From 76076bbdf2c80279bcc9a34e31c960e9d58d7ed4 Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Tue, 19 Jul 2016 15:06:40 +0200
Subject: fix edit link permission checks for comments, threads, replies

---
 app/views/comments/_comment.html.erb    | 2 +-
 app/views/forumthreads/show.html.erb    | 2 +-
 app/views/threadreplies/_reply.html.erb | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
index 286cf1b..147e85b 100644
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@@ -6,7 +6,7 @@
       <%= ago c.created_at %>
     <% end %>
 
-    <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if (mod? || c.author.is?(current_user)) %>
+    <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if (mod? && current_user.role >= c.author.role) || c.author.is?(current_user) %>
     <div class="clear-right"></div>
   </div>
   <div class="items">
diff --git a/app/views/forumthreads/show.html.erb b/app/views/forumthreads/show.html.erb
index 10cfeb6..206ae09 100644
--- a/app/views/forumthreads/show.html.erb
+++ b/app/views/forumthreads/show.html.erb
@@ -8,7 +8,7 @@
     <%= link_to p do %>
       <%= ago @thread.created_at %>
     <% end %>
-    <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if (@thread.author.is?(current_user) || mod?) %>
+    <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) %>
     <div class="clear-right"></div>
   </div>
   <div class="items">
diff --git a/app/views/threadreplies/_reply.html.erb b/app/views/threadreplies/_reply.html.erb
index 88e4bfb..b3a344e 100644
--- a/app/views/threadreplies/_reply.html.erb
+++ b/app/views/threadreplies/_reply.html.erb
@@ -6,7 +6,7 @@
       <%= ago reply.created_at %>
     <% end %>
 
-    <%= link_to "edit", edit_forumthread_threadreply_path(reply.thread, reply), class: "editlink" if mod? || reply.author.is?(current_user) %>
+    <%= link_to "edit", edit_forumthread_threadreply_path(reply.thread, reply), class: "editlink" if (mod? && current_user.role >= reply.author.role) || reply.author.is?(current_user) %>
     <div class="clear-right"></div>
   </div>
   <div class="items">
-- 
cgit v1.2.3