From e5779db4135a8375980aa2d4f990722240b94464 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Fri, 3 Mar 2017 11:01:47 +0100 Subject: [PATCH] add: Org Agents may not make themselves administrators of organisations. Change-Id: If0a3747e0e3a67dbada58aca3299663282899db4 --- .../wpia/gigi/dbObjects/Organisation.java | 3 +++ tests/club/wpia/gigi/api/IssueCert.java | 15 ++++++----- .../gigi/pages/orga/TestOrgManagement.java | 27 ++++++++++++++----- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/src/club/wpia/gigi/dbObjects/Organisation.java b/src/club/wpia/gigi/dbObjects/Organisation.java index c47a7837..3ce83c70 100644 --- a/src/club/wpia/gigi/dbObjects/Organisation.java +++ b/src/club/wpia/gigi/dbObjects/Organisation.java @@ -145,6 +145,9 @@ public class Organisation extends CertificateOwner { } public synchronized void addAdmin(User admin, User actor, boolean master) throws GigiApiException { + if (actor == admin) { + throw new GigiApiException("You may not add yourself as Organisation Admin. Ask another Organisation Agent to do so."); + } if ( !admin.canVerify()) { throw new GigiApiException("Cannot add person who is not RA Agent."); } diff --git a/tests/club/wpia/gigi/api/IssueCert.java b/tests/club/wpia/gigi/api/IssueCert.java index 5c4791e5..f7ae0ed9 100644 --- a/tests/club/wpia/gigi/api/IssueCert.java +++ b/tests/club/wpia/gigi/api/IssueCert.java @@ -17,16 +17,16 @@ import java.security.cert.X509Certificate; import org.junit.Test; -import club.wpia.gigi.api.CreateCertificate; import club.wpia.gigi.dbObjects.Certificate; +import club.wpia.gigi.dbObjects.Certificate.CSRType; +import club.wpia.gigi.dbObjects.Certificate.CertificateStatus; import club.wpia.gigi.dbObjects.Country; +import club.wpia.gigi.dbObjects.Country.CountryCodeType; import club.wpia.gigi.dbObjects.Digest; import club.wpia.gigi.dbObjects.Domain; import club.wpia.gigi.dbObjects.Group; import club.wpia.gigi.dbObjects.Organisation; -import club.wpia.gigi.dbObjects.Certificate.CSRType; -import club.wpia.gigi.dbObjects.Certificate.CertificateStatus; -import club.wpia.gigi.dbObjects.Country.CountryCodeType; +import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.pages.account.certs.CertificateRequest; import club.wpia.gigi.testUtils.ClientTest; import club.wpia.gigi.testUtils.IOUtils; @@ -88,10 +88,11 @@ public class IssueCert extends ClientTest { @Test public void testIssueOrgCert() throws Exception { makeAgent(id); - u.grantGroup(getSupporter(), Group.ORG_AGENT); + User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + u2.grantGroup(getSupporter(), Group.ORG_AGENT); - Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u); - o1.addAdmin(u, u, false); + Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u2); + o1.addAdmin(u, u2, false); String testdom = createUniqueName() + "-example.com"; Domain d2 = new Domain(u, o1, testdom); verify(d2); diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java index 8837abc6..2bb91f12 100644 --- a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java +++ b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java @@ -17,13 +17,11 @@ import org.junit.Test; import club.wpia.gigi.GigiApiException; import club.wpia.gigi.dbObjects.Country; -import club.wpia.gigi.dbObjects.Organisation; -import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.dbObjects.Country.CountryCodeType; +import club.wpia.gigi.dbObjects.Organisation; import club.wpia.gigi.dbObjects.Organisation.Affiliation; +import club.wpia.gigi.dbObjects.User; import club.wpia.gigi.pages.account.MyDetails; -import club.wpia.gigi.pages.orga.CreateOrgPage; -import club.wpia.gigi.pages.orga.ViewOrgPage; import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.testUtils.OrgTest; @@ -61,17 +59,18 @@ public class TestOrgManagement extends OrgTest { assertSame(u2, affiliation.getTarget()); assertTrue(affiliation.isMaster()); - assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u.getEmail(), "UTF-8") + "&do_affiliate=y", 1)); + User u3 = User.getById(createVerificationUser("testworker2", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD)); + assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y", 1)); allAdmins = orgs[0].getAllAdmins(); assertEquals(2, allAdmins.size()); Affiliation affiliation2 = allAdmins.get(0); if (affiliation2.getTarget().getId() == u2.getId()) { affiliation2 = allAdmins.get(1); } - assertEquals(u.getId(), affiliation2.getTarget().getId()); + assertEquals(u3.getId(), affiliation2.getTarget().getId()); assertFalse(affiliation2.isMaster()); - assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1)); + assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1)); assertEquals(1, orgs[0].getAllAdmins().size()); assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + orgs[0].getId(), "del=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&email=&do_affiliate=y", 1)); @@ -144,6 +143,20 @@ public class TestOrgManagement extends OrgTest { o1.removeAdmin(u2, u3); o1.removeAdmin(u3, u3); assertEquals(0, o1.getAllAdmins().size()); + try { + // must fail because one may not add oneself + o1.addAdmin(u3, u3, false); + fail("No exception!"); + } catch (GigiApiException e) { + } + assertEquals(0, o1.getAllAdmins().size()); + try { + // must fail because one may not add oneself + o1.addAdmin(u3, u3, true); + fail("No exception!"); + } catch (GigiApiException e) { + } + assertEquals(0, o1.getAllAdmins().size()); o1.delete(); } -- 2.39.2