X-Git-Url: https://git.pterodactylus.net/?p=Sone.git;a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fnet%2Fpterodactylus%2Fsone%2Fweb%2Fajax%2FJsonPage.java;h=893b7aecd1f731388924e2f6bda3d31d77664207;hp=8d48bcee09dbcc9658e745f7d451098fa3320019;hb=ed57f849f204eee0a3074c1acb7c290ef20ada3a;hpb=8dc44b0d52a3e8b52fb217fb97872ba699fffbaa

diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
index 8d48bce..893b7ae 100644
--- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java
@@ -188,6 +188,9 @@ public abstract class JsonPage implements Page {
 	 */
 	@Override
 	public Response handleRequest(Request request) {
+		if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) {
+			return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required")));
+		}
 		if (needsFormPassword()) {
 			String formPassword = request.getHttpRequest().getParam("formPassword");
 			if (!webInterface.getFormPassword().equals(formPassword)) {