diff options
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 3 | ||||
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 16 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index 2d187fe9d..7790dc908 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -64,6 +64,9 @@ public class UserResource extends BaseResource { Context.getPermissionsManager().checkAdmin(getUserId()); } else { Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); + if (!entity.getReadonly()) { + Context.getPermissionsManager().checkReadonly(entity.getId()); + } } Context.getPermissionsManager().updateUser(entity); if (Context.getNotificationManager() != null) { diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index f5fed978a..e9aaef8f9 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -140,6 +140,16 @@ public class PermissionsManager { } } + public boolean isReadonly(long userId) { + return users.containsKey(userId) && users.get(userId).getReadonly(); + } + + public void checkReadonly(long userId) throws SecurityException { + if (isReadonly(userId)) { + throw new SecurityException("User is readonly"); + } + } + public void checkUser(long userId, long otherUserId) throws SecurityException { if (userId != otherUserId) { checkAdmin(userId); @@ -164,12 +174,6 @@ public class PermissionsManager { } } - public void checkReadonly(long userId) { - if (server.getReadonly() && !isAdmin(userId)) { - throw new SecurityException("Readonly user"); - } - } - public void checkGeofence(long userId, long geofenceId) throws SecurityException { if (!Context.getGeofenceManager().checkGeofence(userId, geofenceId) && !isAdmin(userId)) { throw new SecurityException("Geofence access denied"); |