aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api/resource/PositionResource.java
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 14:40:15 +1300
committerAnton Tananaev <anton.tananaev@gmail.com>2015-12-20 14:40:15 +1300
commit3eff91673944f202e0aebe20faa925011568b685 (patch)
tree8b3db829d90ca73faa132463eff8661a7335936f /src/org/traccar/api/resource/PositionResource.java
parent4d29679dec4508d28af7651cdfd130e5a218b387 (diff)
downloadtrackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.gz
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.tar.bz2
trackermap-server-3eff91673944f202e0aebe20faa925011568b685.zip
Check permissions for REST API calls
Diffstat (limited to 'src/org/traccar/api/resource/PositionResource.java')
-rw-r--r--src/org/traccar/api/resource/PositionResource.java13
1 files changed, 5 insertions, 8 deletions
diff --git a/src/org/traccar/api/resource/PositionResource.java b/src/org/traccar/api/resource/PositionResource.java
index e2c405d96..ec6925b3a 100644
--- a/src/org/traccar/api/resource/PositionResource.java
+++ b/src/org/traccar/api/resource/PositionResource.java
@@ -25,7 +25,6 @@ import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import java.sql.SQLException;
import java.util.Collection;
@@ -37,13 +36,11 @@ public class PositionResource extends BaseResource {
@GET
public Collection<Position> get(
- @QueryParam("deviceId") long deviceId, @QueryParam("from") String from, @QueryParam("to") String to) {
- try {
- return Context.getDataManager().getPositions(
- deviceId, JsonConverter.parseDate(from), JsonConverter.parseDate(to));
- } catch (SQLException e) {
- throw new WebApplicationException(e);
- }
+ @QueryParam("deviceId") long deviceId, @QueryParam("from") String from, @QueryParam("to") String to)
+ throws SQLException {
+ Context.getPermissionsManager().checkDevice(getUserId(), deviceId);
+ return Context.getDataManager().getPositions(
+ deviceId, JsonConverter.parseDate(from), JsonConverter.parseDate(to));
}
}