add: ensure org ra agents cannot manage org where they are org admin

[gigi.git] / src / club / wpia / gigi / pages / orga / ViewOrgPage.java

diff --git a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
index d676c1de567977e9fa08a17b2a41258d5bb91a2c..6d7e9a2a034f28c0a59370e363bdb83142e61fa0 100644 (file)
--- a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
+++ b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
@@ -13,11 +13,12 @@ import club.wpia.gigi.dbObjects.Organisation;
 import club.wpia.gigi.dbObjects.User;
 import club.wpia.gigi.localisation.Language;
 import club.wpia.gigi.output.template.Form;
+import club.wpia.gigi.output.template.Form.CSRFException;
 import club.wpia.gigi.output.template.IterableDataset;
 import club.wpia.gigi.output.template.Template;
-import club.wpia.gigi.output.template.Form.CSRFException;
 import club.wpia.gigi.pages.LoginPage;
 import club.wpia.gigi.pages.ManagedMultiFormPage;
+import club.wpia.gigi.pages.Page;
 import club.wpia.gigi.pages.account.domain.DomainManagementForm;
 import club.wpia.gigi.util.AuthorizationContext;
 
@@ -91,8 +92,8 @@ public class ViewOrgPage extends ManagedMultiFormPage {
             resp.sendError(404);
             return;
         }
-        HashMap<String, Object> vars = new HashMap<>();
-        if (orgAss) {
+        Map<String, Object> vars = Page.getDefaultVars(req);
+        if (orgAss && !myOrgs.contains(o)) {
             vars.put("editForm", new CreateOrgForm(req, o));
             vars.put("affForm", new AffiliationForm(req, o));
             vars.put("mgmDom", new DomainManagementForm(req, o, true));