Merge pull request #3394 from BrokenEagle/fix-deleted-pools-editable

Add additional restrictions on updating deleted pools
2017-11-21 10:48:50 -08:00
parent 70e592e823 956bd707a5
commit a72f367ad7
2 changed files with 13 additions and 0 deletions
--- a/app/controllers/pools_controller.rb
+++ b/app/controllers/pools_controller.rb
@@ -10,6 +10,9 @@ class PoolsController < ApplicationController

  def edit
    @pool = Pool.find(params[:id])
+    if @pool.is_deleted && !@pool.deletable_by?(CurrentUser.user)
+      raise User::PrivilegeError
+    end
    respond_with(@pool)
  end