diff options
| author | Anton Tananaev <anton.tananaev@gmail.com> | 2015-06-13 17:36:31 +1200 |
|---|---|---|
| committer | Anton Tananaev <anton.tananaev@gmail.com> | 2015-06-13 17:36:31 +1200 |
| commit | fc75fe4ab4f8ea9de58c41772fdd92c10c73f2bc (patch) | |
| tree | 9418ef08d1b5d8858922b90e4c0b9e2f1747b2ee /src/org/traccar/http/PositionServlet.java | |
| parent | bd4c32abced2bb654b64a2042668340167d6b191 (diff) | |
| download | trackermap-server-fc75fe4ab4f8ea9de58c41772fdd92c10c73f2bc.tar.gz trackermap-server-fc75fe4ab4f8ea9de58c41772fdd92c10c73f2bc.tar.bz2 trackermap-server-fc75fe4ab4f8ea9de58c41772fdd92c10c73f2bc.zip | |
Fix API access permissions
Diffstat (limited to 'src/org/traccar/http/PositionServlet.java')
| -rw-r--r-- | src/org/traccar/http/PositionServlet.java | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/org/traccar/http/PositionServlet.java b/src/org/traccar/http/PositionServlet.java index e6348ec54..57b411a79 100644 --- a/src/org/traccar/http/PositionServlet.java +++ b/src/org/traccar/http/PositionServlet.java @@ -15,10 +15,9 @@ */ package org.traccar.http; -import org.traccar.Context; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.traccar.Context; public class PositionServlet extends BaseServlet { @@ -31,10 +30,11 @@ public class PositionServlet extends BaseServlet { } private void get(HttpServletRequest req, HttpServletResponse resp) throws Exception { + long deviceId = Long.valueOf(req.getParameter("deviceId")); + Context.getPermissionsManager().checkDevice(getUserId(req), deviceId); sendResponse(resp.getWriter(), JsonConverter.arrayToJson( Context.getDataManager().getPositions( - getUserId(req.getSession()), - Long.valueOf(req.getParameter("deviceId")), + getUserId(req), deviceId, JsonConverter.parseDate(req.getParameter("from")), JsonConverter.parseDate(req.getParameter("to"))))); } |