1.1 --- a/webidor/pom.xml	Tue Dec 08 18:47:49 2009 +0100
     1.2 +++ b/webidor/pom.xml	Tue Dec 08 19:57:02 2009 +0100
     1.3 @@ -9,7 +9,7 @@
     1.4    <groupId>org.apidesign</groupId>
     1.5    <artifactId>webidor</artifactId>
     1.6    <packaging>jar</packaging>
     1.7 -  <version>1.9</version>
     1.8 +  <version>1.10</version>
     1.9    <name>webidor server</name>
    1.10    <url>http://maven.apache.org</url>
    1.11    <repositories>

     2.1 --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 18:47:49 2009 +0100
     2.2 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 19:57:02 2009 +0100
     2.3 @@ -136,20 +136,27 @@
     2.4          @QueryParam("move") @DefaultValue("-1") int move
     2.5      ) {
     2.6          Game g = findGame(id, move);
     2.7 -        if (!g.getId().isFinished()) {
     2.8 +        if (canSee(g.getId(), loginId)) {
     2.9              return g;
    2.10          }
    2.11 +        throw new WebApplicationException(Status.UNAUTHORIZED);
    2.12 +    }
    2.13 +
    2.14 +    private boolean canSee(GameId id, String loginId) {
    2.15 +        if (!id.isFinished()) {
    2.16 +            return true;
    2.17 +        }
    2.18          String logUser = quoridor.isLoggedIn(loginId);
    2.19          if (logUser == null) {
    2.20 -            throw new WebApplicationException(Status.UNAUTHORIZED);
    2.21 +            return false;
    2.22          }
    2.23 -        if (logUser.equals(g.getId().getWhite())) {
    2.24 -            return g;
    2.25 +        if (logUser.equals(id.getWhite())) {
    2.26 +            return true;
    2.27          }
    2.28 -        if (logUser.equals(g.getId().getBlack())) {
    2.29 -            return g;
    2.30 +        if (logUser.equals(id.getBlack())) {
    2.31 +            return true;
    2.32          }
    2.33 -        throw new WebApplicationException(Status.UNAUTHORIZED);
    2.34 +        return false;
    2.35      }
    2.36  
    2.37      @PUT
    2.38 @@ -195,10 +202,14 @@
    2.39      @GET
    2.40      @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
    2.41      public List<GameId> listGames(
    2.42 +        @DefaultValue("") @QueryParam("loginID") String loginId,
    2.43          @DefaultValue("") @QueryParam("status") String status
    2.44      ) {
    2.45          List<GameId> arr = new ArrayList<GameId>(games.size());
    2.46          for (Game g : games) {
    2.47 +            if (!canSee(g.getId(), loginId)) {
    2.48 +                continue;
    2.49 +            }
    2.50              if (status.length() == 0 || g.getId().getStatus().toString().equals(status)) {
    2.51                  arr.add(g.getId());
    2.52              }

     3.1 --- a/webidor/src/test/java/cz/xelfi/quoridor/webidor/FinishedGameTest.java	Tue Dec 08 18:47:49 2009 +0100
     3.2 +++ b/webidor/src/test/java/cz/xelfi/quoridor/webidor/FinishedGameTest.java	Tue Dec 08 19:57:02 2009 +0100
     3.3 @@ -147,8 +147,10 @@
     3.4  
     3.5          assertEquals("Jirka wins", "Jirka", end.getCurrentPlayer());
     3.6  
     3.7 -        List<GameId> something = webResource.path("games/").queryParam("status", "blackWon").accept(MediaType.TEXT_XML).get(gType);
     3.8 +        List<GameId> none = webResource.path("games/").queryParam("status", "blackWon").accept(MediaType.TEXT_XML).get(gType);
     3.9 +        assertEquals("No games, for not logged in users: " + none, 0, none.size());
    3.10  
    3.11 +        List<GameId> something = webResource.path("games/").queryParam("loginID", logJirka).queryParam("status", "blackWon").accept(MediaType.TEXT_XML).get(gType);
    3.12          assertEquals("One game finished: " + something, 1, something.size());
    3.13          assertEquals("Id is OK", end.getId().getId(), something.get(0).getId());
    3.14      }