diff options
Diffstat (limited to 'src/org/traccar/api/resource/UserResource.java')
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index 2d187fe9d..ddbca6b0f 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 - 2016 Anton Tananaev (anton.tananaev@gmail.com) + * Copyright 2015 - 2016 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -49,6 +49,7 @@ public class UserResource extends BaseResource { public Response add(User entity) throws SQLException { if (!Context.getPermissionsManager().isAdmin(getUserId())) { Context.getPermissionsManager().checkRegistration(getUserId()); + Context.getPermissionsManager().checkUserUpdate(getUserId(), new User(), entity); } Context.getPermissionsManager().addUser(entity); if (Context.getNotificationManager() != null) { @@ -59,12 +60,10 @@ public class UserResource extends BaseResource { @Path("{id}") @PUT - public Response update(@PathParam("id") long id, User entity) throws SQLException { - if (entity.getAdmin()) { - Context.getPermissionsManager().checkAdmin(getUserId()); - } else { - Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); - } + public Response update(User entity) throws SQLException { + User before = Context.getPermissionsManager().getUser(entity.getId()); + Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); + Context.getPermissionsManager().checkUserUpdate(getUserId(), before, entity); Context.getPermissionsManager().updateUser(entity); if (Context.getNotificationManager() != null) { Context.getNotificationManager().refresh(); |