}
} else if (req.getParameter("do_affiliate") != null) {
User byEmail = User.getByEmail(req.getParameter("email"));
- if (byEmail != null) {
+ if (byEmail != null && byEmail.canAssure()) {
o.addAdmin(byEmail, LoginPage.getUser(req), req.getParameter("master") != null);
return true;
+ } else {
+ out.println(Page.getLanguage(req).getTranslation("Requested user is not an assurer. We need an assurer here."));
}
}
out.println(Page.getLanguage(req).getTranslation("No action could have been carried out."));