diff options
Diffstat (limited to 'src/main/java/org/traccar/api/security')
-rw-r--r-- | src/main/java/org/traccar/api/security/PermissionsService.java | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/main/java/org/traccar/api/security/PermissionsService.java b/src/main/java/org/traccar/api/security/PermissionsService.java index 4421572d7..18a376601 100644 --- a/src/main/java/org/traccar/api/security/PermissionsService.java +++ b/src/main/java/org/traccar/api/security/PermissionsService.java @@ -1,5 +1,5 @@ /* - * Copyright 2022 Anton Tananaev (anton@traccar.org) + * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,6 +23,7 @@ import org.traccar.model.Device; import org.traccar.model.Group; import org.traccar.model.GroupedModel; import org.traccar.model.ManagedUser; +import org.traccar.model.Notification; import org.traccar.model.ScheduledModel; import org.traccar.model.Server; import org.traccar.model.User; @@ -129,7 +130,7 @@ public class PermissionsService { GroupedModel before = null; if (!addition) { before = storage.getObject(after.getClass(), new Request( - new Columns.Include("groupId"), new Condition.Equals("id", object.getId()))); + new Columns.Include("groupId"), new Condition.Equals("id", after.getId()))); } if (before == null || before.getGroupId() != after.getGroupId()) { checkPermission(Group.class, userId, after.getGroupId()); @@ -142,13 +143,26 @@ public class PermissionsService { ScheduledModel before = null; if (!addition) { before = storage.getObject(after.getClass(), new Request( - new Columns.Include("calendarId"), new Condition.Equals("id", object.getId()))); + new Columns.Include("calendarId"), new Condition.Equals("id", after.getId()))); } if (before == null || before.getCalendarId() != after.getCalendarId()) { checkPermission(Calendar.class, userId, after.getCalendarId()); } } } + if (object instanceof Notification) { + Notification after = ((Notification) object); + if (after.getCommandId() > 0) { + Notification before = null; + if (!addition) { + before = storage.getObject(after.getClass(), new Request( + new Columns.Include("commandId"), new Condition.Equals("id", after.getId()))); + } + if (before == null || before.getCommandId() != after.getCommandId()) { + checkPermission(Command.class, userId, after.getCommandId()); + } + } + } } } |