Merge pull request #2835 from Abyss777/devicereadonly_aliases

Device readonly user shouldn't be able edit attribute aliases
author: Anton Tananaev <anton.tananaev@gmail.com> 2017-01-26 21:29:17 +1300
committer: GitHub <noreply@github.com> 2017-01-26 21:29:17 +1300
commit: 3a0f3d948952c18260d739c02794848a2cfc0d25 (patch)
tree: 21fd0f2a1ae71d020c9d4e2f645101b6987b1695 /src
parent: 3155b8697a9b3f8023e085a766a439eee4c058db (diff)
parent: e40094735b4ddaf4de68bcf3858a9317adc8b3b7 (diff)
download: trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.tar.gz
trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.tar.bz2
trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/org/traccar/api/resource/AttributeAliasResource.java b/src/org/traccar/api/resource/AttributeAliasResource.java
index db767616f..b2636acf1 100644
--- a/src/org/traccar/api/resource/AttributeAliasResource.java
+++ b/src/org/traccar/api/resource/AttributeAliasResource.java
@@ -55,6 +55,7 @@ public class AttributeAliasResource extends BaseResource {
     @POST
     public Response add(AttributeAlias entity) throws SQLException {
         Context.getPermissionsManager().checkReadonly(getUserId());
+        Context.getPermissionsManager().checkDeviceReadonly(getUserId());
         if (!Context.getPermissionsManager().isAdmin(getUserId())) {
             Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
         }
@@ -66,6 +67,7 @@ public class AttributeAliasResource extends BaseResource {
     @PUT
     public Response update(AttributeAlias entity) throws SQLException {
         Context.getPermissionsManager().checkReadonly(getUserId());
+        Context.getPermissionsManager().checkDeviceReadonly(getUserId());
         if (!Context.getPermissionsManager().isAdmin(getUserId())) {
             AttributeAlias oldEntity = Context.getAliasesManager().getAttributeAlias(entity.getId());
             Context.getPermissionsManager().checkDevice(getUserId(), oldEntity.getDeviceId());
@@ -79,6 +81,7 @@ public class AttributeAliasResource extends BaseResource {
     @DELETE
     public Response remove(@PathParam("id") long id) throws SQLException {
         Context.getPermissionsManager().checkReadonly(getUserId());
+        Context.getPermissionsManager().checkDeviceReadonly(getUserId());
         if (!Context.getPermissionsManager().isAdmin(getUserId())) {
             AttributeAlias entity = Context.getAliasesManager().getAttributeAlias(id);
             Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
author	Anton Tananaev <anton.tananaev@gmail.com>	2017-01-26 21:29:17 +1300
committer	GitHub <noreply@github.com>	2017-01-26 21:29:17 +1300
commit	3a0f3d948952c18260d739c02794848a2cfc0d25 (patch)
tree	21fd0f2a1ae71d020c9d4e2f645101b6987b1695 /src
parent	3155b8697a9b3f8023e085a766a439eee4c058db (diff)
parent	e40094735b4ddaf4de68bcf3858a9317adc8b3b7 (diff)
download	trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.tar.gz trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.tar.bz2 trackermap-server-3a0f3d948952c18260d739c02794848a2cfc0d25.zip