diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-12-20 14:40:15 +1300 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-12-20 14:40:15 +1300 |
commit | 3eff91673944f202e0aebe20faa925011568b685 (patch) | |
tree | 8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/PositionResource.java | |
parent | 4d29679dec4508d28af7651cdfd130e5a218b387 (diff) | |
download | trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2 trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip |
Check permissions for REST API calls
Diffstat (limited to 'src/org/traccar/api/resource/PositionResource.java')
-rw-r--r-- | src/org/traccar/api/resource/PositionResource.java | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/org/traccar/api/resource/PositionResource.java b/src/org/traccar/api/resource/PositionResource.java index e2c405d96..ec6925b3a 100644 --- a/src/org/traccar/api/resource/PositionResource.java +++ b/src/org/traccar/api/resource/PositionResource.java @@ -25,7 +25,6 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import java.sql.SQLException; import java.util.Collection; @@ -37,13 +36,11 @@ public class PositionResource extends BaseResource { @GET public Collection<Position> get( - @QueryParam("deviceId") long deviceId, @QueryParam("from") String from, @QueryParam("to") String to) { - try { - return Context.getDataManager().getPositions( - deviceId, JsonConverter.parseDate(from), JsonConverter.parseDate(to)); - } catch (SQLException e) { - throw new WebApplicationException(e); - } + @QueryParam("deviceId") long deviceId, @QueryParam("from") String from, @QueryParam("to") String to) + throws SQLException { + Context.getPermissionsManager().checkDevice(getUserId(), deviceId); + return Context.getDataManager().getPositions( + deviceId, JsonConverter.parseDate(from), JsonConverter.parseDate(to)); } } |