1 files changed, 6 insertions, 7 deletions

diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index 2d187fe9d..ddbca6b0f 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com)
+ * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,6 +49,7 @@ public class UserResource extends BaseResource {
     public Response add(User entity) throws SQLException {
         if (!Context.getPermissionsManager().isAdmin(getUserId())) {
             Context.getPermissionsManager().checkRegistration(getUserId());
+            Context.getPermissionsManager().checkUserUpdate(getUserId(), new User(), entity);
         }
         Context.getPermissionsManager().addUser(entity);
         if (Context.getNotificationManager() != null) {
@@ -59,12 +60,10 @@ public class UserResource extends BaseResource {
 
     @Path("{id}")
     @PUT
-    public Response update(@PathParam("id") long id, User entity) throws SQLException {
-        if (entity.getAdmin()) {
-            Context.getPermissionsManager().checkAdmin(getUserId());
-        } else {
-            Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
-        }
+    public Response update(User entity) throws SQLException {
+        User before = Context.getPermissionsManager().getUser(entity.getId());
+        Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
+        Context.getPermissionsManager().checkUserUpdate(getUserId(), before, entity);
         Context.getPermissionsManager().updateUser(entity);
         if (Context.getNotificationManager() != null) {
             Context.getNotificationManager().refresh();