projects / Sone.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implement full access requirement in all pages.
[Sone.git] / src / main / java / net / pterodactylus / sone / web / ajax / JsonPage.java
diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
index 8d48bce..893b7ae 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
@@ -188,6 +188,9 @@ public abstract class JsonPage implements Page {
         */
        @Override
        public Response handleRequest(Request request) {
+               if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) {
+                       return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+               }
                if (needsFormPassword()) {
                        String formPassword = request.getHttpRequest().getParam("formPassword");
                        if (!webInterface.getFormPassword().equals(formPassword)) {
Sone – The Social Network plugin for Freenet