aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api/resource/GroupResource.java
diff options
context:
space:
mode:
authorAbyss777 <abyss@fox5.ru>2017-07-20 10:05:33 +0500
committerAbyss777 <abyss@fox5.ru>2017-07-20 10:05:33 +0500
commit0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0 (patch)
treed2bc54bd9671948c5444e8ab313d99021469a295 /src/org/traccar/api/resource/GroupResource.java
parentafb9a199f57824ec06c993b6028c35b616f64885 (diff)
downloadtrackermap-server-0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0.tar.gz
trackermap-server-0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0.tar.bz2
trackermap-server-0d5a1b36c704f3a79eceb2a1f19894f0438eb1b0.zip
Make permissions resources more strict
Diffstat (limited to 'src/org/traccar/api/resource/GroupResource.java')
-rw-r--r--src/org/traccar/api/resource/GroupResource.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/GroupResource.java b/src/org/traccar/api/resource/GroupResource.java
index 97b6d671d..0d9572332 100644
--- a/src/org/traccar/api/resource/GroupResource.java
+++ b/src/org/traccar/api/resource/GroupResource.java
@@ -97,6 +97,9 @@ public class GroupResource extends BaseResource {
@POST
public Response add(Map<String, Long> entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ if (entity.size() != 2) {
+ throw new IllegalArgumentException();
+ }
for (String key : entity.keySet()) {
Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key));
}
@@ -109,6 +112,9 @@ public class GroupResource extends BaseResource {
@DELETE
public Response remove(Map<String, Long> entity) throws SQLException {
Context.getPermissionsManager().checkReadonly(getUserId());
+ if (entity.size() != 2) {
+ throw new IllegalArgumentException();
+ }
for (String key : entity.keySet()) {
Context.getPermissionsManager().checkPermission(key.replace("Id", ""), getUserId(), entity.get(key));
}