From e0ac5fac131342874c4e9f814a5943f38a39fa91 Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Tue, 21 Jun 2016 23:35:41 +0200
Subject: don't allow other users or confirmed users to resend confirmation
 email

---
 app/controllers/users_controller.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0755c03..bd511df 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -139,8 +139,12 @@ class UsersController < ApplicationController
   end
 
   def resend_mail
-    RedstonerMailer.register_mail(@user, false).deliver_now
-    flash[:notice] = "Check your inbox for the confirmation mail."
+    if @user.is?(current_user) && !confirmed?
+      RedstonerMailer.register_mail(@user, false).deliver_now
+      flash[:notice] = "Check your inbox for the confirmation mail."
+    else
+      flash[:alert] = "You're not allowed to resend this user's confirmation email"
+    end
     redirect_to user_path(@user)
   end
 
-- 
cgit v1.2.3