diff options
| -rw-r--r-- | app/controllers/comments_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/forums_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/forumthreads_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 2 | ||||
| -rw-r--r-- | app/views/comments/_comment.html.erb | 2 | ||||
| -rw-r--r-- | app/views/forumthreads/show.html.erb | 2 | ||||
| -rw-r--r-- | app/views/layouts/_footer.html.erb | 4 | ||||
| -rw-r--r-- | app/views/users/show.html.erb | 2 | ||||
| -rw-r--r-- | db/migrate/20160926220738_remove_index_email_from_register_tokens.rb | 5 | ||||
| -rw-r--r-- | db/schema.rb | 3 |
10 files changed, 22 insertions, 10 deletions
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 49975cd..3c2f57d 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -4,7 +4,7 @@ class CommentsController < ApplicationController def edit @comment = Comment.find(params[:id]) - if (mod? && current_user.role >= @comment.author.role) || @comment.author.is?(current_user) + if mod? || @comment.author.is?(current_user) else flash[:alert] = "You are not allowed to edit this comment" redirect_to @comment.blogpost @@ -55,7 +55,7 @@ class CommentsController < ApplicationController def destroy @comment = Comment.find(params[:id]) - if (mod? && current_user.role >= @comment.author.role) || @comment.author.is?(current_user) + if mod? || @comment.author.is?(current_user) if @comment.destroy flash[:notice] = "Comment deleted!" else diff --git a/app/controllers/forums_controller.rb b/app/controllers/forums_controller.rb index 2841be9..ecf570e 100644 --- a/app/controllers/forums_controller.rb +++ b/app/controllers/forums_controller.rb @@ -16,6 +16,10 @@ class ForumsController < ApplicationController end def edit + unless admin? + flash[:alert] = "You are not allowed to change a forum" + redirect_to forums_path + end end def new diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb index ac090f5..b9b5714 100644 --- a/app/controllers/forumthreads_controller.rb +++ b/app/controllers/forumthreads_controller.rb @@ -11,6 +11,10 @@ class ForumthreadsController < ApplicationController end def edit + unless mod? || @thread.author.is?(current_user) + flash[:alert] = "You are not allowed to edit this thread!" + redirect_to @thread + end end def new diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index bd511df..5dc0e80 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -139,7 +139,7 @@ class UsersController < ApplicationController end def resend_mail - if @user.is?(current_user) && !confirmed? + if (@user.is?(current_user) || mod?) && !@user.confirmed? RedstonerMailer.register_mail(@user, false).deliver_now flash[:notice] = "Check your inbox for the confirmation mail." else diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb index 286cf1b..b5a05e5 100644 --- a/app/views/comments/_comment.html.erb +++ b/app/views/comments/_comment.html.erb @@ -6,7 +6,7 @@ <%= ago c.created_at %> <% end %> - <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if (mod? || c.author.is?(current_user)) %> + <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if mod? || c.author.is?(current_user) %> <div class="clear-right"></div> </div> <div class="items"> diff --git a/app/views/forumthreads/show.html.erb b/app/views/forumthreads/show.html.erb index 10cfeb6..876d55d 100644 --- a/app/views/forumthreads/show.html.erb +++ b/app/views/forumthreads/show.html.erb @@ -8,7 +8,7 @@ <%= link_to p do %> <%= ago @thread.created_at %> <% end %> - <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if (@thread.author.is?(current_user) || mod?) %> + <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if mod? || @thread.author.is?(current_user) %> <div class="clear-right"></div> </div> <div class="items"> diff --git a/app/views/layouts/_footer.html.erb b/app/views/layouts/_footer.html.erb index c4c81d0..930eb26 100644 --- a/app/views/layouts/_footer.html.erb +++ b/app/views/layouts/_footer.html.erb @@ -15,8 +15,8 @@ Twitter <%= image_tag("twitter.png") %> <% end %> <% if current_user %> - | <%= link_to "http://slack.redstoner.com/?" + {mail: current_user.try(:email)}.to_param do %> - Join us on <img src="https://slack-redstoner-public.herokuapp.com/badge.svg" alt="Slack"> + | <%= link_to "/slack/?" + {mail: current_user.try(:email)}.to_param do %> + Join us on <img src="/slack/badge.svg" alt="Slack"> <% end %> <% end %> </div> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 0a5431c..e371a09 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -21,7 +21,7 @@ <% end %> <% if !@user.confirmed? %> - <% if @user.is?(current_user) %> + <% if @user.is?(current_user) || mod? %> <span class="user-unconfirmed">Please confirm your email <u><%= @user.email %></u> !</span> <%= button_to "Resend the confirmation mail", resend_mail_user_path, class: "btn dark", form_class: "inline-block", data: {confirm: "Did you check your spam folder?"} %> <% else %> diff --git a/db/migrate/20160926220738_remove_index_email_from_register_tokens.rb b/db/migrate/20160926220738_remove_index_email_from_register_tokens.rb new file mode 100644 index 0000000..fc6a355 --- /dev/null +++ b/db/migrate/20160926220738_remove_index_email_from_register_tokens.rb @@ -0,0 +1,5 @@ +class RemoveIndexEmailFromRegisterTokens < ActiveRecord::Migration + def change + remove_index :register_tokens, :email + end +end
\ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb index 376e758..2c68029 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150825232749) do +ActiveRecord::Schema.define(version: 20160926220738) do create_table "blogposts", force: :cascade do |t| t.string "title" @@ -82,7 +82,6 @@ ActiveRecord::Schema.define(version: 20150825232749) do t.string "email", null: false end - add_index "register_tokens", ["email"], name: "index_register_tokens_on_email", unique: true, using: :btree add_index "register_tokens", ["uuid"], name: "index_register_tokens_on_uuid", unique: true, using: :btree create_table "roles", force: :cascade do |t| |