From: INOPIAE Date: Mon, 12 Feb 2018 15:48:17 +0000 (+0100) Subject: chg: enable support to remove supporter flag for own account X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=a7306952f95e691322edb592a78e305d1c1b39c4 chg: enable support to remove supporter flag for own account fixes issue #77 Change-Id: I0f0197607c1eb7907c3ffafcbcd01fbe109d73af --- diff --git a/src/club/wpia/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/club/wpia/gigi/pages/admin/support/SupportUserDetailsForm.java index 969cbe62..aaa4a43a 100644 --- a/src/club/wpia/gigi/pages/admin/support/SupportUserDetailsForm.java +++ b/src/club/wpia/gigi/pages/admin/support/SupportUserDetailsForm.java @@ -6,6 +6,7 @@ import java.util.Set; import javax.servlet.http.HttpServletRequest; +import club.wpia.gigi.Gigi; import club.wpia.gigi.GigiApiException; import club.wpia.gigi.dbObjects.Group; import club.wpia.gigi.dbObjects.Name; @@ -20,6 +21,8 @@ import club.wpia.gigi.output.template.Form; import club.wpia.gigi.output.template.Template; import club.wpia.gigi.output.template.TranslateCommand; import club.wpia.gigi.pages.LoginPage; +import club.wpia.gigi.pages.account.MyDetails; +import club.wpia.gigi.util.AuthorizationContext; public class SupportUserDetailsForm extends Form { @@ -42,12 +45,25 @@ public class SupportUserDetailsForm extends Form { if (user.getTicket() == null) { throw new GigiApiException("No ticket number set."); } - if (user.getTargetUser() == LoginPage.getUser(req)) { - throw new GigiApiException("Supporter may not modify himself."); - } + if ((req.getParameter("detailupdate") != null ? 1 : 0) + (req.getParameter("addGroup") != null ? 1 : 0) + (req.getParameter("removeGroup") != null ? 1 : 0) + (req.getParameter("resetPass") != null ? 1 : 0) != 1) { throw new GigiApiException("More than one action requested!"); } + + if (user.getTargetUser() == LoginPage.getUser(req)) { + if (req.getParameter("removeGroup") != null) { + value.update(req); + Group toMod = value.getGroup(); + if (toMod == Group.SUPPORTER) { + user.revoke(toMod); + AuthorizationContext ac = LoginPage.getAuthorizationContext(req); + req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(ac.getActor(), ac.getActor())); + return new RedirectResult(MyDetails.PATH); + } + } + throw new GigiApiException("Supporter may not modify himself."); + } + if (req.getParameter("addGroup") != null || req.getParameter("removeGroup") != null) { value.update(req); Group toMod = value.getGroup(); diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminNotificationMail.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminNotificationMail.java index 30aeb64f..97ac6a00 100644 --- a/tests/club/wpia/gigi/pages/admin/TestSEAdminNotificationMail.java +++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminNotificationMail.java @@ -7,6 +7,7 @@ import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; import java.net.MalformedURLException; +import java.net.URLConnection; import java.net.URLEncoder; import java.util.HashMap; import java.util.Locale; @@ -17,10 +18,13 @@ import club.wpia.gigi.GigiApiException; import club.wpia.gigi.dbObjects.Group; import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.localisation.Language; +import club.wpia.gigi.pages.account.MyDetails; import club.wpia.gigi.pages.admin.support.SupportUserDetailsPage; +import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.testUtils.SEClientTest; import club.wpia.gigi.testUtils.TestEmailReceiver.TestMail; import club.wpia.gigi.util.ServerConstants; +import club.wpia.gigi.util.ServerConstants.Host; public class TestSEAdminNotificationMail extends SEClientTest { @@ -141,4 +145,34 @@ public class TestSEAdminNotificationMail extends SEClientTest { message = getMailReceiver().receive(targetEmail).getMessage(); assertThat(message, containsString("All certificates in your account have been revoked.")); } + + @Test + public void testSupportSupporterGroup() throws MalformedURLException, IOException { + // supporter adds to his own groups + String s = IOUtils.readURL(post(SupportUserDetailsPage.PATH + u.getId() + "/", "addGroup&groupToModify=" + URLEncoder.encode(Group.ORG_AGENT.getDBName(), "UTF-8"))); + assertThat(s, containsString("Supporter may not modify himself.")); + + // supporter removes from his own groups + s = IOUtils.readURL(post(SupportUserDetailsPage.PATH + u.getId() + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.ORG_AGENT.getDBName(), "UTF-8"))); + assertThat(s, containsString("Supporter may not modify himself.")); + + // supporter removes supporter flag + URLConnection uc = post(SupportUserDetailsPage.PATH + u.getId() + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDBName(), "UTF-8")); + assertEquals("https://" + ServerConstants.getHostNamePortSecure(Host.WWW) + MyDetails.PATH, uc.getHeaderField("Location")); + StringWriter sw = new StringWriter(); + PrintWriter pw = new PrintWriter(sw); + Group.SUPPORTER.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap()); + // mail to support + String message = getMailReceiver().receive(ServerConstants.getSupportMailAddress()).getMessage(); + assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked.")); + // mail to user + message = getMailReceiver().receive(u.getEmail()).getMessage(); + assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked from your account.")); + // mail to board + message = getMailReceiver().receive(ServerConstants.getBoardMailAddress()).getMessage(); + assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked for '" + u.getPreferredName().toString() + "'.")); + s = IOUtils.readURL(get(cookie, MyDetails.PATH)); + assertThat(s, not(containsString("supporter"))); + } + }