X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fnet%2Fpterodactylus%2Fsone%2Fweb%2Fajax%2FJsonPage.java;h=b027ab80429ddf6379fcad460114d1c4f2c8b4a1;hb=5d34e89cf36cff92483e172df76ae56db7c19d0c;hp=8d48bcee09dbcc9658e745f7d451098fa3320019;hpb=2b30e0060ba28dda9be8f85f2198d8daee9e153a;p=Sone.git

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
index 8d48bce..b027ab8 100644
--- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
@@ -188,15 +188,18 @@ public abstract class JsonPage implements Page {
 	 */
 	@Override
 	public Response handleRequest(Request request) {
+		if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) {
+			return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+		}
 		if (needsFormPassword()) {
 			String formPassword = request.getHttpRequest().getParam("formPassword");
 			if (!webInterface.getFormPassword().equals(formPassword)) {
-				return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+				return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
 			}
 		}
 		if (requiresLogin()) {
 			if (getCurrentSone(request.getToadletContext(), false) == null) {
-				return new Response(401, "Not authorized", "application/json", JsonUtils.format(createErrorJsonObject("auth-required")));
+				return new Response(403, "Forbidden", "application/json", JsonUtils.format(createErrorJsonObject("auth-required")));
 			}
 		}
 		JsonObject jsonObject = createJsonObject(request);