From bda31d967673477331caba9597c1ab57553c4b8d Mon Sep 17 00:00:00 2001
From: Abyss777 <abyss@fox5.ru>
Date: Mon, 29 Jan 2018 09:40:53 +0500
Subject: Fix ScheduledModel objects permission check

---
 src/org/traccar/api/BaseObjectResource.java | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/org/traccar/api')

diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java
index e4e00938f..596195cae 100644
--- a/src/org/traccar/api/BaseObjectResource.java
+++ b/src/org/traccar/api/BaseObjectResource.java
@@ -37,6 +37,7 @@ import org.traccar.model.Calendar;
 import org.traccar.model.Command;
 import org.traccar.model.Device;
 import org.traccar.model.Group;
+import org.traccar.model.GroupedModel;
 import org.traccar.model.ScheduledModel;
 import org.traccar.model.User;
 
@@ -79,7 +80,10 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
             Context.getPermissionsManager().checkDeviceLimit(getUserId());
         } else if (baseClass.equals(Command.class)) {
             Context.getPermissionsManager().checkLimitCommands(getUserId());
-        } else if (entity instanceof ScheduledModel) {
+        } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+            Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
+                    ((GroupedModel) entity).getGroupId());
+        } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
             Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
                     ((ScheduledModel) entity).getCalendarId());
         }
@@ -111,7 +115,10 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
             Context.getPermissionsManager().checkUserUpdate(getUserId(), before, (User) entity);
         } else if (baseClass.equals(Command.class)) {
             Context.getPermissionsManager().checkLimitCommands(getUserId());
-        } else if (entity instanceof ScheduledModel) {
+        } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
+            Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
+                    ((GroupedModel) entity).getGroupId());
+        } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
             Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
                     ((ScheduledModel) entity).getCalendarId());
         }
-- 
cgit v1.2.3


From 400a82e0c1817f02fcc2b0cf3ffe6f8ee5abf05f Mon Sep 17 00:00:00 2001
From: Abyss777 <abyss@fox5.ru>
Date: Mon, 29 Jan 2018 11:01:45 +0500
Subject: Fix formatting

---
 src/org/traccar/api/BaseObjectResource.java | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'src/org/traccar/api')

diff --git a/src/org/traccar/api/BaseObjectResource.java b/src/org/traccar/api/BaseObjectResource.java
index 596195cae..7de6a3877 100644
--- a/src/org/traccar/api/BaseObjectResource.java
+++ b/src/org/traccar/api/BaseObjectResource.java
@@ -81,11 +81,11 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
         } else if (baseClass.equals(Command.class)) {
             Context.getPermissionsManager().checkLimitCommands(getUserId());
         } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
-            Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
-                    ((GroupedModel) entity).getGroupId());
+            Context.getPermissionsManager().checkPermission(
+                    Group.class, getUserId(), ((GroupedModel) entity).getGroupId());
         } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
-            Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
-                    ((ScheduledModel) entity).getCalendarId());
+            Context.getPermissionsManager().checkPermission(
+                    Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId());
         }
 
         BaseObjectManager<T> manager = Context.getManager(baseClass);
@@ -116,11 +116,11 @@ public abstract class BaseObjectResource<T extends BaseModel> extends BaseResour
         } else if (baseClass.equals(Command.class)) {
             Context.getPermissionsManager().checkLimitCommands(getUserId());
         } else if (entity instanceof GroupedModel && ((GroupedModel) entity).getGroupId() != 0) {
-            Context.getPermissionsManager().checkPermission(Group.class, getUserId(),
-                    ((GroupedModel) entity).getGroupId());
+            Context.getPermissionsManager().checkPermission(
+                    Group.class, getUserId(), ((GroupedModel) entity).getGroupId());
         } else if (entity instanceof ScheduledModel && ((ScheduledModel) entity).getCalendarId() != 0) {
-            Context.getPermissionsManager().checkPermission(Calendar.class, getUserId(),
-                    ((ScheduledModel) entity).getCalendarId());
+            Context.getPermissionsManager().checkPermission(
+                    Calendar.class, getUserId(), ((ScheduledModel) entity).getCalendarId());
         }
         Context.getPermissionsManager().checkPermission(baseClass, getUserId(), entity.getId());
 
-- 
cgit v1.2.3