1.1 --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java Mon Jan 11 10:16:57 2010 +0100
1.2 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java Sun Apr 25 21:20:09 2010 +0200
1.3 @@ -184,13 +184,16 @@
1.4 @QueryParam("player") String player,
1.5 @QueryParam("move") String move,
1.6 @QueryParam("comment") String comment
1.7 - ) throws IllegalPositionException {
1.8 + ) throws IllegalPositionException, IOException {
1.9 String logUser = quoridor.isLoggedIn(loginId);
1.10 if (logUser == null) {
1.11 throw new WebApplicationException(Status.UNAUTHORIZED);
1.12 }
1.13 if (!logUser.equals(player)) {
1.14 - throw new WebApplicationException(Status.UNAUTHORIZED);
1.15 + User info = quoridor.getUsers().getUserInfo(loginId, logUser);
1.16 + if (info == null || !info.hasPermission("resign")) {
1.17 + throw new WebApplicationException(Status.UNAUTHORIZED);
1.18 + }
1.19 }
1.20 if (comment == null && move == null) {
1.21 throw new WebApplicationException(Status.BAD_REQUEST);