Implement serial based retrival and certificate access control.

[gigi.git] / src / org / cacert / gigi / pages / account / MailCertificates.java

diff --git a/src/org/cacert/gigi/pages/account/MailCertificates.java b/src/org/cacert/gigi/pages/account/MailCertificates.java
index 72a14a312b94bf5e41773c17f61ef353c6116434..2fa6ac097e249b35628bf23312c2f5c5302ecdaf 100644 (file)
--- a/src/org/cacert/gigi/pages/account/MailCertificates.java
+++ b/src/org/cacert/gigi/pages/account/MailCertificates.java
@@ -34,7 +34,10 @@ public class MailCertificates extends Page {
                        pi = pi.substring(1);
                        int id = Integer.parseInt(pi);
                        Certificate c = new Certificate(id);
-                       // TODO check ownership
+                       if (LoginPage.getUser(req).getId() != c.getOwnerId()) {
+                               out.println(translate(req, "You do not own this certificate."));
+                               return;
+                       }
                        out.println("<pre>");
                        try {
                                out.print(c.cert());