X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fnet%2Fpterodactylus%2Fsone%2Fweb%2Fajax%2FJsonPage.java;h=b027ab80429ddf6379fcad460114d1c4f2c8b4a1;hb=b72db16cd16e8bfbaadc44604bdff3f49a1aff51;hp=fb0a5bb050598cc7d3670797c73a3b4c07f61b6e;hpb=a1b807f1cd3606c38cefe955172d7c5b297c6e3a;p=Sone.git

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
index fb0a5bb..b027ab8 100644
--- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
@@ -17,8 +17,6 @@
 
 package net.pterodactylus.sone.web.ajax;
 
-import java.util.UUID;
-
 import net.pterodactylus.sone.data.Sone;
 import net.pterodactylus.sone.web.WebInterface;
 import net.pterodactylus.sone.web.page.Page;
@@ -68,7 +66,7 @@ public abstract class JsonPage implements Page {
 	 *         session
 	 */
 	protected Session getCurrentSession(ToadletContext toadletContenxt) {
-		return getCurrentSession(toadletContenxt, true);
+		return webInterface.getCurrentSession(toadletContenxt);
 	}
 
 	/**
@@ -84,15 +82,7 @@ public abstract class JsonPage implements Page {
 	 *         session
 	 */
 	protected Session getCurrentSession(ToadletContext toadletContenxt, boolean create) {
-		try {
-			Session session = webInterface.sessionManager().useSession(toadletContenxt);
-			if (create && (session == null)) {
-				session = webInterface.sessionManager().createSession(UUID.randomUUID().toString(), toadletContenxt);
-			}
-			return session;
-		} catch (freenet.clients.http.RedirectException re1) {
-			return null;
-		}
+		return webInterface.getCurrentSession(toadletContenxt, create);
 	}
 
 	/**
@@ -104,20 +94,22 @@ public abstract class JsonPage implements Page {
 	 *         currently logged in
 	 */
 	protected Sone getCurrentSone(ToadletContext toadletContext) {
-		Session session = getCurrentSession(toadletContext);
-		if (session == null) {
-			return null;
-		}
-		String soneId = (String) session.getAttribute("Sone.CurrentSone");
-		if (soneId == null) {
-			return null;
-		}
-		for (Sone sone : webInterface.core().getSones()) {
-			if (sone.getId().equals(soneId)) {
-				return sone;
-			}
-		}
-		return null;
+		return webInterface.getCurrentSone(toadletContext);
+	}
+
+	/**
+	 * Returns the currently logged in Sone.
+	 *
+	 * @param toadletContext
+	 *            The toadlet context
+	 * @param create
+	 *            {@code true} to create a new session if no session exists,
+	 *            {@code false} to not create a new session
+	 * @return The currently logged in Sone, or {@code null} if no Sone is
+	 *         currently logged in
+	 */
+	protected Sone getCurrentSone(ToadletContext toadletContext, boolean create) {
+		return webInterface.getCurrentSone(toadletContext, create);
 	}
 
 	//
@@ -145,6 +137,40 @@ public abstract class JsonPage implements Page {
 		return true;
 	}
 
+	/**
+	 * Returns whether this page requires the user to be logged in.
+	 *
+	 * @return {@code true} if the user needs to be logged in to use this page,
+	 *         {@code false} otherwise
+	 */
+	protected boolean requiresLogin() {
+		return true;
+	}
+
+	//
+	// PROTECTED METHODS
+	//
+
+	/**
+	 * Creates a success reply.
+	 *
+	 * @return A reply signaling success
+	 */
+	protected JsonObject createSuccessJsonObject() {
+		return new JsonObject().put("success", true);
+	}
+
+	/**
+	 * Creates an error reply.
+	 *
+	 * @param error
+	 *            The error that has occured
+	 * @return The JSON object, signalling failure and the error code
+	 */
+	protected JsonObject createErrorJsonObject(String error) {
+		return new JsonObject().put("success", false).put("error", error);
+	}
+
 	//
 	// PAGE METHODS
 	//
@@ -162,10 +188,18 @@ public abstract class JsonPage implements Page {
 	 */
 	@Override
 	public Response handleRequest(Request request) {
+		if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) {
+			return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+		}
 		if (needsFormPassword()) {
 			String formPassword = request.getHttpRequest().getParam("formPassword");
-			if (!webInterface.formPassword().equals(formPassword)) {
-				return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false)));
+			if (!webInterface.getFormPassword().equals(formPassword)) {
+				return new Response(403, "Forbidden", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+			}
+		}
+		if (requiresLogin()) {
+			if (getCurrentSone(request.getToadletContext(), false) == null) {
+				return new Response(403, "Forbidden", "application/json", JsonUtils.format(createErrorJsonObject("auth-required")));
 			}
 		}
 		JsonObject jsonObject = createJsonObject(request);