}
- public static final int CURRENT_SCHEMA_VERSION = 26;
+ public static final int CURRENT_SCHEMA_VERSION = 27;
public static final int CONNECTION_TIMEOUT = 24 * 60 * 60;
DROP TABLE IF EXISTS "user_groups";
DROP TYPE IF EXISTS "userGroup";
-CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer', 'blockedcert', 'nucleus-assurer', 'locate-agent', 'verify-notification');
+CREATE TYPE "userGroup" AS enum('supporter','blocked-applicant','blocked-agent','blocked-login','ttp-agent','ttp-applicant', 'codesigning', 'org-agent', 'blocked-cert', 'nucleus-agent', 'locate-agent', 'verify-notification');
CREATE TABLE IF NOT EXISTS "user_groups" (
"id" serial NOT NULL,
"version" smallint NOT NULL,
PRIMARY KEY ("version")
);
-INSERT INTO "schemeVersion" (version) VALUES(26);
+INSERT INTO "schemeVersion" (version) VALUES(27);
DROP TABLE IF EXISTS `passwordResetTickets`;
CREATE TABLE `passwordResetTickets` (
--- /dev/null
+DELETE FROM "user_groups" WHERE "permission" = 'arbitrator'::"userGroup";
+
+ALTER TYPE "userGroup" RENAME TO "oldUserGroup";
+CREATE TYPE "userGroup" AS enum('supporter','blocked-agent','blocked-applicant','blocked-login','ttp-agent','ttp-applicant', 'codesigning', 'org-agent', 'blocked-cert', 'nucleus-agent', 'locate-agent', 'verify-notification');
+ALTER TABLE "user_groups" ALTER COLUMN "permission" SET DATA TYPE "userGroup" USING
+ CASE "permission" WHEN 'blockedassurer' THEN 'blocked-agent'::"userGroup"
+ WHEN 'blockedassuree' THEN 'blocked-applicant'::"userGroup"
+ WHEN 'ttp-assurer' THEN 'ttp-agent'::"userGroup"
+ WHEN 'orgassurer' THEN 'org-agent'::"userGroup"
+ WHEN 'nucleus-assurer' THEN 'nucleus-agent'::"userGroup"
+ WHEN 'blockedcert' THEN 'blocked-cert'::"userGroup"
+ WHEN 'blockedlogin' THEN 'blocked-login'::"userGroup"
+ ELSE "permission"::text::"userGroup"
+ END;
+DROP TYPE "oldUserGroup";
public enum Group implements DBEnum {
SUPPORTER("supporter", "supporter", true, false, true), //
- ARBITRATOR("arbitrator", "arbitrator", true, false, true), //
- BLOCKEDASSURER("blockedassurer", "may not verify", true, false, false), //
- BLOCKEDASSUREE("blockedassuree", "may not be verified", true, false, false), //
- BLOCKEDLOGIN("blockedlogin", "may not login", true, false, false), //
- BLOCKEDCERT("blockedcert", "may not issue certificates", true, false, false), //
- TTP_ASSURER("ttp-assurer", "may verify via TTP", true, false, true), //
+ BLOCKED_AGENT("blocked-agent", "may not verify", true, false, false), //
+ BLOCKED_APPLICANT("blocked-applicant", "may not be verified", true, false, false), //
+ BLOCKED_LOGIN("blocked-login", "may not login", true, false, false), //
+ BLOCKED_CERT("blocked-cert", "may not issue certificates", true, false, false), //
+ TTP_AGENT("ttp-agent", "may verify via TTP", true, false, true), //
TTP_APPLICANT("ttp-applicant", "requests to be verified via ttp", false, true, false), //
CODESIGNING("codesigning", "may issue codesigning certificates", true, false, false), //
- ORGASSURER("orgassurer", "may verify organisations", true, false, true), //
- NUCLEUS_ASSURER("nucleus-assurer", "may enter nucleus verifications", true, false, true), //
+ ORG_AGENT("org-agent", "may verify organisations", true, false, true), //
+ NUCLEUS_AGENT("nucleus-agent", "may enter nucleus verifications", true, false, true), //
LOCATE_AGENT("locate-agent", "wants access to the locate agent system", false, true, false), //
VERIFY_NOTIFICATION("verify-notification", "wants to receive an email notification for any Verification they enter", false, true, false);
private String postalAddress;
public Organisation(String name, Country country, String province, String city, String email, String optionalName, String postalAddress, User creator) throws GigiApiException {
- if ( !creator.isInGroup(Group.ORGASSURER)) {
+ if ( !creator.isInGroup(Group.ORG_AGENT)) {
throw new GigiApiException("Only Organisation RA Agents may create organisations.");
}
if (country == null) {
if ( !admin.canVerify()) {
throw new GigiApiException("Cannot add person who is not RA Agent.");
}
- if ( !actor.isInGroup(Group.ORGASSURER) && !isMaster(actor)) {
+ if ( !actor.isInGroup(Group.ORG_AGENT) && !isMaster(actor)) {
throw new GigiApiException("Only Organisation RA Agents or Organisation Administrators may add admins to an organisation.");
}
try (GigiPreparedStatement ps1 = new GigiPreparedStatement("SELECT 1 FROM `org_admin` WHERE `orgid`=? AND `memid`=? AND `deleted` IS NULL")) {
}
public void removeAdmin(User admin, User actor) throws GigiApiException {
- if ( !actor.isInGroup(Group.ORGASSURER) && !isMaster(actor)) {
+ if ( !actor.isInGroup(Group.ORG_AGENT) && !isMaster(actor)) {
throw new GigiApiException("Only Organisation RA Agents or Organisation Administrators may delete admins from an organisation.");
}
try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE org_admin SET deleter=?, deleted=NOW() WHERE orgid=? AND memid=?")) {
return uc;
}
- private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN;
+ private static final Group LOGIN_BLOCKED = Group.BLOCKED_LOGIN;
private void loginSession(HttpServletRequest req, User user) {
if (user.isInGroup(LOGIN_BLOCKED)) {
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKEDCERT);
+ return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKED_CERT);
}
}
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ac.isInGroup(Group.TTP_ASSURER);
+ return ac != null && ac.isInGroup(Group.TTP_AGENT);
}
}
public class CreateOrgPage extends ManagedFormPage {
- public static final Group ORG_AGENT = Group.ORGASSURER;
+ public static final Group ORG_AGENT = Group.ORG_AGENT;
public static final String DEFAULT_PATH = "/orga/new";
}
}
- public static final Group AGENT_BLOCKED = Group.BLOCKEDASSURER;
+ public static final Group AGENT_BLOCKED = Group.BLOCKED_AGENT;
- public static final Group APPLICANT_BLOCKED = Group.BLOCKEDASSUREE;
+ public static final Group APPLICANT_BLOCKED = Group.BLOCKED_APPLICANT;
public static final Group VERIFY_NOTIFICATION = Group.VERIFY_NOTIFICATION;
}
if (t == VerificationType.NUCLEUS) {
- if ( !agent.isInGroup(Group.NUCLEUS_ASSURER)) {
+ if ( !agent.isInGroup(Group.NUCLEUS_AGENT)) {
throw new GigiApiException("RA Agent needs to be Nucleus RA Agent.");
}
return;
} else if (t == VerificationType.TTP_ASSISTED) {
- if ( !agent.isInGroup(Group.TTP_ASSURER)) {
+ if ( !agent.isInGroup(Group.TTP_AGENT)) {
throw new GigiApiException("RA Agent needs to be TTP RA Agent.");
}
if ( !applicant.isInGroup(Group.TTP_APPLICANT)) {
@Test
public void testAddRm() throws GigiApiException, IOException {
User u1 = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u1.grantGroup(getSupporter(), Group.ORGASSURER);
+ u1.grantGroup(getSupporter(), Group.ORG_AGENT);
User u2 = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u2.grantGroup(getSupporter(), Group.ORGASSURER);
+ u2.grantGroup(getSupporter(), Group.ORG_AGENT);
User u3 = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u3.grantGroup(getSupporter(), Group.ORGASSURER);
+ u3.grantGroup(getSupporter(), Group.ORG_AGENT);
User u4 = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u4.grantGroup(getSupporter(), Group.ORGASSURER);
+ u4.grantGroup(getSupporter(), Group.ORG_AGENT);
Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "prov", "city", "email", "optional name", "postal address", u1);
assertEquals(0, o1.getAllAdmins().size());
o1.addAdmin(u2, u1, false);
public class TestUserGroupMembership extends BusinessTest {
- private final Group ttpGroup = Group.TTP_ASSURER;
+ private final Group ttpGroup = Group.TTP_AGENT;
private final Group supporter = Group.SUPPORTER;
@Test
public void testIssueOrgCert() throws Exception {
makeAgent(id);
- u.grantGroup(getSupporter(), Group.ORGASSURER);
+ u.grantGroup(getSupporter(), Group.ORG_AGENT);
Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u);
o1.addAdmin(u, u, false);
public void testTTPAdmin(boolean hasRight) throws IOException, GigiApiException {
if (hasRight) {
- grant(u, Group.TTP_ASSURER);
+ grant(u, Group.TTP_AGENT);
}
grant(u, TTPAdminPage.TTP_APPLICANT);
cookie = login(u.getEmail(), TEST_PASSWORD);
public OrgTest() throws IOException, GigiApiException {
makeAgent(u.getId());
- u.grantGroup(getSupporter(), Group.ORGASSURER);
+ u.grantGroup(getSupporter(), Group.ORG_AGENT);
clearCaches();
cookie = login(email, TEST_PASSWORD);
}
initEnvironment();
try {
User u = User.getById(createVerificationUser("f", "l", createUniqueName() + "@email.com", TEST_PASSWORD));
- grant(u, Group.ORGASSURER);
+ grant(u, Group.ORG_AGENT);
clearCaches();
u = User.getById(u.getId());
selfOrg = new Organisation(Organisation.SELF_ORG_NAME, Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "NA", "NA", "contact@example.org", "", "", u);
@Test
public void testNucleus() throws SQLException, GigiApiException, IOException {
User agent = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
- agent.grantGroup(getSupporter(), Group.NUCLEUS_ASSURER);
+ agent.grantGroup(getSupporter(), Group.NUCLEUS_AGENT);
User applicant = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
Name n1 = applicant.getPreferredName();
Name n2 = new Name(applicant, new NamePart(NamePartType.FIRST_NAME, "F2"), new NamePart(NamePartType.LAST_NAME, "L2"));
@Test
public void testNucleusProcess() throws SQLException, GigiApiException, IOException {
User agent1 = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
- agent1.grantGroup(getSupporter(), Group.NUCLEUS_ASSURER);
+ agent1.grantGroup(getSupporter(), Group.NUCLEUS_AGENT);
User agent2 = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
- agent2.grantGroup(getSupporter(), Group.NUCLEUS_ASSURER);
+ agent2.grantGroup(getSupporter(), Group.NUCLEUS_AGENT);
User applicant = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
Notary.verify(agent1, applicant, applicant.getPreferredName(), applicant.getDoB(), 50, "test", validVerificationDateString(), VerificationType.NUCLEUS, DE);
Notary.verify(agent2, applicant, applicant.getPreferredName(), applicant.getDoB(), 50, "test", validVerificationDateString(), VerificationType.NUCLEUS, DE);
</td><td>
<select name="priv">
<option>supporter</option>
-<option>arbitrator</option>
-<option>blockedassuree</option>
-<option>blockedassurer</option>
-<option>blockedlogin</option>
-<option>ttp-assurer</option>
+<option>blocked-applicant</option>
+<option>blocked-agent</option>
+<option>blocked-login</option>
+<option>ttp-agent</option>
<option>ttp-applicant</option>
-<option>nucleus-assurer</option>
+<option>nucleus-agent</option>
<option>codesigning</option>
-<option>orgassurer</option>
+<option>org-agent</option>
</select>
<input type="submit" name="addpriv" value="Grant Privillege"/>
<input type="submit" name="delpriv" value="Revoke Privillege"/>