From 956bd707a584efbe93b18cfde54d3b92fb30368c Mon Sep 17 00:00:00 2001
From: BrokenEagle <BrokenEagle98@gmail.com>
Date: Mon, 20 Nov 2017 19:30:35 -0800
Subject: [PATCH] Add additional restrictions on updating deleted pools

---
 app/controllers/pools_controller.rb |  3 +++
 app/models/pool.rb                  | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/app/controllers/pools_controller.rb b/app/controllers/pools_controller.rb
index 441bd4e47..29b1e539f 100644
--- a/app/controllers/pools_controller.rb
+++ b/app/controllers/pools_controller.rb
@@ -10,6 +10,9 @@ class PoolsController < ApplicationController
 
   def edit
     @pool = Pool.find(params[:id])
+    if @pool.is_deleted && !@pool.deletable_by?(CurrentUser.user)
+      raise User::PrivilegeError
+    end
     respond_with(@pool)
   end
 
diff --git a/app/models/pool.rb b/app/models/pool.rb
index d4dd5b024..c56ac622c 100644
--- a/app/models/pool.rb
+++ b/app/models/pool.rb
@@ -8,6 +8,7 @@ class Pool < ApplicationRecord
   validates_inclusion_of :category, :in => %w(series collection)
   validate :updater_can_change_category
   validate :updater_can_remove_posts
+  validate :updater_can_edit_deleted
   belongs_to :creator, :class_name => "User"
   belongs_to :updater, :class_name => "User"
   before_validation :normalize_post_ids
@@ -211,6 +212,15 @@ class Pool < ApplicationRecord
     user.is_builder?
   end
 
+  def updater_can_edit_deleted
+    if is_deleted? && !deletable_by?(CurrentUser.user)
+      errors[:base] << "You cannot update pools that are deleted"
+      false
+    else
+      true
+    end
+  end
+
   def create_mod_action_for_delete
     ModAction.log("deleted pool ##{id} (name: #{name})")
   end