From 3eff91673944f202e0aebe20faa925011568b685 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Sun, 20 Dec 2015 14:40:15 +1300
Subject: Check permissions for REST API calls

---
 src/org/traccar/api/resource/ServerResource.java | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

(limited to 'src/org/traccar/api/resource/ServerResource.java')

diff --git a/src/org/traccar/api/resource/ServerResource.java b/src/org/traccar/api/resource/ServerResource.java
index 36f7f14c3..54c04d21b 100644
--- a/src/org/traccar/api/resource/ServerResource.java
+++ b/src/org/traccar/api/resource/ServerResource.java
@@ -25,7 +25,6 @@ import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.sql.SQLException;
@@ -37,22 +36,15 @@ public class ServerResource extends BaseResource {
 
     @PermitAll
     @GET
-    public Server get() {
-        try {
-            return Context.getDataManager().getServer();
-        } catch (SQLException e) {
-            throw new WebApplicationException(e);
-        }
+    public Server get() throws SQLException {
+        return Context.getDataManager().getServer();
     }
 
     @PUT
-    public Response update(Server entity) {
-        try {
-            Context.getDataManager().updateServer(entity);
-            return Response.ok(entity).build();
-        } catch (SQLException e) {
-            throw new WebApplicationException(e);
-        }
+    public Response update(Server entity) throws SQLException {
+        Context.getPermissionsManager().checkAdmin(getUserId());
+        Context.getDataManager().updateServer(entity);
+        return Response.ok(entity).build();
     }
 
 }
-- 
cgit v1.2.3