mirror of
https://github.com/Qortal/qortal.git
synced 2025-03-13 11:12:31 +00:00
Require that add/remove admin transactions can only be created by group members.
For regular groups, we require that the owner adds/removes the admins, so group membership is adequately checked. However for null-owned groups this check is skipped. So we need an additional condition to prevent non-group members from issuing a transaction for approval by the group admins.
This commit is contained in:
parent
5581b83c57
commit
93fd80e289
@ -79,6 +79,10 @@ public class AddGroupAdminTransaction extends Transaction {
|
||||
if (!this.repository.getGroupRepository().memberExists(groupId, memberAddress))
|
||||
return ValidationResult.NOT_GROUP_MEMBER;
|
||||
|
||||
// Check transaction creator is a group member
|
||||
if (!this.repository.getGroupRepository().memberExists(groupId, this.getCreator().getAddress()))
|
||||
return ValidationResult.NOT_GROUP_MEMBER;
|
||||
|
||||
// Check group member is not already an admin
|
||||
if (this.repository.getGroupRepository().adminExists(groupId, memberAddress))
|
||||
return ValidationResult.ALREADY_GROUP_ADMIN;
|
||||
|
@ -77,6 +77,10 @@ public class RemoveGroupAdminTransaction extends Transaction {
|
||||
if (!groupOwnedByNullAccount && !owner.getAddress().equals(groupOwner))
|
||||
return ValidationResult.INVALID_GROUP_OWNER;
|
||||
|
||||
// Check transaction creator is a group member
|
||||
if (!this.repository.getGroupRepository().memberExists(groupId, this.getCreator().getAddress()))
|
||||
return ValidationResult.NOT_GROUP_MEMBER;
|
||||
|
||||
Account admin = getAdmin();
|
||||
|
||||
// Check member is an admin
|
||||
|
Loading…
x
Reference in New Issue
Block a user