# HG changeset patch
# User Jaroslav Tulach <jtulach@netbeans.org>
# Date 1260298622 -3600
# Node ID 8c9131715765445b0db7b8438a556649addef35c
# Parent  2949998db4f686c85f1e6bf35a02dfd3d5e34b8a
Also the list of games needs to be restricted for not-logged in users

diff -r 2949998db4f6 -r 8c9131715765 webidor/pom.xml
--- a/webidor/pom.xml	Tue Dec 08 18:47:49 2009 +0100
+++ b/webidor/pom.xml	Tue Dec 08 19:57:02 2009 +0100
@@ -9,7 +9,7 @@
   <groupId>org.apidesign</groupId>
   <artifactId>webidor</artifactId>
   <packaging>jar</packaging>
-  <version>1.9</version>
+  <version>1.10</version>
   <name>webidor server</name>
   <url>http://maven.apache.org</url>
   <repositories>
diff -r 2949998db4f6 -r 8c9131715765 webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java
--- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 18:47:49 2009 +0100
+++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Games.java	Tue Dec 08 19:57:02 2009 +0100
@@ -136,20 +136,27 @@
         @QueryParam("move") @DefaultValue("-1") int move
     ) {
         Game g = findGame(id, move);
-        if (!g.getId().isFinished()) {
+        if (canSee(g.getId(), loginId)) {
             return g;
         }
+        throw new WebApplicationException(Status.UNAUTHORIZED);
+    }
+
+    private boolean canSee(GameId id, String loginId) {
+        if (!id.isFinished()) {
+            return true;
+        }
         String logUser = quoridor.isLoggedIn(loginId);
         if (logUser == null) {
-            throw new WebApplicationException(Status.UNAUTHORIZED);
+            return false;
         }
-        if (logUser.equals(g.getId().getWhite())) {
-            return g;
+        if (logUser.equals(id.getWhite())) {
+            return true;
         }
-        if (logUser.equals(g.getId().getBlack())) {
-            return g;
+        if (logUser.equals(id.getBlack())) {
+            return true;
         }
-        throw new WebApplicationException(Status.UNAUTHORIZED);
+        return false;
     }
 
     @PUT
@@ -195,10 +202,14 @@
     @GET
     @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
     public List<GameId> listGames(
+        @DefaultValue("") @QueryParam("loginID") String loginId,
         @DefaultValue("") @QueryParam("status") String status
     ) {
         List<GameId> arr = new ArrayList<GameId>(games.size());
         for (Game g : games) {
+            if (!canSee(g.getId(), loginId)) {
+                continue;
+            }
             if (status.length() == 0 || g.getId().getStatus().toString().equals(status)) {
                 arr.add(g.getId());
             }
diff -r 2949998db4f6 -r 8c9131715765 webidor/src/test/java/cz/xelfi/quoridor/webidor/FinishedGameTest.java
--- a/webidor/src/test/java/cz/xelfi/quoridor/webidor/FinishedGameTest.java	Tue Dec 08 18:47:49 2009 +0100
+++ b/webidor/src/test/java/cz/xelfi/quoridor/webidor/FinishedGameTest.java	Tue Dec 08 19:57:02 2009 +0100
@@ -147,8 +147,10 @@
 
         assertEquals("Jirka wins", "Jirka", end.getCurrentPlayer());
 
-        List<GameId> something = webResource.path("games/").queryParam("status", "blackWon").accept(MediaType.TEXT_XML).get(gType);
+        List<GameId> none = webResource.path("games/").queryParam("status", "blackWon").accept(MediaType.TEXT_XML).get(gType);
+        assertEquals("No games, for not logged in users: " + none, 0, none.size());
 
+        List<GameId> something = webResource.path("games/").queryParam("loginID", logJirka).queryParam("status", "blackWon").accept(MediaType.TEXT_XML).get(gType);
         assertEquals("One game finished: " + something, 1, something.size());
         assertEquals("Id is OK", end.getId().getId(), something.get(0).getId());
     }