From 6d8dc479e5fbcb31eede5c2ea04dab01aa06ed41 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Fri, 18 Aug 2017 22:02:32 +0200
Subject: [PATCH] fix: correct authorization checking for support accessing
 certificates

Change-Id: I5a5041e350e0a811f2199cf1b5c30b9ef4de2d05
---
 src/club/wpia/gigi/pages/account/certs/Certificates.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/club/wpia/gigi/pages/account/certs/Certificates.java b/src/club/wpia/gigi/pages/account/certs/Certificates.java
index 07028f6f..5abf20e5 100644
--- a/src/club/wpia/gigi/pages/account/certs/Certificates.java
+++ b/src/club/wpia/gigi/pages/account/certs/Certificates.java
@@ -74,7 +74,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
         String serial = pi;
         try {
             Certificate c = Certificate.getBySerial(serial);
-            if (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId()) {
+            if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
                 resp.sendError(404);
                 return true;
             }
@@ -143,7 +143,7 @@ public class Certificates extends Page implements HandlesMixedRequest {
             Certificate c = Certificate.getBySerial(serial);
             Language l = LoginPage.getLanguage(req);
 
-            if ( !support && (c == null || LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
+            if (c == null || ( !support && LoginPage.getAuthorizationContext(req).getTarget().getId() != c.getOwner().getId())) {
                 resp.sendError(404);
                 return;
             }
-- 
2.39.2