aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2018-01-29 19:19:35 +1300
committerGitHub <noreply@github.com>2018-01-29 19:19:35 +1300
commitce1212355723b342106f9b97a1ac15fd3c344621 (patch)
tree99015fa150d4a4a4a4560d9857c4ad511bf80065 /src/org/traccar/api
parent98f14df734f2772d65c28ab4364e37f16efabbad (diff)
parent400a82e0c1817f02fcc2b0cf3ffe6f8ee5abf05f (diff)
downloadtrackermap-server-ce1212355723b342106f9b97a1ac15fd3c344621.tar.gz
trackermap-server-ce1212355723b342106f9b97a1ac15fd3c344621.tar.bz2
trackermap-server-ce1212355723b342106f9b97a1ac15fd3c344621.zip
Merge pull request #3741 from Abyss777/fix_scheduled
Fix ScheduledModel objects permission check
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/BaseObjectResource.java19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java
index e4e00938f..7de6a3877 100644
--- a/src/org/traccar/api/BaseObjectResource.java
+++ b/src/org/traccar/api/BaseObjectResource.java
@@ -37,6 +37,7 @@ import org.traccar.model.Calendar;
import org.traccar.model.Command;
import org.traccar.model.Device;
import org.traccar.model.Group;
+import org.traccar.model.GroupedModel;
import org.traccar.model.ScheduledModel;
import org.traccar.model.User;
@@ -79,9 +80,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
Context.getPermissionsManager().checkDeviceLimit(getUserId());
} else if (baseClass.equals(Command.class)) {
Context.getPermissionsManager().checkLimitCommands(getUserId());
- } else if (entity instanceof ScheduledModel) {
- Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
- ((ScheduledModel) entity).getCalendarId());
+ } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Group.class, getUserId(), ((GroupedModel) entity).getGroupId());
+ } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId());
}
BaseObjectManager<T> manager = Context.getManager(baseClass);
@@ -111,9 +115,12 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity);
} else if (baseClass.equals(Command.class)) {
Context.getPermissionsManager().checkLimitCommands(getUserId());
- } else if (entity instanceof ScheduledModel) {
- Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
- ((ScheduledModel) entity).getCalendarId());
+ } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Group.class, getUserId(), ((GroupedModel) entity).getGroupId());
+ } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
+ Context.getPermissionsManager().checkPermission(
+ Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId());
}
Context.getPermissionsManager().checkPermission(baseClass, getUserId(), entity.getId());