diff options
author | jomo <github@jomo.tv> | 2016-07-19 14:56:00 +0200 |
---|---|---|
committer | jomo <github@jomo.tv> | 2016-07-19 14:56:00 +0200 |
commit | f2353eebcc22212f3fe5e817f1fdee4edb810805 (patch) | |
tree | f8b86c1cd832795ae25c61bf5e0b8eb3df1a45ba | |
parent | f6929da548880fa18ed14a9b6a24442ad680fa2e (diff) |
check mod+ rank when dealing with forum threads
-rw-r--r-- | app/controllers/forumthreads_controller.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb index b9b5714..f9d31a3 100644 --- a/app/controllers/forumthreads_controller.rb +++ b/app/controllers/forumthreads_controller.rb @@ -11,7 +11,7 @@ class ForumthreadsController < ApplicationController end def edit - unless mod? || @thread.author.is?(current_user) + unless (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) flash[:alert] = "You are not allowed to edit this thread!" redirect_to @thread end @@ -46,7 +46,7 @@ class ForumthreadsController < ApplicationController end def update - if mod? || @thread.author.is?(current_user) + if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) @thread.user_editor = current_user @thread.attributes = (mod? ? thread_params([:sticky, :locked, :forum_id, :label_id]) : thread_params) old_content = @thread.content_was @@ -64,7 +64,7 @@ class ForumthreadsController < ApplicationController end def destroy - if mod? || @thread.author.is?(current_user) + if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) if @thread.destroy flash[:notice] = "Thread deleted!" else |