X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FUser.java;h=b259968816e7891f686e20ccffd693edb1a3c144;hp=69b76ad2004ec9aa24c5401b7d8f1f0f42845c12;hb=c256866ad0f399530c686380db62b47883e3f63b;hpb=08e0b5673b6994fc692a578f1ff99ebb67ae2410

diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index 69b76ad2..b2599688 100644
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -448,6 +448,9 @@ public class User extends CertificateOwner {
         if (toGrant.isManagedBySupport() && !granter.isInGroup(Group.SUPPORTER)) {
             throw new GigiApiException("Group may only be managed by supporter");
         }
+        if (toGrant.isManagedBySupport() && granter == this) {
+            throw new GigiApiException("Group may only be managed by supporter that is not oneself");
+        }
         groups.add(toGrant);
         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
             ps.setInt(1, getId());
@@ -457,7 +460,10 @@ public class User extends CertificateOwner {
         }
     }
 
-    public void revokeGroup(User revoker, Group toRevoke) {
+    public void revokeGroup(User revoker, Group toRevoke) throws GigiApiException {
+        if (toRevoke.isManagedBySupport() && !revoker.isInGroup(Group.SUPPORTER)) {
+            throw new GigiApiException("Group may only be managed by supporter");
+        }
         groups.remove(toRevoke);
         try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `user_groups` SET `deleted`=CURRENT_TIMESTAMP, `revokedby`=? WHERE `deleted` IS NULL AND `permission`=?::`userGroup` AND `user`=?")) {
             ps.setInt(1, revoker.getId());