Check permissions for REST API calls

author: Anton Tananaev <anton.tananaev@gmail.com> 2015-12-20 14:40:15 +1300
committer: Anton Tananaev <anton.tananaev@gmail.com> 2015-12-20 14:40:15 +1300
commit: 3eff91673944f202e0aebe20faa925011568b685 (patch)
tree: 8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/PermissionResource.java
parent: 4d29679dec4508d28af7651cdfd130e5a218b387 (diff)
download: trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip
1 files changed, 10 insertions, 15 deletions
diff --git a/src/org/traccar/api/resource/PermissionResource.java b/src/org/traccar/api/resource/PermissionResource.java
index 84be6be0e..50deb77c2 100644
--- a/src/org/traccar/api/resource/PermissionResource.java
+++ b/src/org/traccar/api/resource/PermissionResource.java
@@ -24,7 +24,6 @@ import javax.ws.rs.DELETE;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.sql.SQLException;
@@ -35,23 +34,19 @@ import java.sql.SQLException;
 public class PermissionResource extends BaseResource {
 
     @POST
-    public Response add(Permission entity) {
-        try {
-            Context.getDataManager().linkDevice(entity.getUserId(), entity.getDeviceId());
-            return Response.ok(entity).build();
-        } catch (SQLException e) {
-            throw new WebApplicationException(e);
-        }
+    public Response add(Permission entity) throws SQLException {
+        Context.getPermissionsManager().checkAdmin(getUserId());
+        Context.getDataManager().linkDevice(entity.getUserId(), entity.getDeviceId());
+        Context.getPermissionsManager().refresh();
+        return Response.ok(entity).build();
     }
 
     @DELETE
-    public Response remove(Permission entity) {
-        try {
-            Context.getDataManager().unlinkDevice(entity.getUserId(), entity.getDeviceId());
-            return Response.noContent().build();
-        } catch (SQLException e) {
-            throw new WebApplicationException(e);
-        }
+    public Response remove(Permission entity) throws SQLException {
+        Context.getPermissionsManager().checkAdmin(getUserId());
+        Context.getDataManager().unlinkDevice(entity.getUserId(), entity.getDeviceId());
+        Context.getPermissionsManager().refresh();
+        return Response.noContent().build();
     }
 
 }
author	Anton Tananaev <anton.tananaev@gmail.com>	2015-12-20 14:40:15 +1300
committer	Anton Tananaev <anton.tananaev@gmail.com>	2015-12-20 14:40:15 +1300
commit	3eff91673944f202e0aebe20faa925011568b685 (patch)
tree	8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/PermissionResource.java
parent	4d29679dec4508d28af7651cdfd130e5a218b387 (diff)
download	trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2 trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip