1.1 --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Mon Jan 11 10:16:57 2010 +0100
     1.2 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Sun Apr 25 21:20:09 2010 +0200
     1.3 @@ -184,13 +184,16 @@
     1.4          @QueryParam("player") String player,
     1.5          @QueryParam("move") String move,
     1.6          @QueryParam("comment") String comment
     1.7 -    ) throws IllegalPositionException {
     1.8 +    ) throws IllegalPositionException, IOException {
     1.9          String logUser = quoridor.isLoggedIn(loginId);
    1.10          if (logUser == null) {
    1.11              throw new WebApplicationException(Status.UNAUTHORIZED);
    1.12          }
    1.13          if (!logUser.equals(player)) {
    1.14 -            throw new WebApplicationException(Status.UNAUTHORIZED);
    1.15 +            User info = quoridor.getUsers().getUserInfo(loginId, logUser);
    1.16 +            if (info == null || !info.hasPermission("resign")) {
    1.17 +                throw new WebApplicationException(Status.UNAUTHORIZED);
    1.18 +            }
    1.19          }
    1.20          if (comment == null && move == null) {
    1.21              throw new WebApplicationException(Status.BAD_REQUEST);