From d2e23ba57b3c7b804197a36d7aab1ad734abd4e6 Mon Sep 17 00:00:00 2001
From: kremsy <lukas@esc-clan.net>
Date: Mon, 30 Dec 2013 22:36:20 +0100
Subject: [PATCH] added right check for granding authlevel

---
 application/core/Configurators/ScriptSettings.php |  4 ++--
 application/core/Players/PlayerActions.php        | 11 ++++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/application/core/Configurators/ScriptSettings.php b/application/core/Configurators/ScriptSettings.php
index 08208992..7cf80172 100644
--- a/application/core/Configurators/ScriptSettings.php
+++ b/application/core/Configurators/ScriptSettings.php
@@ -285,8 +285,8 @@ class ScriptSettings implements ConfiguratorMenu,CallbackListener {
 		$this->maniaControl->chat->sendInformation('$ff0' . $title . ' $<' . $player->nickname . '$> set Scriptsetting $<' . $chatMessage . '$>!');
 
 		// log console message
-		$this->maniaControl->log(Formatter::stripCodes($title . ' ' . $player->nickname . ' set Scriptsettings ' . $chatMessage . '!'));
-		
+		$this->maniaControl->log(Formatter::stripCodes($title . ' ' . $player->nickname . ' set Scriptsetting ' . $chatMessage . '!'));
+
 		// Trigger own callback
 		$this->maniaControl->callbackManager->triggerCallback(self::CB_SCRIPTSETTINGS_CHANGED, array(self::CB_SCRIPTSETTINGS_CHANGED));
 	}
diff --git a/application/core/Players/PlayerActions.php b/application/core/Players/PlayerActions.php
index c75c1ac4..97d5c9fa 100644
--- a/application/core/Players/PlayerActions.php
+++ b/application/core/Players/PlayerActions.php
@@ -239,12 +239,19 @@ class PlayerActions {
 		$admin = $this->maniaControl->playerManager->getPlayer($adminLogin);
 		$target = $this->maniaControl->playerManager->getPlayer($targetLogin);
 		$title = $this->maniaControl->authenticationManager->getAuthLevelName($admin->authLevel);
-		//TODO check for bot
+
 		if($this->maniaControl->authenticationManager->checkRight($target,$authLevel)){
 			$this->maniaControl->chat->sendError('This admin is already ' . $this->maniaControl->authenticationManager->getAuthLevelName($target->authLevel), $admin->login);
 			return;
 		}
 
+		$authLevelName = $this->maniaControl->authenticationManager->getAuthLevelName($authLevel);
+
+		if($this->maniaControl->authenticationManager->checkRight($admin,$authLevel) <= $this->maniaControl->authenticationManager->checkRight($target,$authLevel)){
+			$this->maniaControl->chat->sendError('You don\'t have the permission to add a ' . $authLevelName . '!', $admin->login);
+			return;
+		}
+
 		$success = $this->maniaControl->authenticationManager->grantAuthLevel($target, $authLevel);
 
 		if (!$success) {
@@ -252,8 +259,6 @@ class PlayerActions {
 			return;
 		}
 
-		$authLevelName = $this->maniaControl->authenticationManager->getAuthLevelName($authLevel);
-
 		$this->maniaControl->chat->sendInformation($title . ' $<' . $admin->nickname . '$> added $<' . $target->nickname . '$> as $< ' . $authLevelName. '$>!');
 
 		// log console message