package org.cacert.gigi.pages.orga;
+import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;
import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLConnection;
import java.net.URLEncoder;
import java.util.List;
import org.cacert.gigi.dbObjects.Organisation;
import org.cacert.gigi.dbObjects.Organisation.Affiliation;
import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.testUtils.IOUtils;
import org.cacert.gigi.testUtils.ManagedTest;
import org.junit.Test;
orgs = Organisation.getOrganisations(0, 30);
assertEquals("name1", orgs[0].getName());
}
+
+ @Test
+ public void testNonAssurerSeeOnlyOwn() throws IOException {
+ User u2 = User.getById(createVerifiedUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", u);
+ Organisation o2 = new Organisation("name12", "DE", "sder", "Rostov", u);
+ o1.addAdmin(u2, u2, false);
+ String session2 = login(u2.getEmail(), TEST_PASSWORD);
+
+ URLConnection uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
+ uc.addRequestProperty("Cookie", session2);
+ String content = IOUtils.readURL(uc);
+ assertThat(content, containsString("name21"));
+ assertThat(content, not(containsString("name12")));
+ uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session2);
+ assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+ uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session2);
+ assertEquals(404, ((HttpURLConnection) uc).getResponseCode());
+
+ uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
+ uc.addRequestProperty("Cookie", session);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("name21"));
+ assertThat(content, containsString("name12"));
+ uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session);
+ assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+ uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session);
+ assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+ }
}