upd: restrict permissions of org "master" admin on organisation

[gigi.git] / src / org / cacert / gigi / dbObjects / User.java

diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index 55e567f5dd6a93a793a9c358cde85c7242360748..e6f06921c08b2ad4e0a53633b12660d86ebf198b 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -409,8 +409,12 @@ public class User extends CertificateOwner {
     }
 
     public List<Organisation> getOrganisations() {
+        return getOrganisations(false);
+    }
+
+    public List<Organisation> getOrganisations(boolean isAdmin) {
         List<Organisation> orgas = new ArrayList<>();
-        try (GigiPreparedStatement query = new GigiPreparedStatement("SELECT `orgid` FROM `org_admin` WHERE `memid`=? AND `deleted` IS NULL")) {
+        try (GigiPreparedStatement query = new GigiPreparedStatement("SELECT `orgid` FROM `org_admin` WHERE `memid`=? AND `deleted` IS NULL" + (isAdmin ? " AND master='y'" : ""))) {
             query.setInt(1, getId());
             try (GigiResultSet res = query.executeQuery()) {
                 while (res.next()) {