diff --git a/app/controllers/tag_alias_corrections_controller.rb b/app/controllers/tag_alias_corrections_controller.rb
index 1320fe993..cdfa7d7fa 100644
--- a/app/controllers/tag_alias_corrections_controller.rb
+++ b/app/controllers/tag_alias_corrections_controller.rb
@@ -1,5 +1,5 @@
class TagAliasCorrectionsController < ApplicationController
- before_filter :moderator_only
+ before_filter :janitor_only
def create
@correction = TagAliasCorrection.new(params[:tag_alias_id])
diff --git a/app/controllers/tag_aliases_controller.rb b/app/controllers/tag_aliases_controller.rb
index 735f41ead..59b69e771 100644
--- a/app/controllers/tag_aliases_controller.rb
+++ b/app/controllers/tag_aliases_controller.rb
@@ -1,5 +1,5 @@
class TagAliasesController < ApplicationController
- before_filter :admin_only, :only => [:approve, :destroy, :new, :create]
+ before_filter :admin_only, :only => [:approve, :new, :create]
respond_to :html, :xml, :json, :js
def new
@@ -32,10 +32,14 @@ class TagAliasesController < ApplicationController
def destroy
@tag_alias = TagAlias.find(params[:id])
- @tag_alias.update_column(:status, "deleted")
- @tag_alias.clear_all_cache
- @tag_alias.destroy
- respond_with(@tag_alias, :location => tag_aliases_path)
+ if @tag_alias.deletable_by?(CurrentUser.user)
+ @tag_alias.update_column(:status, "deleted")
+ @tag_alias.clear_all_cache
+ @tag_alias.destroy
+ respond_with(@tag_alias, :location => tag_aliases_path)
+ else
+ access_denied
+ end
end
def approve
diff --git a/app/controllers/tag_implications_controller.rb b/app/controllers/tag_implications_controller.rb
index 49079634a..f738b1c73 100644
--- a/app/controllers/tag_implications_controller.rb
+++ b/app/controllers/tag_implications_controller.rb
@@ -1,5 +1,5 @@
class TagImplicationsController < ApplicationController
- before_filter :admin_only, :only => [:new, :create, :approve, :destroy]
+ before_filter :admin_only, :only => [:new, :create, :approve]
respond_to :html, :xml, :json, :js
def new
@@ -24,12 +24,16 @@ class TagImplicationsController < ApplicationController
def destroy
@tag_implication = TagImplication.find(params[:id])
- @tag_implication.destroy
- respond_with(@tag_implication) do |format|
- format.html do
- flash[:notice] = "Tag implication was deleted"
- redirect_to(tag_implications_path)
+ if @tag_implication.deletable_by?(CurrentUser.user)
+ @tag_implication.destroy
+ respond_with(@tag_implication) do |format|
+ format.html do
+ flash[:notice] = "Tag implication was deleted"
+ redirect_to(tag_implications_path)
+ end
end
+ else
+ access_denied
end
end
diff --git a/app/models/tag_alias.rb b/app/models/tag_alias.rb
index d12575927..c4052aceb 100644
--- a/app/models/tag_alias.rb
+++ b/app/models/tag_alias.rb
@@ -163,4 +163,11 @@ class TagAlias < ActiveRecord::Base
end
end
end
+
+ def deletable_by?(user)
+ return true if user.is_admin?
+ return true if is_pending? && user.is_janitor?
+ return true if is_pending? && user.id == creator_id
+ return false
+ end
end
diff --git a/app/models/tag_implication.rb b/app/models/tag_implication.rb
index ad38b8e35..a0910f7c0 100644
--- a/app/models/tag_implication.rb
+++ b/app/models/tag_implication.rb
@@ -164,4 +164,11 @@ class TagImplication < ActiveRecord::Base
clear_parent_cache
clear_descendants_cache
end
+
+ def deletable_by?(user)
+ return true if user.is_admin?
+ return true if is_pending? && user.is_janitor?
+ return true if is_pending? && user.id == creator_id
+ return false
+ end
end
diff --git a/app/views/tag_aliases/index.html.erb b/app/views/tag_aliases/index.html.erb
index de5050b00..f64c44fc2 100644
--- a/app/views/tag_aliases/index.html.erb
+++ b/app/views/tag_aliases/index.html.erb
@@ -32,16 +32,16 @@
<%= tag_alias.status %>
|
- <% if CurrentUser.is_admin? %>
+ <% if tag_alias.deletable_by?(CurrentUser.user) %>
<%= link_to "Delete", tag_alias_path(tag_alias), :remote => true, :method => :delete, :confirm => "Are you sure you want to delete this alias?" %>
+ <% end %>
- <% if tag_alias.is_pending? %>
- | <%= link_to "Approve", approve_tag_alias_path(tag_alias), :remote => true, :method => :post %>
- <% end %>
+ <% if CurrentUser.is_admin? && tag_alias.is_pending? %>
+ | <%= link_to "Approve", approve_tag_alias_path(tag_alias), :remote => true, :method => :post %>
+ <% end %>
- <% if CurrentUser.is_moderator? %>
- | <%= link_to "Fix", tag_alias_correction_path(:tag_alias_id => tag_alias.id) %>
- <% end %>
+ <% if CurrentUser.is_janitor? %>
+ | <%= link_to "Fix", tag_alias_correction_path(:tag_alias_id => tag_alias.id) %>
<% end %>
|
diff --git a/app/views/tag_implications/index.html.erb b/app/views/tag_implications/index.html.erb
index 908227421..59db669d6 100644
--- a/app/views/tag_implications/index.html.erb
+++ b/app/views/tag_implications/index.html.erb
@@ -30,11 +30,11 @@
<%= tag_implication.status %> |
- <% if CurrentUser.is_admin? %>
+ <% if CurrentUser.deletable_by?(CurrentUser.user) %>
<%= link_to "Delete", tag_implication_path(tag_implication), :remote => true, :method => :delete, :confirm => "Are you sure you want to delete this implication?" %>
- <% if tag_implication.is_pending? %>
- | <%= link_to "Approve", approve_tag_implication_path(tag_implication), :remote => true, :method => :post %>
- <% end %>
+ <% end %>
+ <% if CurrentUser.user.is_admin? && tag_implication.is_pending? %>
+ | <%= link_to "Approve", approve_tag_implication_path(tag_implication), :remote => true, :method => :post %>
<% end %>
|