fix: correct authorization checking for support accessing certificates
authorFelix Dörre <felix@dogcraft.de>
Fri, 18 Aug 2017 20:02:32 +0000 (22:02 +0200)
committerFelix Dörre <felix@dogcraft.de>
Fri, 18 Aug 2017 20:02:32 +0000 (22:02 +0200)
Change-Id: I5a5041e350e0a811f2199cf1b5c30b9ef4de2d05

src/club/wpia/gigi/pages/account/certs/Certificates.java

index 07028f6..5abf20e 100644 (file)
@@ -74,7 +74,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
         String serial = pi;
         try {
             Certificate c = Certificate.getBySerial(serial);
-            if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) {
+            if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
                 resp.sendError(404);
                 return true;
             }
@@ -143,7 +143,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
             Certificate c = Certificate.getBySerial(serial);
             Language l = LoginPage.getLanguage(req);
 
-            if ( !support && (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
+            if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
                 resp.sendError(404);
                 return;
             }