1 files changed, 9 insertions, 2 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 27e89af..16f42d3 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -157,9 +157,9 @@ class UsersController < ApplicationController
   def update
     if (mod? && current_user.role >= @user.role ) || (@user.is?(current_user) && confirmed?)
       if mod?
-        userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :badge, :confirmed])
+        userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :role, :badge, :confirmed, :header_scroll, :utc_time, :dark])
       else
-        userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about])
+        userdata = user_params([:name, :skype, :skype_public, :youtube, :twitter, :about, :header_scroll, :utc_time, :dark])
       end
       if userdata[:role]
         role = Role.get(userdata[:role])
@@ -241,6 +241,13 @@ class UsersController < ApplicationController
     end
   end
 
+  def edit_website_settings
+    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
+      flash[:alert] = "You are not allowed to edit this user's website settings!"
+      redirect_to @user
+    end
+  end
+
   def update_login
     if @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
       authenticated = !@user.is?(current_user) || @user.authenticate(params[:current_password])