public class Name implements Outputable {
- private String fname;
+ private final String fname;
- private String mname;
+ private final String mname;
- private String lname;
+ private final String lname;
- private String suffix;
+ private final String suffix;
public Name(String fname, String lname, String mname, String suffix) {
this.fname = fname;
import java.util.ArrayList;
import java.util.List;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
private String email;
- public Organisation(String name, String state, String province, String city, String email, User creator) {
+ public Organisation(String name, String state, String province, String city, String email, User creator) throws GigiApiException {
+ if ( !creator.isInGroup(Group.ORGASSURER)) {
+ throw new GigiApiException("Only org-assurers may create organisations.");
+ }
this.name = name;
this.state = state;
this.province = province;
return null;
}
- public synchronized void addAdmin(User admin, User actor, boolean master) {
+ public synchronized void addAdmin(User admin, User actor, boolean master) throws GigiApiException {
+ if ( !admin.canAssure()) {
+ throw new GigiApiException("Cannot add non-assurer.");
+ }
+ if ( !actor.isInGroup(Group.ORGASSURER) && !isMaster(actor)) {
+ throw new GigiApiException("Only org assurer or master-admin may add admins to an organisation.");
+ }
GigiPreparedStatement ps1 = DatabaseConnection.getInstance().prepare("SELECT 1 FROM org_admin WHERE orgid=? AND memid=? AND deleted is null");
ps1.setInt(1, getId());
ps1.setInt(2, admin.getId());
ps2.execute();
}
- public void removeAdmin(User admin, User actor) {
+ public void removeAdmin(User admin, User actor) throws GigiApiException {
+ if ( !actor.isInGroup(Group.ORGASSURER) && !isMaster(actor)) {
+ throw new GigiApiException("Only org assurer or master-admin may delete admins from an organisation.");
+ }
GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE org_admin SET deleter=?, deleted=NOW() WHERE orgid=? AND memid=?");
ps.setInt(1, actor.getId());
ps.setInt(2, getId());
province = st;
city = l;
}
+
+ public boolean isMaster(User u) {
+ for (Affiliation i : getAllAdmins()) {
+ if (i.isMaster() && i.getTarget() == u) {
+ return true;
+ }
+ }
+ return false;
+ }
}
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
try {
User u = LoginPage.getUser(req);
- if ( !u.isInGroup(CreateOrgPage.ORG_ASSURER)) {
- return;
- }
if (req.getParameter("do_affiliate") != null || req.getParameter("del") != null) {
AffiliationForm form = Form.getForm(req, AffiliationForm.class);
if (form.submit(resp.getWriter(), req)) {
resp.sendRedirect(DEFAULT_PATH + "/" + form.getOrganisation().getId());
}
+ return;
} else {
+ if ( !u.isInGroup(CreateOrgPage.ORG_ASSURER)) {
+ resp.sendError(403, "Access denied");
+ return;
+ }
Form.getForm(req, CreateOrgForm.class).submit(resp.getWriter(), req);
}
+
} catch (GigiApiException e) {
e.format(resp.getWriter(), getLanguage(req));
}
public class TestOrga extends ManagedTest {
@Test
- public void testAddRm() {
+ public void testAddRm() throws GigiApiException {
User u1 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
User u2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
User u3 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
import java.net.URLEncoder;
import java.util.List;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.Organisation;
import org.cacert.gigi.dbObjects.Organisation.Affiliation;
public class TestOrgaManagement extends ClientTest {
public TestOrgaManagement() throws IOException {
- u.grantGroup(u, Group.getByString("orgassurer"));
+ u.grantGroup(u, Group.ORGASSURER);
makeAssurer(u.getId());
clearCaches();
cookie = login(email, TEST_PASSWORD);
}
@Test
- public void testNonAssurerSeeOnlyOwn() throws IOException {
- User u2 = User.getById(createVerifiedUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ public void testNonAssurerSeeOnlyOwn() throws IOException, GigiApiException {
+ User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", "email", u);
Organisation o2 = new Organisation("name12", "DE", "sder", "Rostov", "email", u);
- o1.addAdmin(u2, u2, false);
+ o1.addAdmin(u2, u, false);
String session2 = login(u2.getEmail(), TEST_PASSWORD);
URLConnection uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
o1.delete();
o2.delete();
}
+
+ @Test
+ public void testAffiliationRights() throws IOException, GigiApiException {
+ User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ User u3 = User.getById(createAssuranceUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ User u4_dummy = User.getById(createVerifiedUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", "email", u);
+ o1.addAdmin(u3, u, true);
+ try {
+ // must fail because u4 is no assurer
+ o1.addAdmin(u4_dummy, u3, false);
+ fail("No exception!");
+ } catch (GigiApiException e) {
+ }
+ o1.addAdmin(u2, u3, false);
+ try {
+ // must fail because u2 may not add admins
+ o1.addAdmin(u3, u2, false);
+ fail("No exception!");
+ } catch (GigiApiException e) {
+ }
+ try {
+ // must fail because u4 is no assurer
+ o1.addAdmin(u4_dummy, u, false);
+ fail("No exception!");
+ } catch (GigiApiException e) {
+ }
+ o1.removeAdmin(u2, u3);
+ o1.removeAdmin(u3, u3);
+ assertEquals(0, o1.getAllAdmins().size());
+ o1.delete();
+ }
}