X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fnet%2Fpterodactylus%2Fsone%2Fweb%2Fajax%2FJsonPage.java;h=b027ab80429ddf6379fcad460114d1c4f2c8b4a1;hb=5d34e89cf36cff92483e172df76ae56db7c19d0c;hp=605afafcd934229c0c6c65e7b71f886db3dd3ca4;hpb=7815943b9ecc1199e11dd8be9736d6f3e892118e;p=Sone.git diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java index 605afaf..b027ab8 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java @@ -137,6 +137,16 @@ public abstract class JsonPage implements Page { return true; } + /** + * Returns whether this page requires the user to be logged in. + * + * @return {@code true} if the user needs to be logged in to use this page, + * {@code false} otherwise + */ + protected boolean requiresLogin() { + return true; + } + // // PROTECTED METHODS // @@ -178,10 +188,18 @@ public abstract class JsonPage implements Page { */ @Override public Response handleRequest(Request request) { + if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) { + return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + } if (needsFormPassword()) { String formPassword = request.getHttpRequest().getParam("formPassword"); if (!webInterface.getFormPassword().equals(formPassword)) { - return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + } + } + if (requiresLogin()) { + if (getCurrentSone(request.getToadletContext(), false) == null) { + return new Response(403, "Forbidden", "application/json", JsonUtils.format(createErrorJsonObject("auth-required"))); } } JsonObject jsonObject = createJsonObject(request);