diff options
| author | jomo <github@jomo.tv> | 2016-07-19 14:53:41 +0200 |
|---|---|---|
| committer | jomo <github@jomo.tv> | 2016-07-19 14:53:41 +0200 |
| commit | f6929da548880fa18ed14a9b6a24442ad680fa2e (patch) | |
| tree | 26871f132b5d3c92e898e3902430329157925e47 | |
| parent | 072f38a373562e2f14a9ee4c0abcf09ae311b9f3 (diff) | |
check mod+ rank when dealing with thread replies
| -rw-r--r-- | app/controllers/threadreplies_controller.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/threadreplies_controller.rb b/app/controllers/threadreplies_controller.rb index 946155d..235f037 100644 --- a/app/controllers/threadreplies_controller.rb +++ b/app/controllers/threadreplies_controller.rb @@ -2,7 +2,7 @@ class ThreadrepliesController < ApplicationController def edit @reply = Threadreply.find(params[:id]) - if mod? || @reply.author.is?(current_user) + if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) else flash[:alert] = "You are not allowed to edit this reply" redirect_to @reply.thread @@ -32,7 +32,7 @@ class ThreadrepliesController < ApplicationController def update @reply = Threadreply.find(params[:id]) - if mod? || @reply.author.is?(current_user) + if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) old_content = @reply.content_was if @reply.update_attributes(reply_params) @reply.send_new_reply_mail(old_content) @@ -52,7 +52,7 @@ class ThreadrepliesController < ApplicationController def destroy @reply = Threadreply.find(params[:id]) - if mod? || @reply.author.is?(current_user) + if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) if @reply.destroy flash[:notice] = "Reply deleted!" else |