upd: use a more strict pattern for handling forms

[gigi.git] / src / org / cacert / gigi / pages / account / ChangePasswordPage.java

diff --git a/src/org/cacert/gigi/pages/account/ChangePasswordPage.java b/src/org/cacert/gigi/pages/account/ChangePasswordPage.java
index 805c72d923958c0297e28134640d4d5dd1942482..a88d6a24c0011f3850478cd2d84170c8bb1c229c 100644 (file)
--- a/src/org/cacert/gigi/pages/account/ChangePasswordPage.java
+++ b/src/org/cacert/gigi/pages/account/ChangePasswordPage.java
@@ -6,9 +6,10 @@ import java.util.HashMap;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.cacert.gigi.output.Form;
-import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
 
 public class ChangePasswordPage extends Page {
 
@@ -20,13 +21,16 @@ public class ChangePasswordPage extends Page {
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        new ChangeForm(req, LoginPage.getUser(req)).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+        new ChangeForm(req, getUser(req)).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
     }
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        ChangeForm f = Form.getForm(req, ChangeForm.class);
-        f.submit(resp.getWriter(), req);
+        Form.getForm(req, ChangeForm.class).submitProtected(resp.getWriter(), req);
     }
 
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return ac != null && ac.getTarget() instanceof User;
+    }
 }