fix: correct authorization checking for support accessing certificates

[gigi.git] / src / club / wpia / gigi / pages / account / certs / Certificates.java

diff --git a/src/club/wpia/gigi/pages/account/certs/Certificates.java b/src/club/wpia/gigi/pages/account/certs/Certificates.java
index 07028f6ff217a48bc4b5c0ed081928c1bd5e6756..5abf20e52a75035b4a88d31fed00b5611cc0cac5 100644 (file)
--- a/src/club/wpia/gigi/pages/account/certs/Certificates.java
+++ b/src/club/wpia/gigi/pages/account/certs/Certificates.java
@@ -74,7 +74,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
         String serial = pi;
         try {
             Certificate c = Certificate.getBySerial(serial);
-            if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) {
+            if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
                 resp.sendError(404);
                 return true;
             }
@@ -143,7 +143,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
             Certificate c = Certificate.getBySerial(serial);
             Language l = LoginPage.getLanguage(req);
 
-            if ( !support && (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
+            if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
                 resp.sendError(404);
                 return;
             }