aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/api')
-rw-r--r--src/org/traccar/api/resource/UserPermissionResource.java9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/org/traccar/api/resource/UserPermissionResource.java b/src/org/traccar/api/resource/UserPermissionResource.java
index 35e22e6d4..a97c4a665 100644
--- a/src/org/traccar/api/resource/UserPermissionResource.java
+++ b/src/org/traccar/api/resource/UserPermissionResource.java
@@ -38,18 +38,17 @@ public class UserPermissionResource extends BaseResource {
@POST
public Response add(UserPermission entity) throws SQLException {
Context.getPermissionsManager().checkAdmin(getUserId());
- if (entity.getUserId() == entity.getOtherUserId()) {
- throw new SecurityException("Selfmanagement prohibited");
+ if (entity.getUserId() != entity.getManagedUserId()) {
+ Context.getDataManager().linkUser(entity.getUserId(), entity.getManagedUserId());
+ Context.getPermissionsManager().refreshUserPermissions();
}
- Context.getDataManager().linkUser(entity.getUserId(), entity.getOtherUserId());
- Context.getPermissionsManager().refreshUserPermissions();
return Response.ok(entity).build();
}
@DELETE
public Response remove(UserPermission entity) throws SQLException {
Context.getPermissionsManager().checkAdmin(getUserId());
- Context.getDataManager().unlinkUser(entity.getUserId(), entity.getOtherUserId());
+ Context.getDataManager().unlinkUser(entity.getUserId(), entity.getManagedUserId());
Context.getPermissionsManager().refreshUserPermissions();
return Response.noContent().build();
}