId).getAdministrator()) { + if (!getUser(userId).getAdministrator() && !(clazz.equals(User.class) && userId == objectId)) { var objects = storage.getObjects(clazz, new Request( new Columns.Include("id"), new Condition.Permission(User.class, userId, clazz))); |