- Sone currentSone = getCurrentSone(request.getToadletContext());
- if (currentSone == null) {
- return createErrorJsonObject("auth-required");
+ String senderId = request.getHttpRequest().getParam("sender");
+ Optional<Sone> sender = webInterface.getCore().getLocalSone(senderId);
+ if (!sender.isPresent()) {
+ sender = fromNullable(getCurrentSone(request.getToadletContext()));
+ if (!sender.isPresent()) {
+ return createErrorJsonObject("invalid-sone-id");
+ }