]> WPIA git - gigi.git/blobdiff - src/club/wpia/gigi/util/AuthorizationContext.java
add: ensure that for support actions certificate login is used
[gigi.git] / src / club / wpia / gigi / util / AuthorizationContext.java
index 5d70b38205b4baed17a023d6670f0e33753f89c8..9888309af233a1920e25327194f3a679253c6342 100644 (file)
@@ -24,7 +24,9 @@ public class AuthorizationContext implements Outputable, Serializable {
 
     private final String supporterTicketId;
 
-    public AuthorizationContext(CertificateOwner target, User actor) {
+    private final boolean isStronglyAuthenticated;
+
+    public AuthorizationContext(CertificateOwner target, User actor, boolean isStronglyAuthenticated) {
         if (actor == null) {
             throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
         }
@@ -34,6 +36,7 @@ public class AuthorizationContext implements Outputable, Serializable {
         this.target = target;
         this.actor = actor;
         this.supporterTicketId = null;
+        this.isStronglyAuthenticated = isStronglyAuthenticated;
     }
 
     public AuthorizationContext(User actor, String supporterTicket) throws GigiApiException {
@@ -49,6 +52,7 @@ public class AuthorizationContext implements Outputable, Serializable {
             throw new GigiApiException("requires a supporter");
         }
         this.supporterTicketId = supporterTicket;
+        this.isStronglyAuthenticated = true;
     }
 
     public CertificateOwner getTarget() {
@@ -75,12 +79,12 @@ public class AuthorizationContext implements Outputable, Serializable {
     }
 
     public boolean canSupport() {
-        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER);
+        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated();
     }
 
     private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));
 
-    private static final SprintfCommand inner = new SprintfCommand("{0} (on behalf of {1})", Arrays.asList("${user", "${target"));
+    private static final SprintfCommand inner = new SprintfCommand("{0}, acting as {1},", Arrays.asList("${user", "${target"));
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
@@ -90,8 +94,8 @@ public class AuthorizationContext implements Outputable, Serializable {
             @Override
             public void output(PrintWriter out, Language l, Map<String, Object> vars) {
                 if (target != actor) {
-                    vars.put("user", ((Organisation) target).getName().toString());
-                    vars.put("target", actor.getPreferredName().toString());
+                    vars.put("target", ((Organisation) target).getName().toString());
+                    vars.put("user", actor.getPreferredName().toString());
                     inner.output(out, l, vars);
                 } else {
                     out.println(actor.getPreferredName().toString());
@@ -111,4 +115,8 @@ public class AuthorizationContext implements Outputable, Serializable {
     public boolean canVerify() {
         return target instanceof User && ((User) target).canVerify();
     }
+
+    public boolean isStronglyAuthenticated() {
+        return isStronglyAuthenticated;
+    }
 }