From 6f621133a5fb40c0590d4ac1b80f6ad2bdd77f80 Mon Sep 17 00:00:00 2001
From: INOPIAE <m.maengel@inopiae.de>
Date: Wed, 17 Aug 2016 12:14:03 +0200
Subject: [PATCH 1/1] add: add permission view

support is able to see all members of a support group, group members of
function roles (e.g. Arbitrator, TTP Agent, Nucleus Agent, Locate-Agent)
are able to see all members of their role, all others only the number of
accounts assigned to a group.

fixes issue #64

Change-Id: If9dfffae9d147eb2c92c84c3ad2a8173b8f84c83
---
 src/org/cacert/gigi/Gigi.java                 |  2 +
 src/org/cacert/gigi/dbObjects/Group.java      | 54 ++++++++++++++---
 .../pages/statistics/StatisticsRoles.java     | 59 +++++++++++++++++++
 .../pages/statistics/StatisticsRoles.templ    | 26 ++++++++
 4 files changed, 132 insertions(+), 9 deletions(-)
 create mode 100644 src/org/cacert/gigi/pages/statistics/StatisticsRoles.java
 create mode 100644 src/org/cacert/gigi/pages/statistics/StatisticsRoles.templ

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 7740f803..afe6bcb7 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -68,6 +68,7 @@ import org.cacert.gigi.pages.error.PageNotFound;
 import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.pages.orga.CreateOrgPage;
 import org.cacert.gigi.pages.orga.ViewOrgPage;
+import org.cacert.gigi.pages.statistics.StatisticsRoles;
 import org.cacert.gigi.pages.wot.AssurePage;
 import org.cacert.gigi.pages.wot.Points;
 import org.cacert.gigi.pages.wot.RequestTTPPage;
@@ -135,6 +136,7 @@ public final class Gigi extends HttpServlet {
             });
             putPage("/", new MainPage(), null);
             putPage("/roots", new RootCertPage(truststore), "SomeCA.org");
+            putPage(StatisticsRoles.PATH, new StatisticsRoles(), "SomeCA.org");
             putPage("/about", new AboutPage(), "SomeCA.org");
 
             putPage("/secure", new TestSecure(), null);
diff --git a/src/org/cacert/gigi/dbObjects/Group.java b/src/org/cacert/gigi/dbObjects/Group.java
index 6e250794..13080efb 100644
--- a/src/org/cacert/gigi/dbObjects/Group.java
+++ b/src/org/cacert/gigi/dbObjects/Group.java
@@ -6,24 +6,45 @@ import org.cacert.gigi.output.template.Outputable;
 import org.cacert.gigi.output.template.TranslateCommand;
 
 public enum Group {
-    SUPPORTER("supporter", "supporter", true), ARBITRATOR("arbitrator", "arbitrator", true), //
-    BLOCKEDASSURER("blockedassurer", "may not verify", true), BLOCKEDASSUREE("blockedassuree", "may not be verified", true), //
-    BLOCKEDLOGIN("blockedlogin", "may not login", true), BLOCKEDCERT("blockedcert", "may not issue certificates", true), //
-    TTP_ASSURER("ttp-assurer", "may verify via TTP", true), TTP_APPLICANT("ttp-applicant", "requests to be verified via ttp", true), //
-    CODESIGNING("codesigning", "may issue codesigning certificates", true), ORGASSURER("orgassurer", "may verify organisations", true), //
-    NUCLEUS_ASSURER("nucleus-assurer", "may enter nucleus verifications", true), LOCATE_AGENT("locate-agent", "wants access to the locate agent system", false);
+    SUPPORTER("supporter", "supporter", true, true), //
+    ARBITRATOR("arbitrator", "arbitrator", true, true), //
+    BLOCKEDASSURER("blockedassurer", "may not verify", true, false), //
+    BLOCKEDASSUREE("blockedassuree", "may not be verified", true, false), //
+    BLOCKEDLOGIN("blockedlogin", "may not login", true, false), //
+    BLOCKEDCERT("blockedcert", "may not issue certificates", true, false), //
+    TTP_ASSURER("ttp-assurer", "may verify via TTP", true, true), //
+    TTP_APPLICANT("ttp-applicant", "requests to be verified via ttp", true, false), //
+    CODESIGNING("codesigning", "may issue codesigning certificates", true, false), //
+    ORGASSURER("orgassurer", "may verify organisations", true, true), //
+    NUCLEUS_ASSURER("nucleus-assurer", "may enter nucleus verifications", true, true), //
+    LOCATE_AGENT("locate-agent", "wants access to the locate agent system", false, false);
 
     private final String dbName;
 
     private final TranslateCommand tc;
 
-    private final boolean managedBySupport; // true if flag is handled by
-                                            // support, false if handled by user
+    private final boolean managedBySupport;
 
-    private Group(String name, String display, boolean managedBySupport) {
+    private final boolean isSelfViewable;
+
+    /**
+     * Creates a new group. Users can join this group or be put into it
+     * (depending on the value of <code>managedBySupport</code>).
+     * 
+     * @param name
+     *            name of the group, used in database
+     * @param display
+     *            text displayed to user
+     * @param managedBySupport
+     *            true if flag is handled by support, false if handled by user
+     * @param isSelfViewable
+     *            true iff user should be able to see others in the same group
+     */
+    private Group(String name, String display, boolean managedBySupport, boolean isSelfViewable) {
         dbName = name;
         tc = new TranslateCommand(display);
         this.managedBySupport = managedBySupport;
+        this.isSelfViewable = isSelfViewable;
     }
 
     public static Group getByString(String name) {
@@ -34,6 +55,10 @@ public enum Group {
         return managedBySupport;
     }
 
+    public boolean isSelfViewable() {
+        return isSelfViewable;
+    }
+
     public String getDatabaseName() {
         return dbName;
     }
@@ -55,6 +80,17 @@ public enum Group {
         }
     }
 
+    public int getMemberCount() {
+        try (GigiPreparedStatement gps = new GigiPreparedStatement("SELECT COUNT(`user`) FROM `user_groups` WHERE `permission`=?::`userGroup` AND `deleted` IS NULL", true)) {
+            gps.setString(1, dbName);
+            GigiResultSet grs = gps.executeQuery();
+            if ( !grs.next()) {
+                return 0;
+            }
+            return grs.getInt(1);
+        }
+    }
+
     public Outputable getName() {
         return tc;
     }
diff --git a/src/org/cacert/gigi/pages/statistics/StatisticsRoles.java b/src/org/cacert/gigi/pages/statistics/StatisticsRoles.java
new file mode 100644
index 00000000..c1b10e2f
--- /dev/null
+++ b/src/org/cacert/gigi/pages/statistics/StatisticsRoles.java
@@ -0,0 +1,59 @@
+package org.cacert.gigi.pages.statistics;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.ArrayIterable;
+import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.pages.Page;
+
+public class StatisticsRoles extends Page {
+
+    public static final String PATH = "/statistics/roles";
+
+    public StatisticsRoles() {
+        super("Statistics Roles");
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        final User u = getUser(req);
+        final boolean supporter = LoginPage.getAuthorizationContext(req).canSupport();
+
+        HashMap<String, Object> vars = new HashMap<String, Object>();
+
+        vars.put("groups", new ArrayIterable<Group>(Group.values()) {
+
+            @Override
+            public void apply(Group g, Language l, Map<String, Object> vars) {
+                int membersCount = g.getMemberCount();
+                vars.put("group_name", g.getName());
+                vars.put("count", membersCount);
+                if ((supporter || u.isInGroup(g) && g.isSelfViewable()) && g.isManagedBySupport()) {
+                    final User[] userg = g.getMembers(0, membersCount);
+                    vars.put("memberlist", new ArrayIterable<User>(userg) {
+
+                        @Override
+                        public void apply(User userg, Language l, Map<String, Object> vars) {
+                            vars.put("name", userg.getPreferredName());
+                            vars.put("email", userg.getEmail());
+                        }
+                    });
+                } else {
+                    vars.remove("memberlist");
+                }
+            }
+
+        });
+
+        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
+    }
+
+}
diff --git a/src/org/cacert/gigi/pages/statistics/StatisticsRoles.templ b/src/org/cacert/gigi/pages/statistics/StatisticsRoles.templ
new file mode 100644
index 00000000..af8ad32f
--- /dev/null
+++ b/src/org/cacert/gigi/pages/statistics/StatisticsRoles.templ
@@ -0,0 +1,26 @@
+<table class="table">
+    <tr>
+        <th>
+            <?=_Role?>
+        </th>
+        <th>
+            <?=_User Name?>
+        </th>
+        <th>
+            <?=_Email Address?>
+        </th>
+    </tr>
+<? foreach($groups) {?>
+    <tr>
+        <th><?=$group_name?></th>
+        <th colspan="2"><?=_Total?>: <?=$count?></th>
+    </tr>
+    <? foreach($memberlist) {?>
+    <tr>
+        <td></td>
+        <td><?=$name?></td>
+        <td><?=$email?></td>
+    </tr>
+    <? } ?>
+<? } ?>
+</table>
-- 
2.39.2