add: ensure that for Org Agent actions certificate login is used

[gigi.git] / src / club / wpia / gigi / pages / orga / ViewOrgPage.java

diff --git a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
index ec4fb365a634c56c06ae9afd7f4bcdd265036ba4..a5119068a8bdd904a4c206f133b3de916d596307 100644 (file)
--- a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
+++ b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
@@ -13,11 +13,12 @@ import club.wpia.gigi.dbObjects.Organisation;
 import club.wpia.gigi.dbObjects.User;
 import club.wpia.gigi.localisation.Language;
 import club.wpia.gigi.output.template.Form;
+import club.wpia.gigi.output.template.Form.CSRFException;
 import club.wpia.gigi.output.template.IterableDataset;
 import club.wpia.gigi.output.template.Template;
-import club.wpia.gigi.output.template.Form.CSRFException;
 import club.wpia.gigi.pages.LoginPage;
 import club.wpia.gigi.pages.ManagedMultiFormPage;
+import club.wpia.gigi.pages.Page;
 import club.wpia.gigi.pages.account.domain.DomainManagementForm;
 import club.wpia.gigi.util.AuthorizationContext;
 
@@ -35,7 +36,7 @@ public class ViewOrgPage extends ManagedMultiFormPage {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && (ac.isInGroup(CreateOrgPage.ORG_ASSURER) || ac.getActor().getOrganisations(true).size() != 0);
+        return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.isStronglyAuthenticated()) || ac.getActor().getOrganisations(true).size() != 0);
     }
 
     @Override
@@ -43,7 +44,7 @@ public class ViewOrgPage extends ManagedMultiFormPage {
         if (req.getParameter("do_affiliate") != null || req.getParameter("del") != null) {
             return Form.getForm(req, AffiliationForm.class);
         } else {
-            if ( !getUser(req).isInGroup(CreateOrgPage.ORG_ASSURER)) {
+            if ( !getUser(req).isInGroup(CreateOrgPage.ORG_AGENT)) {
                 return null;
             }
 
@@ -67,7 +68,7 @@ public class ViewOrgPage extends ManagedMultiFormPage {
             final Organisation[] orgList = Organisation.getOrganisations(0, 30);
             HashMap<String, Object> map = new HashMap<>();
             final List<Organisation> myOrgs = u.getOrganisations(true);
-            final boolean orgAss = u.isInGroup(CreateOrgPage.ORG_ASSURER);
+            final boolean orgAss = u.isInGroup(CreateOrgPage.ORG_AGENT);
             if (orgAss) {
                 map.put("orgas", makeOrgDataset(orgList));
             } else {
@@ -86,13 +87,13 @@ public class ViewOrgPage extends ManagedMultiFormPage {
             return;
         }
         final List<Organisation> myOrgs = u.getOrganisations();
-        final boolean orgAss = u.isInGroup(CreateOrgPage.ORG_ASSURER);
+        final boolean orgAss = u.isInGroup(CreateOrgPage.ORG_AGENT);
         if ( !orgAss && !myOrgs.contains(o)) {
             resp.sendError(404);
             return;
         }
-        HashMap<String, Object> vars = new HashMap<>();
-        if (orgAss) {
+        Map<String, Object> vars = Page.getDefaultVars(req);
+        if (orgAss && !myOrgs.contains(o)) {
             vars.put("editForm", new CreateOrgForm(req, o));
             vars.put("affForm", new AffiliationForm(req, o));
             vars.put("mgmDom", new DomainManagementForm(req, o, true));