1.1 --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 19:57:02 2009 +0100
     1.2 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Wed Dec 23 07:59:16 2009 +0100
     1.3 @@ -134,7 +134,7 @@
     1.4          @QueryParam("loginID") @DefaultValue("") String loginId,
     1.5          @PathParam("id") String id,
     1.6          @QueryParam("move") @DefaultValue("-1") int move
     1.7 -    ) {
     1.8 +    ) throws IOException {
     1.9          Game g = findGame(id, move);
    1.10          if (canSee(g.getId(), loginId)) {
    1.11              return g;
    1.12 @@ -142,7 +142,7 @@
    1.13          throw new WebApplicationException(Status.UNAUTHORIZED);
    1.14      }
    1.15  
    1.16 -    private boolean canSee(GameId id, String loginId) {
    1.17 +    private boolean canSee(GameId id, String loginId) throws IOException {
    1.18          if (!id.isFinished()) {
    1.19              return true;
    1.20          }
    1.21 @@ -156,6 +156,10 @@
    1.22          if (logUser.equals(id.getBlack())) {
    1.23              return true;
    1.24          }
    1.25 +        User info = quoridor.getUsers().getUserInfo(loginId, logUser);
    1.26 +        if (info != null && info.hasPermission("games")) {
    1.27 +            return true;
    1.28 +        }
    1.29          return false;
    1.30      }
    1.31  
    1.32 @@ -204,7 +208,7 @@
    1.33      public List<GameId> listGames(
    1.34          @DefaultValue("") @QueryParam("loginID") String loginId,
    1.35          @DefaultValue("") @QueryParam("status") String status
    1.36 -    ) {
    1.37 +    ) throws IOException {
    1.38          List<GameId> arr = new ArrayList<GameId>(games.size());
    1.39          for (Game g : games) {
    1.40              if (!canSee(g.getId(), loginId)) {