- public synchronized void addAdmin(User admin, User actor, boolean master) {
- GigiPreparedStatement ps1 = DatabaseConnection.getInstance().prepare("SELECT 1 FROM org_admin WHERE orgid=? AND memid=? AND deleted is null");
+ public synchronized void addAdmin(User admin, User actor, boolean master) throws GigiApiException {
+ if ( !admin.canAssure()) {
+ throw new GigiApiException("Cannot add non-assurer.");
+ }
+ if ( !actor.isInGroup(Group.ORGASSURER) && !isMaster(actor)) {
+ throw new GigiApiException("Only org assurer or master-admin may add admins to an organisation.");
+ }
+ GigiPreparedStatement ps1 = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `org_admin` WHERE `orgid`=? AND `memid`=? AND `deleted` IS NULL");