X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Fadmin%2Fsupport%2FSupportUserDetailsForm.java;h=d3589c8e4ad6b9a187b681400f7251a6399c7634;hp=ac7ffd00bb68e69b22478c7fc378ed9215d5d482;hb=c256866ad0f399530c686380db62b47883e3f63b;hpb=d5800737358923a2a45b94c21a78d00f8dbb9616

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
index ac7ffd00..d3589c8e 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
@@ -18,6 +18,7 @@ import org.cacert.gigi.output.GroupIterator;
 import org.cacert.gigi.output.GroupSelector;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.LoginPage;
 
 public class SupportUserDetailsForm extends Form {
 
@@ -40,6 +41,9 @@ public class SupportUserDetailsForm extends Form {
         if (user.getTicket() == null) {
             return false;
         }
+        if (user.getTargetUser() == LoginPage.getUser(req)) {
+            throw new GigiApiException("Supporter may not modify himself.");
+        }
         if ((req.getParameter("detailupdate") != null ? 1 : 0) + (req.getParameter("addGroup") != null ? 1 : 0) + (req.getParameter("removeGroup") != null ? 1 : 0) + (req.getParameter("resetPass") != null ? 1 : 0) != 1) {
             throw new GigiApiException("More than one action requested!");
         }