add: group to block an account for issuing new certs.

author Felix Dörre <felix@dogcraft.de>

Wed, 27 Jan 2016 11:35:39 +0000 (12:35 +0100)

committer Felix Dörre <felix@dogcraft.de>

Wed, 27 Jan 2016 14:12:13 +0000 (15:12 +0100)
author Felix Dörre <felix@dogcraft.de>
Wed, 27 Jan 2016 11:35:39 +0000 (12:35 +0100)
committer Felix Dörre <felix@dogcraft.de>
Wed, 27 Jan 2016 14:12:13 +0000 (15:12 +0100)
diff --git a/src/org/cacert/gigi/database/DatabaseConnection.java b/src/org/cacert/gigi/database/DatabaseConnection.java

index 3c25d9df3a413cc2015e3a01d052ccf3596a836c..525ce44f8f9de11cfd7aed67d349b09a87c71ce2 100644 (file)
--- a/src/org/cacert/gigi/database/DatabaseConnection.java
+++ b/src/org/cacert/gigi/database/DatabaseConnection.java
@@ -99,7 +99,7 @@ public class DatabaseConnection {
  
      }
  
-    public static final int CURRENT_SCHEMA_VERSION = 7;
+    public static final int CURRENT_SCHEMA_VERSION = 8;
  
      public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
  
diff --git a/src/org/cacert/gigi/database/tableStructure.sql b/src/org/cacert/gigi/database/tableStructure.sql

index 93014b9aa29d79de4089faeaf5792aa30275e31d..a6aaf385a0ba49107356bc469f617a2fe66bd184 100644 (file)
--- a/src/org/cacert/gigi/database/tableStructure.sql
+++ b/src/org/cacert/gigi/database/tableStructure.sql
@@ -327,7 +327,7 @@ CREATE TABLE IF NOT EXISTS "arbitrations" (
  DROP TABLE IF EXISTS "user_groups";
  
  DROP TYPE IF EXISTS "userGroup";
-CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer');
+CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer', 'blockedcert');
  
  CREATE TABLE IF NOT EXISTS "user_groups" (
    "id" serial NOT NULL,
@@ -374,7 +374,7 @@ CREATE TABLE "schemeVersion" (
    "version" smallint NOT NULL,
    PRIMARY KEY ("version")
  );
-INSERT INTO "schemeVersion" (version)  VALUES(7);
+INSERT INTO "schemeVersion" (version)  VALUES(8);
  
  DROP TABLE IF EXISTS `passwordResetTickets`;
  CREATE TABLE `passwordResetTickets` (
diff --git a/src/org/cacert/gigi/database/upgrade/from_7.sql b/src/org/cacert/gigi/database/upgrade/from_7.sql

new file mode 100644 (file)

index 0000000..6ba8682
--- /dev/null
+++ b/src/org/cacert/gigi/database/upgrade/from_7.sql
@@ -0,0 +1 @@
+ALTER TYPE "userGroup" ADD VALUE 'blockedcert'
diff --git a/src/org/cacert/gigi/dbObjects/Group.java b/src/org/cacert/gigi/dbObjects/Group.java

index 07d3c11f1971519414a774250f2faa9375cd20c6..685c27e1f10fdda1ed57618e2659f9d8462ee9f0 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/Group.java
+++ b/src/org/cacert/gigi/dbObjects/Group.java
@@ -4,7 +4,7 @@ import org.cacert.gigi.database.GigiPreparedStatement;
  import org.cacert.gigi.database.GigiResultSet;
  
  public enum Group {
-    SUPPORTER("supporter"), ARBITRATOR("arbitrator"), BLOCKEDASSURER("blockedassurer"), BLOCKEDASSUREE("blockedassuree"), BLOCKEDLOGIN("blockedlogin"), TTP_ASSURER("ttp-assurer"), TTP_APPLICANT("ttp-applicant"), CODESIGNING("codesigning"), ORGASSURER("orgassurer");
+    SUPPORTER("supporter"), ARBITRATOR("arbitrator"), BLOCKEDASSURER("blockedassurer"), BLOCKEDASSUREE("blockedassuree"), BLOCKEDLOGIN("blockedlogin"), BLOCKEDCERT("blockedcert"), TTP_ASSURER("ttp-assurer"), TTP_APPLICANT("ttp-applicant"), CODESIGNING("codesigning"), ORGASSURER("orgassurer");
  
      private final String dbName;
  
diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java

index 2d55d5651aac155d108074c6d1b049edc154a30a..fa3c1456536677cb19a591d24ccc6a50384b1f7b 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java
+++ b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java
@@ -9,8 +9,10 @@ import javax.servlet.http.HttpServletResponse;
  
  import org.cacert.gigi.dbObjects.Certificate;
  import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
+import org.cacert.gigi.dbObjects.Group;
  import org.cacert.gigi.output.template.Form;
  import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
  
  public class CertificateAdd extends Page {
  
@@ -45,4 +47,8 @@ public class CertificateAdd extends Page {
  
      }
  
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKEDCERT);
+    }
  }
author	Felix Dörre <felix@dogcraft.de>
	Wed, 27 Jan 2016 11:35:39 +0000 (12:35 +0100)
committer	Felix Dörre <felix@dogcraft.de>
	Wed, 27 Jan 2016 14:12:13 +0000 (15:12 +0100)
src/org/cacert/gigi/database/DatabaseConnection.java		patch \| blob \| history
src/org/cacert/gigi/database/tableStructure.sql		patch \| blob \| history
src/org/cacert/gigi/database/upgrade/from_7.sql	[new file with mode: 0644]	patch \| blob
src/org/cacert/gigi/dbObjects/Group.java		patch \| blob \| history
src/org/cacert/gigi/pages/account/certs/CertificateAdd.java		patch \| blob \| history