diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2017-01-25 23:32:21 +1300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-25 23:32:21 +1300 |
commit | b1453ebd231009e9d9078377f2a1e063d852c444 (patch) | |
tree | 2699449567a46d6d182a41a4687f483047a59f77 /src/org/traccar/api/resource/UserResource.java | |
parent | 36c48d354cec2888df67b303352ee5ce9d23de3e (diff) | |
parent | 483ed4418f53c5207d7150bf288ec6245d8f2cc3 (diff) | |
download | trackermap-server-b1453ebd231009e9d9078377f2a1e063d852c444.tar.gz trackermap-server-b1453ebd231009e9d9078377f2a1e063d852c444.tar.bz2 trackermap-server-b1453ebd231009e9d9078377f2a1e063d852c444.zip |
Merge pull request #2831 from Abyss777/permissions_polishing
Permissions improvements
Diffstat (limited to 'src/org/traccar/api/resource/UserResource.java')
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index dd59a11ee..4d8a8b3a4 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -64,7 +64,7 @@ public class UserResource extends BaseResource { Context.getPermissionsManager().checkUserLimit(getUserId()); } else { Context.getPermissionsManager().checkRegistration(getUserId()); - entity.setDeviceLimit(Context.getConfig().getInteger("users.defaultDeviceLimit")); + entity.setDeviceLimit(Context.getConfig().getInteger("users.defaultDeviceLimit", -1)); int expirationDays = Context.getConfig().getInteger("users.defaultExpirationDays"); if (expirationDays > 0) { entity.setExpirationTime( @@ -86,6 +86,7 @@ public class UserResource extends BaseResource { @Path("{id}") @PUT public Response update(User entity) throws SQLException { + Context.getPermissionsManager().checkReadonly(getUserId()); User before = Context.getPermissionsManager().getUser(entity.getId()); Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); Context.getPermissionsManager().checkUserUpdate(getUserId(), before, entity); @@ -99,6 +100,7 @@ public class UserResource extends BaseResource { @Path("{id}") @DELETE public Response remove(@PathParam("id") long id) throws SQLException { + Context.getPermissionsManager().checkReadonly(getUserId()); Context.getPermissionsManager().checkUser(getUserId(), id); Context.getPermissionsManager().removeUser(id); if (Context.getGeofenceManager() != null) { |