upd: restrict permissions of org "master" admin on organisation

diff --git a/src/org/cacert/gigi/dbObjects/Organisation.java b/src/org/cacert/gigi/dbObjects/Organisation.java
index 6b5b28f44234dd006ab6f3f8d3bef29edcc542e8..ae99b115bfe498770985e6e8a686c70654da15ea 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/Organisation.java
+++ b/src/org/cacert/gigi/dbObjects/Organisation.java
@@ -109,7 +109,7 @@ public class Organisation extends CertificateOwner {
         if (co instanceof Organisation) {
             return (Organisation) co;
         }
-        return null;
+        throw new IllegalArgumentException("Organisation not found.");
     }
 
     public synchronized void addAdmin(User admin, User actor, boolean master) throws GigiApiException {

diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index 55e567f5dd6a93a793a9c358cde85c7242360748..e6f06921c08b2ad4e0a53633b12660d86ebf198b 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -409,8 +409,12 @@ public class User extends CertificateOwner {
     }
 
     public List<Organisation> getOrganisations() {
+        return getOrganisations(false);
+    }
+
+    public List<Organisation> getOrganisations(boolean isAdmin) {
         List<Organisation> orgas = new ArrayList<>();
-        try (GigiPreparedStatement query = new GigiPreparedStatement("SELECT `orgid` FROM `org_admin` WHERE `memid`=? AND `deleted` IS NULL")) {
+        try (GigiPreparedStatement query = new GigiPreparedStatement("SELECT `orgid` FROM `org_admin` WHERE `memid`=? AND `deleted` IS NULL" + (isAdmin ? " AND master='y'" : ""))) {
             query.setInt(1, getId());
             try (GigiResultSet res = query.executeQuery()) {
                 while (res.next()) {

diff --git a/src/org/cacert/gigi/pages/orga/EditOrg.templ b/src/org/cacert/gigi/pages/orga/EditOrg.templ
index 1971bb798103ec33a94b90a10dbb6c5d8b6b0743..eaaa93f293ad687edc1140e2e914bbd07e375a11 100644 (file)
--- a/src/org/cacert/gigi/pages/orga/EditOrg.templ
+++ b/src/org/cacert/gigi/pages/orga/EditOrg.templ
@@ -1,5 +1,5 @@
-<?=$editForm?>
-<br/>
+<? if($editForm) { ?><?=$editForm?>
+<br/><? } else { ?><h1><?=$orgName?></h1><? } ?>
 <?=$affForm?>
 <br/>
-<?=$addDom?>
\ No newline at end of file
+<? if($addDom) { ?><?=$addDom?><? } ?>

diff --git a/src/org/cacert/gigi/pages/orga/ViewOrgPage.java b/src/org/cacert/gigi/pages/orga/ViewOrgPage.java
index 9e470240d95124bab73db23e98d5fc558ec67553..815a2cebeb4fb7bc325293d2601b30326776e165 100644 (file)
--- a/src/org/cacert/gigi/pages/orga/ViewOrgPage.java
+++ b/src/org/cacert/gigi/pages/orga/ViewOrgPage.java
@@ -34,7 +34,7 @@ public class ViewOrgPage extends Page {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && (ac.isInGroup(CreateOrgPage.ORG_ASSURER) || ac.getActor().getOrganisations().size() != 0);
+        return ac != null && (ac.isInGroup(CreateOrgPage.ORG_ASSURER) || ac.getActor().getOrganisations(true).size() != 0);
     }
 
     @Override
@@ -74,7 +74,7 @@ public class ViewOrgPage extends Page {
         if (idS.length() < DEFAULT_PATH.length() + 2) {
             final Organisation[] orgas = Organisation.getOrganisations(0, 30);
             HashMap<String, Object> map = new HashMap<>();
-            final List<Organisation> myOrgs = u.getOrganisations();
+            final List<Organisation> myOrgs = u.getOrganisations(true);
             final boolean orgAss = u.isInGroup(CreateOrgPage.ORG_ASSURER);
             if (orgAss) {
                 map.put("orgas", makeOrgDataset(orgas));
@@ -86,17 +86,28 @@ public class ViewOrgPage extends Page {
         }
         idS = idS.substring(DEFAULT_PATH.length() + 1);
         int id = Integer.parseInt(idS);
-        Organisation o = Organisation.getById(id);
+        Organisation o;
+        try {
+            o = Organisation.getById(id);
+        } catch (IllegalArgumentException e) {
+            resp.sendError(404);
+            return;
+        }
         final List<Organisation> myOrgs = u.getOrganisations();
         final boolean orgAss = u.isInGroup(CreateOrgPage.ORG_ASSURER);
-        if (o == null || ( !orgAss && !myOrgs.contains(o))) {
+        if ( !orgAss && !myOrgs.contains(o)) {
             resp.sendError(404);
             return;
         }
         HashMap<String, Object> vars = new HashMap<>();
-        vars.put("editForm", new CreateOrgForm(req, o));
-        vars.put("affForm", new AffiliationForm(req, o));
-        vars.put("addDom", new OrgDomainAddForm(req, o));
+        if (orgAss) {
+            vars.put("editForm", new CreateOrgForm(req, o));
+            vars.put("affForm", new AffiliationForm(req, o));
+            vars.put("addDom", new OrgDomainAddForm(req, o));
+        } else {
+            vars.put("affForm", new AffiliationForm(req, o));
+            vars.put("orgName", o.getName());
+        }
         mainTempl.output(out, lang, vars);
     }