From 648096e5bad55a22f4e45a455eb219692039e900 Mon Sep 17 00:00:00 2001
From: Abyss777 <abyss@fox5.ru>
Date: Tue, 7 Feb 2017 11:38:57 +0500
Subject: Do not allow readonly users send commands

---
 src/org/traccar/api/resource/CommandResource.java | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/org/traccar/api')

diff --git a/src/org/traccar/api/resource/CommandResource.java b/src/org/traccar/api/resource/CommandResource.java
index cce2dac2b..e13ae9de8 100644
--- a/src/org/traccar/api/resource/CommandResource.java
+++ b/src/org/traccar/api/resource/CommandResource.java
@@ -33,6 +33,8 @@ public class CommandResource extends BaseResource {
 
     @POST
     public Response add(Command entity) {
+        Context.getPermissionsManager().checkReadonly(getUserId());
+        Context.getPermissionsManager().checkDeviceReadonly(getUserId());
         Context.getPermissionsManager().checkDevice(getUserId(), entity.getDeviceId());
         Context.getConnectionManager().getActiveDevice(entity.getDeviceId()).sendCommand(entity);
         return Response.ok(entity).build();
-- 
cgit v1.2.3