diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2018-01-29 19:19:35 +1300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-29 19:19:35 +1300 |
commit | ce1212355723b342106f9b97a1ac15fd3c344621 (patch) | |
tree | 99015fa150d4a4a4a4560d9857c4ad511bf80065 /src/org/traccar/api | |
parent | 98f14df734f2772d65c28ab4364e37f16efabbad (diff) | |
parent | 400a82e0c1817f02fcc2b0cf3ffe6f8ee5abf05f (diff) | |
download | trackermap-server-ce1212355723b342106f9b97a1ac15fd3c344621.tar.gz trackermap-server-ce1212355723b342106f9b97a1ac15fd3c344621.tar.bz2 trackermap-server-ce1212355723b342106f9b97a1ac15fd3c344621.zip |
Merge pull request #3741 from Abyss777/fix_scheduled
Fix ScheduledModel objects permission check
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r-- | src/org/traccar/api/BaseObjectResource.java | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java index e4e00938f..7de6a3877 100644 --- a/src/org/traccar/api/BaseObjectResource.java +++ b/src/org/traccar/api/BaseObjectResource.java @@ -37,6 +37,7 @@ import org.traccar.model.Calendar; import org.traccar.model.Command; import org.traccar.model.Device; import org.traccar.model.Group; +import org.traccar.model.GroupedModel; import org.traccar.model.ScheduledModel; import org.traccar.model.User; @@ -79,9 +80,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour Context.getPermissionsManager().checkDeviceLimit(getUserId()); } else if (baseClass.equals(Command.class)) { Context.getPermissionsManager().checkLimitCommands(getUserId()); - } else if (entity instanceof ScheduledModel) { - Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(), - ((ScheduledModel) entity).getCalendarId()); + } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) { + Context.getPermissionsManager().checkPermission( + Group.class, getUserId(), ((GroupedModel) entity).getGroupId()); + } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) { + Context.getPermissionsManager().checkPermission( + Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId()); } BaseObjectManager<T> manager = Context.getManager(baseClass); @@ -111,9 +115,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity); } else if (baseClass.equals(Command.class)) { Context.getPermissionsManager().checkLimitCommands(getUserId()); - } else if (entity instanceof ScheduledModel) { - Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(), - ((ScheduledModel) entity).getCalendarId()); + } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) { + Context.getPermissionsManager().checkPermission( + Group.class, getUserId(), ((GroupedModel) entity).getGroupId()); + } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) { + Context.getPermissionsManager().checkPermission( + Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId()); } Context.getPermissionsManager().checkPermission(baseClass, getUserId(), entity.getId()); |