chg: enable support to remove supporter flag for own account
authorINOPIAE <m.maengel@inopiae.de>
Mon, 12 Feb 2018 15:48:17 +0000 (16:48 +0100)
committerINOPIAE <m.maengel@inopiae.de>
Tue, 13 Feb 2018 20:34:55 +0000 (21:34 +0100)
fixes issue #77

Change-Id: I0f0197607c1eb7907c3ffafcbcd01fbe109d73af

src/club/wpia/gigi/pages/admin/support/SupportUserDetailsForm.java
tests/club/wpia/gigi/pages/admin/TestSEAdminNotificationMail.java

index 969cbe6..aaa4a43 100644 (file)
@@ -6,6 +6,7 @@ import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 
+import club.wpia.gigi.Gigi;
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.dbObjects.Name;
@@ -20,6 +21,8 @@ import club.wpia.gigi.output.template.Form;
 import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.output.template.TranslateCommand;
 import club.wpia.gigi.pages.LoginPage;
+import club.wpia.gigi.pages.account.MyDetails;
+import club.wpia.gigi.util.AuthorizationContext;
 
 public class SupportUserDetailsForm extends Form {
 
@@ -42,12 +45,25 @@ public class SupportUserDetailsForm extends Form {
         if (user.getTicket() == null) {
             throw new GigiApiException("No ticket number set.");
         }
-        if (user.getTargetUser() == LoginPage.getUser(req)) {
-            throw new GigiApiException("Supporter may not modify himself.");
-        }
+
         if ((req.getParameter("detailupdate") != null ? 1 : 0) + (req.getParameter("addGroup") != null ? 1 : 0) + (req.getParameter("removeGroup") != null ? 1 : 0) + (req.getParameter("resetPass") != null ? 1 : 0) != 1) {
             throw new GigiApiException("More than one action requested!");
         }
+
+        if (user.getTargetUser() == LoginPage.getUser(req)) {
+            if (req.getParameter("removeGroup") != null) {
+                value.update(req);
+                Group toMod = value.getGroup();
+                if (toMod == Group.SUPPORTER) {
+                    user.revoke(toMod);
+                    AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
+                    req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ac.getActor()));
+                    return new RedirectResult(MyDetails.PATH);
+                }
+            }
+            throw new GigiApiException("Supporter may not modify himself.");
+        }
+
         if (req.getParameter("addGroup") != null || req.getParameter("removeGroup") != null) {
             value.update(req);
             Group toMod = value.getGroup();
index 30aeb64..97ac6a0 100644 (file)
@@ -7,6 +7,7 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.net.MalformedURLException;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.util.HashMap;
 import java.util.Locale;
@@ -17,10 +18,13 @@ import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.dbObjects.User;
 import club.wpia.gigi.localisation.Language;
+import club.wpia.gigi.pages.account.MyDetails;
 import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage;
+import club.wpia.gigi.testUtils.IOUtils;
 import club.wpia.gigi.testUtils.SEClientTest;
 import club.wpia.gigi.testUtils.TestEmailReceiver.TestMail;
 import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.ServerConstants.Host;
 
 public class TestSEAdminNotificationMail extends SEClientTest {
 
@@ -141,4 +145,34 @@ public class TestSEAdminNotificationMail extends SEClientTest {
         message = getMailReceiver().receive(targetEmail).getMessage();
         assertThat(message, containsString("All certificates in your account have been revoked."));
     }
+
+    @Test
+    public void testSupportSupporterGroup() throws MalformedURLException, IOException {
+        // supporter adds to his own groups
+        String s = IOUtils.readURL(post(SupportUserDetailsPage.PATH + u.getId() + "/", "addGroup&groupToModify=" + URLEncoder.encode(Group.ORG_AGENT.getDBName(), "UTF-8")));
+        assertThat(s, containsString("Supporter may not modify himself."));
+
+        // supporter removes from his own groups
+        s = IOUtils.readURL(post(SupportUserDetailsPage.PATH + u.getId() + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.ORG_AGENT.getDBName(), "UTF-8")));
+        assertThat(s, containsString("Supporter may not modify himself."));
+
+        // supporter removes supporter flag
+        URLConnection uc = post(SupportUserDetailsPage.PATH + u.getId() + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDBName(), "UTF-8"));
+        assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + MyDetails.PATH, uc.getHeaderField("Location"));
+        StringWriter sw = new StringWriter();
+        PrintWriter pw = new PrintWriter(sw);
+        Group.SUPPORTER.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+        // mail to support
+        String message = getMailReceiver().receive(ServerConstants.getSupportMailAddress()).getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked."));
+        // mail to user
+        message = getMailReceiver().receive(u.getEmail()).getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked from your account."));
+        // mail to board
+        message = getMailReceiver().receive(ServerConstants.getBoardMailAddress()).getMessage();
+        assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked for '" + u.getPreferredName().toString() + "'."));
+        s = IOUtils.readURL(get(cookie, MyDetails.PATH));
+        assertThat(s, not(containsString("supporter")));
+    }
+
 }