add: group to block an account for issuing new certs.

[gigi.git] / src / org / cacert / gigi / pages / account / certs / CertificateAdd.java

diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java
index 4e7da1dd187e69b7e866856d74253ee1846e2235..fa3c1456536677cb19a591d24ccc6a50384b1f7b 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java
@@ -8,8 +8,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.cacert.gigi.dbObjects.Certificate;
+import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
+import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
 
 public class CertificateAdd extends Page {
 
@@ -29,10 +32,23 @@ public class CertificateAdd extends Page {
         CertificateIssueForm f = Form.getForm(req, CertificateIssueForm.class);
         if (f.submit(resp.getWriter(), req)) {
             Certificate c = f.getResult();
+            if (c.getStatus() != CertificateStatus.ISSUED) {
+                resp.getWriter().println("Timeout while waiting for certificate.");
+                return;
+            }
             String ser = c.getSerial();
+            if (ser.isEmpty()) {
+                resp.getWriter().println("Timeout while waiting for certificate.");
+                return;
+            }
             resp.sendRedirect(Certificates.PATH + "/" + ser);
         }
         f.output(resp.getWriter(), getLanguage(req), Collections.<String,Object>emptyMap());
 
     }
+
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKEDCERT);
+    }
 }