From: Felix Dörre Date: Wed, 27 Jan 2016 11:35:39 +0000 (+0100) Subject: add: group to block an account for issuing new certs. X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=1e5293e284e84388dd13fcddb4b48d99986426b5;hp=7f0229055197cf353db26e61b1f5d84ddf5b58df add: group to block an account for issuing new certs. --- diff --git a/src/org/cacert/gigi/database/DatabaseConnection.java b/src/org/cacert/gigi/database/DatabaseConnection.java index 3c25d9df..525ce44f 100644 --- a/src/org/cacert/gigi/database/DatabaseConnection.java +++ b/src/org/cacert/gigi/database/DatabaseConnection.java @@ -99,7 +99,7 @@ public class DatabaseConnection { } - public static final int CURRENT_SCHEMA_VERSION = 7; + public static final int CURRENT_SCHEMA_VERSION = 8; public static final int CONNECTION_TIMEOUT = 24 * 60 * 60; diff --git a/src/org/cacert/gigi/database/tableStructure.sql b/src/org/cacert/gigi/database/tableStructure.sql index 93014b9a..a6aaf385 100644 --- a/src/org/cacert/gigi/database/tableStructure.sql +++ b/src/org/cacert/gigi/database/tableStructure.sql @@ -327,7 +327,7 @@ CREATE TABLE IF NOT EXISTS "arbitrations" ( DROP TABLE IF EXISTS "user_groups"; DROP TYPE IF EXISTS "userGroup"; -CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer'); +CREATE TYPE "userGroup" AS enum('supporter','arbitrator','blockedassuree','blockedassurer','blockedlogin','ttp-assurer','ttp-applicant', 'codesigning', 'orgassurer', 'blockedcert'); CREATE TABLE IF NOT EXISTS "user_groups" ( "id" serial NOT NULL, @@ -374,7 +374,7 @@ CREATE TABLE "schemeVersion" ( "version" smallint NOT NULL, PRIMARY KEY ("version") ); -INSERT INTO "schemeVersion" (version) VALUES(7); +INSERT INTO "schemeVersion" (version) VALUES(8); DROP TABLE IF EXISTS `passwordResetTickets`; CREATE TABLE `passwordResetTickets` ( diff --git a/src/org/cacert/gigi/database/upgrade/from_7.sql b/src/org/cacert/gigi/database/upgrade/from_7.sql new file mode 100644 index 00000000..6ba86828 --- /dev/null +++ b/src/org/cacert/gigi/database/upgrade/from_7.sql @@ -0,0 +1 @@ +ALTER TYPE "userGroup" ADD VALUE 'blockedcert' diff --git a/src/org/cacert/gigi/dbObjects/Group.java b/src/org/cacert/gigi/dbObjects/Group.java index 07d3c11f..685c27e1 100644 --- a/src/org/cacert/gigi/dbObjects/Group.java +++ b/src/org/cacert/gigi/dbObjects/Group.java @@ -4,7 +4,7 @@ import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; public enum Group { - SUPPORTER("supporter"), ARBITRATOR("arbitrator"), BLOCKEDASSURER("blockedassurer"), BLOCKEDASSUREE("blockedassuree"), BLOCKEDLOGIN("blockedlogin"), TTP_ASSURER("ttp-assurer"), TTP_APPLICANT("ttp-applicant"), CODESIGNING("codesigning"), ORGASSURER("orgassurer"); + SUPPORTER("supporter"), ARBITRATOR("arbitrator"), BLOCKEDASSURER("blockedassurer"), BLOCKEDASSUREE("blockedassuree"), BLOCKEDLOGIN("blockedlogin"), BLOCKEDCERT("blockedcert"), TTP_ASSURER("ttp-assurer"), TTP_APPLICANT("ttp-applicant"), CODESIGNING("codesigning"), ORGASSURER("orgassurer"); private final String dbName; diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java index 2d55d565..fa3c1456 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java +++ b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java @@ -9,8 +9,10 @@ import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.dbObjects.Certificate; import org.cacert.gigi.dbObjects.Certificate.CertificateStatus; +import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.AuthorizationContext; public class CertificateAdd extends Page { @@ -45,4 +47,8 @@ public class CertificateAdd extends Page { } + @Override + public boolean isPermitted(AuthorizationContext ac) { + return super.isPermitted(ac) && !ac.isInGroup(Group.BLOCKEDCERT); + } }