add: Org Agents may not make themselves administrators of organisations.

author Felix Dörre <felix@dogcraft.de>

Fri, 3 Mar 2017 10:01:47 +0000 (11:01 +0100)

committer Felix Dörre <felix@dogcraft.de>

Sat, 4 Mar 2017 09:24:23 +0000 (10:24 +0100)
author Felix Dörre <felix@dogcraft.de>
Fri, 3 Mar 2017 10:01:47 +0000 (11:01 +0100)
committer Felix Dörre <felix@dogcraft.de>
Sat, 4 Mar 2017 09:24:23 +0000 (10:24 +0100)
diff --git a/src/club/wpia/gigi/dbObjects/Organisation.java b/src/club/wpia/gigi/dbObjects/Organisation.java

index c47a7837ba3cbda87d7cb83390bd2d73194faf92..3ce83c70b77ed3312827f977a0007010a4e0a74b 100644 (file)
--- a/src/club/wpia/gigi/dbObjects/Organisation.java
+++ b/src/club/wpia/gigi/dbObjects/Organisation.java
@@ -145,6 +145,9 @@ public class Organisation extends CertificateOwner {
      }
  
      public synchronized void addAdmin(User admin, User actor, boolean master) throws GigiApiException {
+        if (actor == admin) {
+            throw new GigiApiException("You may not add yourself as Organisation Admin. Ask another Organisation Agent to do so.");
+        }
          if ( !admin.canVerify()) {
              throw new GigiApiException("Cannot add person who is not RA Agent.");
          }
diff --git a/tests/club/wpia/gigi/api/IssueCert.java b/tests/club/wpia/gigi/api/IssueCert.java

index 5c4791e5788c0f76b6ffe77d88608e9ffd1a3840..f7ae0ed9d056135607369031c07722298e81c04e 100644 (file)
--- a/tests/club/wpia/gigi/api/IssueCert.java
+++ b/tests/club/wpia/gigi/api/IssueCert.java
@@ -17,16 +17,16 @@ import java.security.cert.X509Certificate;
  
  import org.junit.Test;
  
-import club.wpia.gigi.api.CreateCertificate;
  import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CSRType;
+import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
  import club.wpia.gigi.dbObjects.Country;
+import club.wpia.gigi.dbObjects.Country.CountryCodeType;
  import club.wpia.gigi.dbObjects.Digest;
  import club.wpia.gigi.dbObjects.Domain;
  import club.wpia.gigi.dbObjects.Group;
  import club.wpia.gigi.dbObjects.Organisation;
-import club.wpia.gigi.dbObjects.Certificate.CSRType;
-import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
-import club.wpia.gigi.dbObjects.Country.CountryCodeType;
+import club.wpia.gigi.dbObjects.User;
  import club.wpia.gigi.pages.account.certs.CertificateRequest;
  import club.wpia.gigi.testUtils.ClientTest;
  import club.wpia.gigi.testUtils.IOUtils;
@@ -88,10 +88,11 @@ public class IssueCert extends ClientTest {
      @Test
      public void testIssueOrgCert() throws Exception {
          makeAgent(id);
-        u.grantGroup(getSupporter(), Group.ORG_AGENT);
+        User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        u2.grantGroup(getSupporter(), Group.ORG_AGENT);
  
-        Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u);
-        o1.addAdmin(u, u, false);
+        Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u2);
+        o1.addAdmin(u, u2, false);
          String testdom = createUniqueName() + "-example.com";
          Domain d2 = new Domain(u, o1, testdom);
          verify(d2);
diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java

index 8837abc62bbe1ed8fafb8c4eecfa5ff36ba46114..2bb91f12c87dad6df21e67ba3d5b19b0f8f0c574 100644 (file)
--- a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
@@ -17,13 +17,11 @@ import org.junit.Test;
  
  import club.wpia.gigi.GigiApiException;
  import club.wpia.gigi.dbObjects.Country;
-import club.wpia.gigi.dbObjects.Organisation;
-import club.wpia.gigi.dbObjects.User;
  import club.wpia.gigi.dbObjects.Country.CountryCodeType;
+import club.wpia.gigi.dbObjects.Organisation;
  import club.wpia.gigi.dbObjects.Organisation.Affiliation;
+import club.wpia.gigi.dbObjects.User;
  import club.wpia.gigi.pages.account.MyDetails;
-import club.wpia.gigi.pages.orga.CreateOrgPage;
-import club.wpia.gigi.pages.orga.ViewOrgPage;
  import club.wpia.gigi.testUtils.IOUtils;
  import club.wpia.gigi.testUtils.OrgTest;
  
@@ -61,17 +59,18 @@ public class TestOrgManagement extends OrgTest {
          assertSame(u2, affiliation.getTarget());
          assertTrue(affiliation.isMaster());
  
-        assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u.getEmail(), "UTF-8") + "&do_affiliate=y", 1));
+        User u3 = User.getById(createVerificationUser("testworker2", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y", 1));
          allAdmins = orgs[0].getAllAdmins();
          assertEquals(2, allAdmins.size());
          Affiliation affiliation2 = allAdmins.get(0);
          if (affiliation2.getTarget().getId() == u2.getId()) {
              affiliation2 = allAdmins.get(1);
          }
-        assertEquals(u.getId(), affiliation2.getTarget().getId());
+        assertEquals(u3.getId(), affiliation2.getTarget().getId());
          assertFalse(affiliation2.isMaster());
  
-        assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1));
+        assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1));
          assertEquals(1, orgs[0].getAllAdmins().size());
  
          assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1));
@@ -144,6 +143,20 @@ public class TestOrgManagement extends OrgTest {
          o1.removeAdmin(u2, u3);
          o1.removeAdmin(u3, u3);
          assertEquals(0, o1.getAllAdmins().size());
+        try {
+            // must fail because one may not add oneself
+            o1.addAdmin(u3, u3, false);
+            fail("No exception!");
+        } catch (GigiApiException e) {
+        }
+        assertEquals(0, o1.getAllAdmins().size());
+        try {
+            // must fail because one may not add oneself
+            o1.addAdmin(u3, u3, true);
+            fail("No exception!");
+        } catch (GigiApiException e) {
+        }
+        assertEquals(0, o1.getAllAdmins().size());
          o1.delete();
      }
author	Felix Dörre <felix@dogcraft.de>
	Fri, 3 Mar 2017 10:01:47 +0000 (11:01 +0100)
committer	Felix Dörre <felix@dogcraft.de>
	Sat, 4 Mar 2017 09:24:23 +0000 (10:24 +0100)
src/club/wpia/gigi/dbObjects/Organisation.java		patch \| blob \| history
tests/club/wpia/gigi/api/IssueCert.java		patch \| blob \| history
tests/club/wpia/gigi/pages/orga/TestOrgManagement.java		patch \| blob \| history