add: make sure org admin cannot delete domain from org account

author INOPIAE <m.maengel@inopiae.de>

Thu, 9 Aug 2018 14:34:48 +0000 (16:34 +0200)

committer INOPIAE <m.maengel@inopiae.de>

Sat, 18 Aug 2018 13:55:58 +0000 (15:55 +0200)
author INOPIAE <m.maengel@inopiae.de>
Thu, 9 Aug 2018 14:34:48 +0000 (16:34 +0200)
committer INOPIAE <m.maengel@inopiae.de>
Sat, 18 Aug 2018 13:55:58 +0000 (15:55 +0200)
diff --git a/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.java b/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.java

index 95fce624c6bdd48c27a85fa134137308b5106978..eebf22073348c76d008543ea1e82aab0fb683ce8 100644 (file)
--- a/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.java
+++ b/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.java
@@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest;
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.CertificateOwner;
  import club.wpia.gigi.dbObjects.Domain;
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.CertificateOwner;
  import club.wpia.gigi.dbObjects.Domain;
+import club.wpia.gigi.dbObjects.Organisation;
  import club.wpia.gigi.localisation.Language;
  import club.wpia.gigi.output.template.Form;
  import club.wpia.gigi.output.template.IterableDataset;
  import club.wpia.gigi.localisation.Language;
  import club.wpia.gigi.output.template.Form;
  import club.wpia.gigi.output.template.IterableDataset;
@@ -22,10 +23,13 @@ public class DomainManagementForm extends Form {
  
      private boolean foreign;
  
  
      private boolean foreign;
  
+    private boolean readOnly;
+
      public DomainManagementForm(HttpServletRequest hsr, CertificateOwner target, boolean foreign) {
          super(hsr);
          this.target = target;
          this.foreign = foreign;
      public DomainManagementForm(HttpServletRequest hsr, CertificateOwner target, boolean foreign) {
          super(hsr);
          this.target = target;
          this.foreign = foreign;
+        readOnly = (target instanceof Organisation && !foreign);
      }
  
      @Override
      }
  
      @Override
@@ -35,6 +39,9 @@ public class DomainManagementForm extends Form {
          int delId = Integer.parseInt(dels);
          Domain d = Domain.getById(delId);
          if (d != null && d.getOwner() == target) {
          int delId = Integer.parseInt(dels);
          Domain d = Domain.getById(delId);
          if (d != null && d.getOwner() == target) {
+            if (readOnly) {
+                throw new GigiApiException("You are not allowed to delete a domain.");
+            }
              d.delete();
          } else {
              throw new GigiApiException("Domain was not found.");
              d.delete();
          } else {
              throw new GigiApiException("Domain was not found.");
@@ -70,6 +77,12 @@ public class DomainManagementForm extends Form {
              }
          };
          vars.put("domains", dts);
              }
          };
          vars.put("domains", dts);
+        if (readOnly) {
+            vars.put("buttonvisible", null);
+        } else {
+            vars.put("buttonvisible", "buttonvisible");
+        }
+
          t.output(out, l, vars);
      }
  }
          t.output(out, l, vars);
      }
  }
diff --git a/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ b/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ

index c003a48a07b4527cb10016fbb0d5d17aa782acd5..d022c27146501a08fa43c08358d163f5f56733b7 100644 (file)
--- a/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ
+++ b/src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ
@@ -10,7 +10,7 @@
    </tr>
    <? foreach($domains) { ?>
    <tr>
    </tr>
    <? foreach($domains) { ?>
    <tr>
-       <td><button class="btn btn-danger btn-confirm" data-confirm="<?=_Do you really want to delete this domain??>" data-reply="<?=_Cancel?>,<?=_Confirm?>" type="submit" name="delete" value="<?=$id?>">Delete</button></td>
+       <td><? if($buttonvisible) { ?><button class="btn btn-danger btn-confirm" data-confirm="<?=_Do you really want to delete this domain??>" data-reply="<?=_Cancel?>,<?=_Confirm?>" type="submit" name="delete" value="<?=$id?>">Delete</button><? } ?></td>
         <td><?=$status?></td>
         <td><? if($domainhref) { ?><a href='<?=$domainhref?>'><?=$domain?><? } else { ?><?=$domain?><? } ?></a></td>
    </tr>
         <td><?=$status?></td>
         <td><? if($domainhref) { ?><a href='<?=$domainhref?>'><?=$domain?><? } else { ?><?=$domain?><? } ?></a></td>
    </tr>
diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java b/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java

index c758b7c63701ad37c3965faf59a62383651490e7..a17586b27224c5f48c81ca113511782b18cf5036 100644 (file)
--- a/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java
@@ -1,8 +1,10 @@
  package club.wpia.gigi.pages.orga;
  
  package club.wpia.gigi.pages.orga;
  
+import static org.hamcrest.CoreMatchers.*;
  import static org.junit.Assert.*;
  
  import java.io.IOException;
  import static org.junit.Assert.*;
  
  import java.io.IOException;
+import java.net.URLConnection;
  import java.net.URLEncoder;
  
  import org.junit.Test;
  import java.net.URLEncoder;
  
  import org.junit.Test;
@@ -10,7 +12,9 @@ import org.junit.Test;
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.Domain;
  import club.wpia.gigi.dbObjects.Organisation;
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.Domain;
  import club.wpia.gigi.dbObjects.Organisation;
-import club.wpia.gigi.pages.orga.ViewOrgPage;
+import club.wpia.gigi.dbObjects.User;
+import club.wpia.gigi.pages.account.domain.DomainOverview;
+import club.wpia.gigi.testUtils.IOUtils;
  import club.wpia.gigi.testUtils.OrgTest;
  
  public class TestOrgDomain extends OrgTest {
  import club.wpia.gigi.testUtils.OrgTest;
  
  public class TestOrgDomain extends OrgTest {
@@ -87,4 +91,31 @@ public class TestOrgDomain extends OrgTest {
          assertEquals(0, o1.getDomains().length);
          assertEquals(0, u.getDomains().length);
      }
          assertEquals(0, o1.getDomains().length);
          assertEquals(0, u.getDomains().length);
      }
+
+    @Test
+    public void testDelAsAdmin() throws IOException, GigiApiException {
+        Organisation o = createUniqueOrg();
+        String dom = createUniqueName() + ".de";
+        Domain d = new Domain(u, o, dom);
+        assertEquals(1, o.getDomains().length);
+        User admin = createOrgAdmin(o);
+        String adminCookie = login(admin.getEmail(), TEST_PASSWORD);
+        assertNull(executeBasicWebInteraction(adminCookie, SwitchOrganisation.PATH, "org:" + o.getId() + "=y", 0));
+
+        // test that delete button is not displayed
+        URLConnection uc = get(adminCookie, DomainOverview.PATH);
+        uc.setDoOutput(true);
+        String res = IOUtils.readURL(uc);
+        assertThat(res, not(containsString("Delete")));
+
+        // test that domain cannot be deleted by organisation administrator
+        assertNull(executeBasicWebInteraction(adminCookie, SwitchOrganisation.PATH, "org:" + o.getId() + "=y", 0));
+        uc = post(adminCookie, DomainOverview.PATH, "delete=" + d.getId(), 0);
+        res = IOUtils.readURL(uc);
+        assertThat(res, containsString("You are not allowed to delete a domain."));
+
+        // verify that domain still belongs to organisation
+        assertEquals(1, o.getDomains().length);
+
+    }
  }
  }
diff --git a/tests/club/wpia/gigi/testUtils/OrgTest.java b/tests/club/wpia/gigi/testUtils/OrgTest.java

index 6a0c4d1c68cf70330b6ae4404656e6fe6e5d7b6f..2d79c5a497b0e15d289ff38e699599e8cabe414d 100644 (file)
--- a/tests/club/wpia/gigi/testUtils/OrgTest.java
+++ b/tests/club/wpia/gigi/testUtils/OrgTest.java
@@ -4,9 +4,10 @@ import java.io.IOException;
  
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.Country;
  
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.Country;
+import club.wpia.gigi.dbObjects.Country.CountryCodeType;
  import club.wpia.gigi.dbObjects.Group;
  import club.wpia.gigi.dbObjects.Organisation;
  import club.wpia.gigi.dbObjects.Group;
  import club.wpia.gigi.dbObjects.Organisation;
-import club.wpia.gigi.dbObjects.Country.CountryCodeType;
+import club.wpia.gigi.dbObjects.User;
  
  public class OrgTest extends ClientTest {
  
  
  public class OrgTest extends ClientTest {
  
@@ -21,4 +22,10 @@ public class OrgTest extends ClientTest {
          Organisation o1 = new Organisation(createUniqueName(), Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "city", "test@example.com", "", "", u);
          return o1;
      }
          Organisation o1 = new Organisation(createUniqueName(), Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "city", "test@example.com", "", "", u);
          return o1;
      }
+
+    public User createOrgAdmin(Organisation o) throws GigiApiException {
+        User ua = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        o.addAdmin(ua, u, true);
+        return ua;
+    }
  }
  }
author	INOPIAE <m.maengel@inopiae.de>
	Thu, 9 Aug 2018 14:34:48 +0000 (16:34 +0200)
committer	INOPIAE <m.maengel@inopiae.de>
	Sat, 18 Aug 2018 13:55:58 +0000 (15:55 +0200)
src/club/wpia/gigi/pages/account/domain/DomainManagementForm.java		patch \| blob \| history
src/club/wpia/gigi/pages/account/domain/DomainManagementForm.templ		patch \| blob \| history
tests/club/wpia/gigi/pages/orga/TestOrgDomain.java		patch \| blob \| history
tests/club/wpia/gigi/testUtils/OrgTest.java		patch \| blob \| history