From 1e98bc7a794467ef437f17b826cecd5ccb9fe6d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Thu, 19 Apr 2012 00:28:31 +0200
Subject: bug 967: Implement check for Assurer before adding as OrgAdmin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 includes/account.php | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/includes/account.php b/includes/account.php
index 554713e..72165df 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2289,8 +2289,21 @@
 			$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
 		} else {
 			$row = mysql_fetch_assoc($res);
-			mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
-					`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
+			if ( !is_assurer(intval($row['id'])) )
+			{
+				$id = $oldid;
+				$oldid=0;
+				$_SESSION['_config']['errmsg'] =
+						_("The user is not an Assurer yet");
+			} else {
+				mysql_query(
+					"insert into `org`
+						set `memid`='".intval($row['id'])."',
+							`orgid`='".intval($_SESSION['_config']['orgid'])."',
+							`masteracc`='$masteracc',
+							`OU`='$OU',
+							`comments`='$comments'");
+			}
 		}
 	}
 
-- 
cgit v1.2.1