check mod+ rank when dealing with forum threads

author: jomo <github@jomo.tv> 2016-07-19 14:56:00 +0200
committer: jomo <github@jomo.tv> 2016-07-19 14:56:00 +0200
commit: f2353eebcc22212f3fe5e817f1fdee4edb810805 (patch)
tree: f8b86c1cd832795ae25c61bf5e0b8eb3df1a45ba
parent: f6929da548880fa18ed14a9b6a24442ad680fa2e (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb
index b9b5714..f9d31a3 100644
--- a/app/controllers/forumthreads_controller.rb
+++ b/app/controllers/forumthreads_controller.rb
@@ -11,7 +11,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def edit
-    unless mod? || @thread.author.is?(current_user)
+    unless (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user)
       flash[:alert] = "You are not allowed to edit this thread!"
       redirect_to @thread
     end
@@ -46,7 +46,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def update
-    if mod? || @thread.author.is?(current_user)
+    if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user)
       @thread.user_editor = current_user
       @thread.attributes = (mod? ? thread_params([:sticky, :locked, :forum_id, :label_id]) : thread_params)
       old_content = @thread.content_was
@@ -64,7 +64,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def destroy
-    if mod? || @thread.author.is?(current_user)
+    if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user)
       if @thread.destroy
         flash[:notice] = "Thread deleted!"
       else
author	jomo <github@jomo.tv>	2016-07-19 14:56:00 +0200
committer	jomo <github@jomo.tv>	2016-07-19 14:56:00 +0200
commit	f2353eebcc22212f3fe5e817f1fdee4edb810805 (patch)
tree	f8b86c1cd832795ae25c61bf5e0b8eb3df1a45ba
parent	f6929da548880fa18ed14a9b6a24442ad680fa2e (diff)