Merge pull request #3394 from BrokenEagle/fix-deleted-pools-editable
Add additional restrictions on updating deleted pools
This commit is contained in:
Albert Yi
GitHub
@@ -10,6 +10,9 @@ class PoolsController < ApplicationController
|
|||||||
|
|
||||||
def edit
|
def edit
|
||||||
@pool = Pool.find(params[:id])
|
@pool = Pool.find(params[:id])
|
||||||
|
if @pool.is_deleted && !@pool.deletable_by?(CurrentUser.user)
|
||||||
|
raise User::PrivilegeError
|
||||||
|
end
|
||||||
respond_with(@pool)
|
respond_with(@pool)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ class Pool < ApplicationRecord
|
|||||||
validates_inclusion_of :category, :in => %w(series collection)
|
validates_inclusion_of :category, :in => %w(series collection)
|
||||||
validate :updater_can_change_category
|
validate :updater_can_change_category
|
||||||
validate :updater_can_remove_posts
|
validate :updater_can_remove_posts
|
||||||
|
validate :updater_can_edit_deleted
|
||||||
belongs_to :creator, :class_name => "User"
|
belongs_to :creator, :class_name => "User"
|
||||||
belongs_to :updater, :class_name => "User"
|
belongs_to :updater, :class_name => "User"
|
||||||
before_validation :normalize_post_ids
|
before_validation :normalize_post_ids
|
||||||
@@ -211,6 +212,15 @@ class Pool < ApplicationRecord
|
|||||||
user.is_builder?
|
user.is_builder?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def updater_can_edit_deleted
|
||||||
|
if is_deleted? && !deletable_by?(CurrentUser.user)
|
||||||
|
errors[:base] << "You cannot update pools that are deleted"
|
||||||
|
false
|
||||||
|
else
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def create_mod_action_for_delete
|
def create_mod_action_for_delete
|
||||||
ModAction.log("deleted pool ##{id} (name: #{name})")
|
ModAction.log("deleted pool ##{id} (name: #{name})")
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user