getMenu("CAcert.org").addItem(new SimpleMenuItem("https://" + ServerConstants.getSecureHostNamePort() + "/login", "Certificate Login") {
@Override
- public boolean isPermitted(User u) {
- return u == null;
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac == null;
}
});
putPage("/", new MainPage("CAcert - Home"), null);
return;
}
AuthorizationContext currentAuthContext = LoginPage.getAuthorizationContext(req);
- User currentPageUser = LoginPage.getUser(req);
- if ( !p.isPermitted(currentPageUser)) {
+ if ( !p.isPermitted(currentAuthContext)) {
if (hs.getAttribute("loggedin") == null) {
String request = req.getPathInfo();
request = request.split("\\?")[0];
};
Language lang = Page.getLanguage(req);
- vars.put(Menu.USER_VALUE, currentPageUser);
+ vars.put(Menu.AUTH_VALUE, currentAuthContext);
vars.put("menu", rootMenu);
vars.put("title", lang.getTranslation(p.getTitle()));
vars.put("static", getStaticTemplateVar(isSecure));
vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
vars.put("content", content);
- if (currentPageUser != null) {
+ if (currentAuthContext != null) {
CertificateOwner target = currentAuthContext.getTarget();
+ User currentPageUser = LoginPage.getUser(req);
if (target != currentPageUser) {
vars.put("loggedInAs", ((Organisation) target).getName() + " (" + currentPageUser.getName().toString() + ")");
} else {
package org.cacert.gigi;
-import org.cacert.gigi.dbObjects.User;
-
+import org.cacert.gigi.util.AuthorizationContext;
public interface PermissionCheckable {
- public boolean isPermitted(User u);
+ public boolean isPermitted(AuthorizationContext u);
}
import java.util.LinkedList;
import java.util.Map;
-import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.util.AuthorizationContext;
public class Menu implements IMenuItem {
- public static final String USER_VALUE = "user";
+ public static final String AUTH_VALUE = "ac";
private String menuName;
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
boolean visible = false;
- User u = (User) vars.get(USER_VALUE);
+ AuthorizationContext u = (AuthorizationContext) vars.get(AUTH_VALUE);
for (IMenuItem mi : content) {
if (mi.isPermitted(u)) {
if ( !visible) {
}
@Override
- public boolean isPermitted(User u) {
+ public boolean isPermitted(AuthorizationContext ac) {
return true;
}
}
package org.cacert.gigi.output;
-import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
import org.cacert.gigi.util.ServerConstants;
public class PageMenuItem extends SimpleMenuItem {
}
@Override
- public boolean isPermitted(User u) {
- return p.isPermitted(u);
+ public boolean isPermitted(AuthorizationContext ac) {
+ return p.isPermitted(ac);
}
}
import java.io.PrintWriter;
import java.util.Map;
-import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.util.AuthorizationContext;
public class SimpleMenuItem implements IMenuItem {
}
@Override
- public boolean isPermitted(User u) {
+ public boolean isPermitted(AuthorizationContext ac) {
return true;
}
}
@Override
- public boolean isPermitted(User u) {
- return u == null;
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac == null;
}
}
import javax.servlet.http.HttpSession;
import org.cacert.gigi.Gigi;
-import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.util.AuthorizationContext;
public class LogoutPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- return u != null;
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null;
}
}
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.util.AuthorizationContext;
/**
* This class encapsulates a sub page of Gigi. A template residing nearby this
}
@Override
- public boolean isPermitted(User u) {
- return !needsLogin() || u != null;
+ public boolean isPermitted(AuthorizationContext ac) {
+ return !needsLogin() || ac != null;
}
}
import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.pages.error.PageNotFound;
+import org.cacert.gigi.util.AuthorizationContext;
public class TTPAdminPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- return u != null && u.isInGroup(Group.getByString("ttp-assurer"));
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && ac.isInGroup(Group.getByString("ttp-assurer"));
}
}
package org.cacert.gigi.pages.admin.support;
import org.cacert.gigi.dbObjects.Group;
-import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.pages.OneFormPage;
+import org.cacert.gigi.util.AuthorizationContext;
public class FindDomainPage extends OneFormPage {
}
@Override
- public boolean isPermitted(User u) {
- if (u == null) {
- return false;
- }
- return u.isInGroup(Group.SUPPORTER);
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && ac.isInGroup(Group.SUPPORTER);
}
}
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
public class FindUserPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- if (u == null) {
- return false;
- }
- return u.isInGroup(Group.SUPPORTER);
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && ac.isInGroup(Group.SUPPORTER);
}
}
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
public class SupportUserDetailsPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- if (u == null) {
- return false;
- }
- return u.isInGroup(Group.SUPPORTER);
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && ac.isInGroup(Group.SUPPORTER);
}
}
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
public class RegisterPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- return u == null;
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac == null;
}
}
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
-import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
public class CreateOrgPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- return u != null && u.isInGroup(ORG_ASSURER);
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && ac.isInGroup(ORG_ASSURER);
}
@Override
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
public class ViewOrgPage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- return u != null && (u.isInGroup(CreateOrgPage.ORG_ASSURER) || u.getOrganisations().size() != 0);
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && (ac.isInGroup(CreateOrgPage.ORG_ASSURER) || ac.getActor().getOrganisations().size() != 0);
}
@Override
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.pages.LoginPage;
import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
import org.cacert.gigi.util.Notary;
public class AssurePage extends Page {
}
@Override
- public boolean isPermitted(User u) {
- return u != null && u.canAssure();
+ public boolean isPermitted(AuthorizationContext ac) {
+ return ac != null && ac.getActor().canAssure();
}
private void outputForm(HttpServletRequest req, PrintWriter out, AssuranceForm form) {
return actor;
}
- public boolean hasRight(Group g) {
+ public boolean isInGroup(Group g) {
return actor.isInGroup(g);
}
+
+ public User getActor(AuthorizationContext ac) {
+ if (ac == null) {
+ return null;
+ }
+ return ac.getActor();
+ }
}