From f2353eebcc22212f3fe5e817f1fdee4edb810805 Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Tue, 19 Jul 2016 14:56:00 +0200
Subject: check mod+ rank when dealing with forum threads

---
 app/controllers/forumthreads_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb
index b9b5714..f9d31a3 100644
--- a/app/controllers/forumthreads_controller.rb
+++ b/app/controllers/forumthreads_controller.rb
@@ -11,7 +11,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def edit
-    unless mod? || @thread.author.is?(current_user)
+    unless (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user)
       flash[:alert] = "You are not allowed to edit this thread!"
       redirect_to @thread
     end
@@ -46,7 +46,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def update
-    if mod? || @thread.author.is?(current_user)
+    if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user)
       @thread.user_editor = current_user
       @thread.attributes = (mod? ? thread_params([:sticky, :locked, :forum_id, :label_id]) : thread_params)
       old_content = @thread.content_was
@@ -64,7 +64,7 @@ class ForumthreadsController < ApplicationController
   end
 
   def destroy
-    if mod? || @thread.author.is?(current_user)
+    if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user)
       if @thread.destroy
         flash[:notice] = "Thread deleted!"
       else
-- 
cgit v1.2.3