Change-Id: Ie759b769074e5f7c25787cee7f5661fd8b1471a5
- public void revoke(Group toMod) {
+ public void revoke(Group toMod) throws GigiApiException {
target.revokeGroup(supporter, toMod);
String subject = "Change Group Permissions";
// send notification to support
target.revokeGroup(supporter, toMod);
String subject = "Change Group Permissions";
// send notification to support
if (toGrant.isManagedBySupport() && !granter.isInGroup(Group.SUPPORTER)) {
throw new GigiApiException("Group may only be managed by supporter");
}
if (toGrant.isManagedBySupport() && !granter.isInGroup(Group.SUPPORTER)) {
throw new GigiApiException("Group may only be managed by supporter");
}
+ if (toGrant.isManagedBySupport() && granter == this) {
+ throw new GigiApiException("Group may only be managed by supporter that is not oneself");
+ }
groups.add(toGrant);
try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
ps.setInt(1, getId());
groups.add(toGrant);
try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
ps.setInt(1, getId());
- public void revokeGroup(User revoker, Group toRevoke) {
+ public void revokeGroup(User revoker, Group toRevoke) throws GigiApiException {
+ if (toRevoke.isManagedBySupport() && !revoker.isInGroup(Group.SUPPORTER)) {
+ throw new GigiApiException("Group may only be managed by supporter");
+ }
groups.remove(toRevoke);
try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `user_groups` SET `deleted`=CURRENT_TIMESTAMP, `revokedby`=? WHERE `deleted` IS NULL AND `permission`=?::`userGroup` AND `user`=?")) {
ps.setInt(1, revoker.getId());
groups.remove(toRevoke);
try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `user_groups` SET `deleted`=CURRENT_TIMESTAMP, `revokedby`=? WHERE `deleted` IS NULL AND `permission`=?::`userGroup` AND `user`=?")) {
ps.setInt(1, revoker.getId());
import org.cacert.gigi.output.GroupSelector;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.output.GroupSelector;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.LoginPage;
public class SupportUserDetailsForm extends Form {
public class SupportUserDetailsForm extends Form {
if (user.getTicket() == null) {
return false;
}
if (user.getTicket() == null) {
return false;
}
+ if (user.getTargetUser() == LoginPage.getUser(req)) {
+ throw new GigiApiException("Supporter may not modify himself.");
+ }
if ((req.getParameter("detailupdate") != null ? 1 : 0) + (req.getParameter("addGroup") != null ? 1 : 0) + (req.getParameter("removeGroup") != null ? 1 : 0) + (req.getParameter("resetPass") != null ? 1 : 0) != 1) {
throw new GigiApiException("More than one action requested!");
}
if ((req.getParameter("detailupdate") != null ? 1 : 0) + (req.getParameter("addGroup") != null ? 1 : 0) + (req.getParameter("removeGroup") != null ? 1 : 0) + (req.getParameter("resetPass") != null ? 1 : 0) != 1) {
throw new GigiApiException("More than one action requested!");
}
resp.getWriter().println("User not found.");
return;
}
resp.getWriter().println("User not found.");
return;
}
- if (req.getParameter("addpriv") != null) {
- try {
+ try {
+ if (req.getParameter("addpriv") != null) {
u.grantGroup(getSupporter(), Group.getByString(req.getParameter("priv")));
u.grantGroup(getSupporter(), Group.getByString(req.getParameter("priv")));
- } catch (GigiApiException e) {
- throw new Error(e);
+ resp.getWriter().println("Privilege granted");
+ } else {
+ u.revokeGroup(getSupporter(), Group.getByString(req.getParameter("priv")));
+ resp.getWriter().println("Privilege revoked");
- resp.getWriter().println("Privilege granted");
- } else {
- u.revokeGroup(u, Group.getByString(req.getParameter("priv")));
- resp.getWriter().println("Privilege revoked");
+ } catch (GigiApiException e) {
+ throw new Error(e);
}
} else if (req.getParameter("fetch") != null) {
String mail = req.getParameter("femail");
}
} else if (req.getParameter("fetch") != null) {
String mail = req.getParameter("femail");