refactored user promotion code, related to #1257

app/controllers/admin/users_controller.rb

@@ -9,21 +9,8 @@ module Admin
 
     def update
       @user = User.find(params[:id])
-      sanitize_params!
       @user.promote_to!(params[:user][:level])
       redirect_to edit_admin_user_path(@user), :notice => "User updated"
     end
-
-  protected
-    def sanitize_params!
-      # admins can do anything
-      return if CurrentUser.is_admin?
-
-      # can't promote/demote moderators
-      raise User::PrivilegeError if @user.is_moderator?
-
-      # can't promote to admin      
-      raise User::PrivilegeError if params[:user] && params[:user][:level].to_i >= User::Levels::ADMIN
-    end
   end
 end