- public void addAdmin(User admin, User actor, boolean master) {
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO org_admin SET orgid=?, memid=?, creator=?, master=?");
- ps.setInt(1, getId());
- ps.setInt(2, admin.getId());
- ps.setInt(3, actor.getId());
- ps.setString(4, master ? "y" : "n");
- ps.execute();
+ public synchronized void addAdmin(User admin, User actor, boolean master) throws GigiApiException {
+ if ( !admin.canAssure()) {
+ throw new GigiApiException("Cannot add non-assurer.");
+ }
+ if ( !actor.isInGroup(Group.ORGASSURER) && !isMaster(actor)) {
+ throw new GigiApiException("Only org assurer or master-admin may add admins to an organisation.");
+ }
+ try (GigiPreparedStatement ps1 = new GigiPreparedStatement("SELECT 1 FROM `org_admin` WHERE `orgid`=? AND `memid`=? AND `deleted` IS NULL")) {
+ ps1.setInt(1, getId());
+ ps1.setInt(2, admin.getId());
+ GigiResultSet result = ps1.executeQuery();
+ if (result.next()) {
+ return;
+ }
+ }
+ try (GigiPreparedStatement ps2 = new GigiPreparedStatement("INSERT INTO `org_admin` SET `orgid`=?, `memid`=?, `creator`=?, `master`=?::`yesno`")) {
+ ps2.setInt(1, getId());
+ ps2.setInt(2, admin.getId());
+ ps2.setInt(3, actor.getId());
+ ps2.setString(4, master ? "y" : "n");
+ ps2.execute();
+ }