1.1 --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java Tue Dec 08 18:47:49 2009 +0100
1.2 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java Tue Dec 08 19:57:02 2009 +0100
1.3 @@ -136,20 +136,27 @@
1.4 @QueryParam("move") @DefaultValue("-1") int move
1.5 ) {
1.6 Game g = findGame(id, move);
1.7 - if (!g.getId().isFinished()) {
1.8 + if (canSee(g.getId(), loginId)) {
1.9 return g;
1.10 }
1.11 + throw new WebApplicationException(Status.UNAUTHORIZED);
1.12 + }
1.13 +
1.14 + private boolean canSee(GameId id, String loginId) {
1.15 + if (!id.isFinished()) {
1.16 + return true;
1.17 + }
1.18 String logUser = quoridor.isLoggedIn(loginId);
1.19 if (logUser == null) {
1.20 - throw new WebApplicationException(Status.UNAUTHORIZED);
1.21 + return false;
1.22 }
1.23 - if (logUser.equals(g.getId().getWhite())) {
1.24 - return g;
1.25 + if (logUser.equals(id.getWhite())) {
1.26 + return true;
1.27 }
1.28 - if (logUser.equals(g.getId().getBlack())) {
1.29 - return g;
1.30 + if (logUser.equals(id.getBlack())) {
1.31 + return true;
1.32 }
1.33 - throw new WebApplicationException(Status.UNAUTHORIZED);
1.34 + return false;
1.35 }
1.36
1.37 @PUT
1.38 @@ -195,10 +202,14 @@
1.39 @GET
1.40 @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
1.41 public List<GameId> listGames(
1.42 + @DefaultValue("") @QueryParam("loginID") String loginId,
1.43 @DefaultValue("") @QueryParam("status") String status
1.44 ) {
1.45 List<GameId> arr = new ArrayList<GameId>(games.size());
1.46 for (Game g : games) {
1.47 + if (!canSee(g.getId(), loginId)) {
1.48 + continue;
1.49 + }
1.50 if (status.length() == 0 || g.getId().getStatus().toString().equals(status)) {
1.51 arr.add(g.getId());
1.52 }