From: Felix Dörre <felix@dogcraft.de>
Date: Sun, 21 Sep 2014 14:23:17 +0000 (+0200)
Subject: UPD: Block missing permissions effectively.
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=06e48901cda454495e2bcad873e4805f1a69fa89

UPD: Block missing permissions effectively.
---

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index cf91b6b1..f6b02f45 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -206,11 +206,15 @@ public class Gigi extends HttpServlet {
                 return;
             }
             User currentPageUser = LoginPage.getUser(req);
-            if ( !p.isPermitted(currentPageUser) && hs.getAttribute("loggedin") == null) {
-                String request = req.getPathInfo();
-                request = request.split("\\?")[0];
-                hs.setAttribute(LoginPage.LOGIN_RETURNPATH, request);
-                resp.sendRedirect("/login");
+            if ( !p.isPermitted(currentPageUser)) {
+                if (hs.getAttribute("loggedin") == null) {
+                    String request = req.getPathInfo();
+                    request = request.split("\\?")[0];
+                    hs.setAttribute(LoginPage.LOGIN_RETURNPATH, request);
+                    resp.sendRedirect("/login");
+                    return;
+                }
+                resp.sendError(403);
                 return;
             }
             if (p.beforeTemplate(req, resp)) {