From 17f5a899a08b992507b574eeb4047b1f6bfa8629 Mon Sep 17 00:00:00 2001 From: Abyss777 Date: Wed, 19 Oct 2016 18:35:28 +0500 Subject: - Filter events on server side - Use common path for templates - Filter events about geofences that user do not have access (minor security fix) - Removed unused function - Visual templates improvements --- src/org/traccar/api/resource/EventResource.java | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'src/org/traccar/api') diff --git a/src/org/traccar/api/resource/EventResource.java b/src/org/traccar/api/resource/EventResource.java index 74a748ea5..c0a8f968d 100644 --- a/src/org/traccar/api/resource/EventResource.java +++ b/src/org/traccar/api/resource/EventResource.java @@ -1,14 +1,12 @@ package org.traccar.api.resource; import java.sql.SQLException; -import java.util.Collection; import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import org.traccar.Context; @@ -26,14 +24,9 @@ public class EventResource extends BaseResource { public Event get(@PathParam("id") long id) throws SQLException { Event event = Context.getDataManager().getEvent(id); Context.getPermissionsManager().checkDevice(getUserId(), event.getDeviceId()); + if (event.getGeofenceId() != 0) { + Context.getPermissionsManager().checkGeofence(getUserId(), event.getGeofenceId()); + } return event; } - - @GET - public Collection get( - @QueryParam("deviceId") long deviceId, @QueryParam("type") String type, - @QueryParam("interval") int interval) throws SQLException { - Context.getPermissionsManager().checkDevice(getUserId(), deviceId); - return Context.getDataManager().getLastEvents(deviceId, type, interval); - } } -- cgit v1.2.3