aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/http
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2015-06-27 10:50:40 +1200
committerAnton Tananaev <anton.tananaev@gmail.com>2015-06-27 10:50:40 +1200
commit136be53a084b84a0a764d0d326146fca241733f4 (patch)
treed8f4756ecbd1376a51d40bee085e595f6c64d8b3 /src/org/traccar/http
parentdeea5b703fd83e699d62600d93b3e28ac71188a1 (diff)
downloadtrackermap-server-136be53a084b84a0a764d0d326146fca241733f4.tar.gz
trackermap-server-136be53a084b84a0a764d0d326146fca241733f4.tar.bz2
trackermap-server-136be53a084b84a0a764d0d326146fca241733f4.zip
Fix user security issue
Diffstat (limited to 'src/org/traccar/http')
-rw-r--r--src/org/traccar/http/UserServlet.java6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/org/traccar/http/UserServlet.java b/src/org/traccar/http/UserServlet.java
index f388326b0..19a70ac93 100644
--- a/src/org/traccar/http/UserServlet.java
+++ b/src/org/traccar/http/UserServlet.java
@@ -53,7 +53,11 @@ public class UserServlet extends BaseServlet {
private void update(HttpServletRequest req, HttpServletResponse resp) throws Exception {
User user = JsonConverter.objectFromJson(req.getReader(), new User());
- Context.getPermissionsManager().checkUser(getUserId(req), user.getId());
+ if (user.getAdmin()) {
+ Context.getPermissionsManager().checkAdmin(getUserId(req));
+ } else {
+ Context.getPermissionsManager().checkUser(getUserId(req), user.getId());
+ }
Context.getDataManager().updateUser(user);
sendResponse(resp.getWriter(), true);
}