add: group to block an account for issuing new certs.
authorFelix Dörre <felix@dogcraft.de>
Wed, 27 Jan 2016 11:35:39 +0000 (12:35 +0100)
committerFelix Dörre <felix@dogcraft.de>
Wed, 27 Jan 2016 14:12:13 +0000 (15:12 +0100)
src/org/cacert/gigi/database/DatabaseConnection.java
src/org/cacert/gigi/database/tableStructure.sql
src/org/cacert/gigi/database/upgrade/from_7.sql [new file with mode: 0644]
src/org/cacert/gigi/dbObjects/Group.java
src/org/cacert/gigi/pages/account/certs/CertificateAdd.java

index 3c25d9df3a413cc2015e3a01d052ccf3596a836c..525ce44f8f9de11cfd7aed67d349b09a87c71ce2 100644 (file)
@@ -99,7 +99,7 @@ public class DatabaseConnection {
 
     }
 
-    public static final int CURRENT_SCHEMA_VERSION = 7;
+    public static final int CURRENT_SCHEMA_VERSION = 8;
 
     public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
 
index 93014b9aa29d79de4089faeaf5792aa30275e31d..a6aaf385a0ba49107356bc469f617a2fe66bd184 100644 (file)
@@ -327,7 +327,7 @@ CREATE TABLE IF NOT EXISTS "arbitrations" (
 DROP TABLE IF EXISTS "user_groups";
 
 DROP TYPE IF EXISTS "userGroup";
-CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer');
+CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer', 'blockedcert');
 
 CREATE TABLE IF NOT EXISTS "user_groups" (
   "id" serial NOT NULL,
@@ -374,7 +374,7 @@ CREATE TABLE "schemeVersion" (
   "version" smallint NOT NULL,
   PRIMARY KEY ("version")
 );
-INSERT INTO "schemeVersion" (version)  VALUES(7);
+INSERT INTO "schemeVersion" (version)  VALUES(8);
 
 DROP TABLE IF EXISTS `passwordResetTickets`;
 CREATE TABLE `passwordResetTickets` (
diff --git a/src/org/cacert/gigi/database/upgrade/from_7.sql b/src/org/cacert/gigi/database/upgrade/from_7.sql
new file mode 100644 (file)
index 0000000..6ba8682
--- /dev/null
@@ -0,0 +1 @@
+ALTER TYPE "userGroup" ADD VALUE 'blockedcert'
index 07d3c11f1971519414a774250f2faa9375cd20c6..685c27e1f10fdda1ed57618e2659f9d8462ee9f0 100644 (file)
@@ -4,7 +4,7 @@ import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 
 public enum Group {
-    SUPPORTER("supporter"), ARBITRATOR("arbitrator"), BLOCKEDASSURER("blockedassurer"), BLOCKEDASSUREE("blockedassuree"), BLOCKEDLOGIN("blockedlogin"), TTP_ASSURER("ttp-assurer"), TTP_APPLICANT("ttp-applicant"), CODESIGNING("codesigning"), ORGASSURER("orgassurer");
+    SUPPORTER("supporter"), ARBITRATOR("arbitrator"), BLOCKEDASSURER("blockedassurer"), BLOCKEDASSUREE("blockedassuree"), BLOCKEDLOGIN("blockedlogin"), BLOCKEDCERT("blockedcert"), TTP_ASSURER("ttp-assurer"), TTP_APPLICANT("ttp-applicant"), CODESIGNING("codesigning"), ORGASSURER("orgassurer");
 
     private final String dbName;
 
index 2d55d5651aac155d108074c6d1b049edc154a30a..fa3c1456536677cb19a591d24ccc6a50384b1f7b 100644 (file)
@@ -9,8 +9,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.cacert.gigi.dbObjects.Certificate;
 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
+import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
 
 public class CertificateAdd extends Page {
 
@@ -45,4 +47,8 @@ public class CertificateAdd extends Page {
 
     }
 
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKEDCERT);
+    }
 }