From f6929da548880fa18ed14a9b6a24442ad680fa2e Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Tue, 19 Jul 2016 14:53:41 +0200
Subject: check mod+ rank when dealing with thread replies

---
 app/controllers/threadreplies_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/threadreplies_controller.rb b/app/controllers/threadreplies_controller.rb
index 946155d..235f037 100644
--- a/app/controllers/threadreplies_controller.rb
+++ b/app/controllers/threadreplies_controller.rb
@@ -2,7 +2,7 @@ class ThreadrepliesController < ApplicationController
 
   def edit
     @reply = Threadreply.find(params[:id])
-    if mod? || @reply.author.is?(current_user)
+    if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user)
     else
       flash[:alert] = "You are not allowed to edit this reply"
       redirect_to @reply.thread
@@ -32,7 +32,7 @@ class ThreadrepliesController < ApplicationController
 
   def update
     @reply = Threadreply.find(params[:id])
-    if mod? || @reply.author.is?(current_user)
+    if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user)
       old_content = @reply.content_was
       if @reply.update_attributes(reply_params)
         @reply.send_new_reply_mail(old_content)
@@ -52,7 +52,7 @@ class ThreadrepliesController < ApplicationController
 
   def destroy
     @reply = Threadreply.find(params[:id])
-    if mod? || @reply.author.is?(current_user)
+    if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user)
       if @reply.destroy
         flash[:notice] = "Reply deleted!"
       else
-- 
cgit v1.2.3