}
} else if (req.getParameter("do_affiliate") != null) {
User byEmail = User.getByEmail(req.getParameter("email"));
- if (byEmail != null) {
+ if (byEmail != null && byEmail.canAssure()) {
o.addAdmin(byEmail, LoginPage.getUser(req), req.getParameter("master") != null);
return true;
}