aboutsummaryrefslogtreecommitdiff
path: root/src/main/java
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-05-23 18:22:42 -0700
committerAnton Tananaev <anton@traccar.org>2022-05-23 18:22:42 -0700
commit69d45b4429be70ce079b51200f6baefeb3873220 (patch)
tree94b12d8aa266435dad537c46cbe26d5de79dc812 /src/main/java
parent402fd2b7faf1528f887de22d8175ccd80acf24a2 (diff)
downloadtrackermap-server-69d45b4429be70ce079b51200f6baefeb3873220.tar.gz
trackermap-server-69d45b4429be70ce079b51200f6baefeb3873220.tar.bz2
trackermap-server-69d45b4429be70ce079b51200f6baefeb3873220.zip
Self access permission
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/org/traccar/api/security/PermissionsService.java2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java
index c640f8d74..e7955086a 100644
--- a/src/main/java/org/traccar/api/security/PermissionsService.java
+++ b/src/main/java/org/traccar/api/security/PermissionsService.java
@@ -126,7 +126,7 @@ public class PermissionsService {
public <T extends BaseModel> void checkPermission(
Class<T> clazz, long userId, long objectId) throws StorageException, SecurityException {
- if (!getUser(userId).getAdministrator()) {
+ if (!getUser(userId).getAdministrator() && !(clazz.equals(User.class) && userId == objectId)) {
var objects = storage.getObjects(clazz, new Request(
new Columns.Include("id"),
new Condition.Permission(User.class, userId, clazz)));