Fix ScheduledModel objects permission check

author: Abyss777 <abyss@fox5.ru> 2018-01-29 09:40:53 +0500
committer: Abyss777 <abyss@fox5.ru> 2018-01-29 09:46:01 +0500
commit: bda31d967673477331caba9597c1ab57553c4b8d (patch)
tree: 0889e8e15a0ffca487ab30221a469b89fe5780d4 /src/org/traccar/api/BaseObjectResource.java
parent: 98f14df734f2772d65c28ab4364e37f16efabbad (diff)
download: trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.tar.gz
trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.tar.bz2
trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java
index e4e00938f..596195cae 100644
--- a/src/org/traccar/api/BaseObjectResource.java
+++ b/src/org/traccar/api/BaseObjectResource.java
@@ -37,6 +37,7 @@ import org.traccar.model.Calendar;
 import org.traccar.model.Command;
 import org.traccar.model.Device;
 import org.traccar.model.Group;
+import org.traccar.model.GroupedModel;
 import org.traccar.model.ScheduledModel;
 import org.traccar.model.User;
 
@@ -79,7 +80,10 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
             Context.getPermissionsManager().checkDeviceLimit(getUserId());
         } else if (baseClass.equals(Command.class)) {
             Context.getPermissionsManager().checkLimitCommands(getUserId());
-        } else if (entity instanceof ScheduledModel) {
+        } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+            Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
+                    ((GroupedModel) entity).getGroupId());
+        } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
             Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
                     ((ScheduledModel) entity).getCalendarId());
         }
@@ -111,7 +115,10 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
             Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity);
         } else if (baseClass.equals(Command.class)) {
             Context.getPermissionsManager().checkLimitCommands(getUserId());
-        } else if (entity instanceof ScheduledModel) {
+        } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+            Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
+                    ((GroupedModel) entity).getGroupId());
+        } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
             Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
                     ((ScheduledModel) entity).getCalendarId());
         }
author	Abyss777 <abyss@fox5.ru>	2018-01-29 09:40:53 +0500
committer	Abyss777 <abyss@fox5.ru>	2018-01-29 09:46:01 +0500
commit	bda31d967673477331caba9597c1ab57553c4b8d (patch)
tree	0889e8e15a0ffca487ab30221a469b89fe5780d4 /src/org/traccar/api/BaseObjectResource.java
parent	98f14df734f2772d65c28ab4364e37f16efabbad (diff)
download	trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.tar.gz trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.tar.bz2 trackermap-server-bda31d967673477331caba9597c1ab57553c4b8d.zip