upd: use a more strict pattern for handling forms

[gigi.git] / src / org / cacert / gigi / pages / account / ChangePasswordPage.java

diff --git a/src/org/cacert/gigi/pages/account/ChangePasswordPage.java b/src/org/cacert/gigi/pages/account/ChangePasswordPage.java
index 47a5f9151d25f317c819b612204efb56cb4bdc4d..a88d6a24c0011f3850478cd2d84170c8bb1c229c 100644 (file)
--- a/src/org/cacert/gigi/pages/account/ChangePasswordPage.java
+++ b/src/org/cacert/gigi/pages/account/ChangePasswordPage.java
@@ -6,8 +6,10 @@ import java.util.HashMap;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
 
 public class ChangePasswordPage extends Page {
 
@@ -24,8 +26,11 @@ public class ChangePasswordPage extends Page {
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        ChangeForm f = Form.getForm(req, ChangeForm.class);
-        f.submit(resp.getWriter(), req);
+        Form.getForm(req, ChangeForm.class).submitProtected(resp.getWriter(), req);
     }
 
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return ac != null && ac.getTarget() instanceof User;
+    }
 }