diff -r 2949998db4f6 -r 8c9131715765 webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java
--- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 18:47:49 2009 +0100
+++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 19:57:02 2009 +0100
@@ -136,20 +136,27 @@
         @QueryParam("move") @DefaultValue("-1") int move
     ) {
         Game g = findGame(id, move);
-        if (!g.getId().isFinished()) {
+        if (canSee(g.getId(), loginId)) {
             return g;
         }
+        throw new WebApplicationException(Status.UNAUTHORIZED);
+    }
+
+    private boolean canSee(GameId id, String loginId) {
+        if (!id.isFinished()) {
+            return true;
+        }
         String logUser = quoridor.isLoggedIn(loginId);
         if (logUser == null) {
-            throw new WebApplicationException(Status.UNAUTHORIZED);
+            return false;
         }
-        if (logUser.equals(g.getId().getWhite())) {
-            return g;
+        if (logUser.equals(id.getWhite())) {
+            return true;
         }
-        if (logUser.equals(g.getId().getBlack())) {
-            return g;
+        if (logUser.equals(id.getBlack())) {
+            return true;
         }
-        throw new WebApplicationException(Status.UNAUTHORIZED);
+        return false;
     }
 
     @PUT
@@ -195,10 +202,14 @@
     @GET
     @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
     public List<GameId> listGames(
+        @DefaultValue("") @QueryParam("loginID") String loginId,
         @DefaultValue("") @QueryParam("status") String status
     ) {
         List<GameId> arr = new ArrayList<GameId>(games.size());
         for (Game g : games) {
+            if (!canSee(g.getId(), loginId)) {
+                continue;
+            }
             if (status.length() == 0 || g.getId().getStatus().toString().equals(status)) {
                 arr.add(g.getId());
             }