From abb232d4e639b671c17666241d2f34469e4e24fe Mon Sep 17 00:00:00 2001
From: r888888888 <r888888888@gmail.com>
Date: Fri, 24 Jul 2015 14:19:40 -0700
Subject: [PATCH] fixes #2448: Approvers can undelete posts they already
 approved/uploaded

---
 .../moderator/post/posts_controller.rb        |  2 +-
 app/models/post.rb                            |  9 +++++-
 test/unit/post_test.rb                        | 31 +++++++++++++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/app/controllers/moderator/post/posts_controller.rb b/app/controllers/moderator/post/posts_controller.rb
index bd2411d76..7ceb59c2a 100644
--- a/app/controllers/moderator/post/posts_controller.rb
+++ b/app/controllers/moderator/post/posts_controller.rb
@@ -3,7 +3,7 @@ module Moderator
     class PostsController < ApplicationController
       before_filter :moderator_only, :only => [:delete, :undelete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites, :confirm_ban]
       before_filter :admin_only, :only => [:expunge]
-      rescue_from ::PostFlag::Error, :with => :rescue_exception
+      rescue_from ::PostFlag::Error, ::Post::ApprovalError, :with => :rescue_exception
 
       def confirm_delete
         @post = ::Post.find(params[:id])
diff --git a/app/models/post.rb b/app/models/post.rb
index 0ae3e88af..374147e5d 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -1214,7 +1214,6 @@ class Post < ActiveRecord::Base
         give_favorites_to_parent if options[:move_favorites]
         update_parent_on_save
 
-
         unless options[:without_mod_action]
           if options[:reason]
             ModAction.create(:description => "deleted post ##{id}, reason: #{options[:reason]}")
@@ -1231,6 +1230,14 @@ class Post < ActiveRecord::Base
         return false
       end
 
+      if !CurrentUser.is_admin? 
+        if approver_id == CurrentUser.id
+          raise ApprovalError.new("You have previously approved this post and cannot undelete it")
+        elsif uploader_id == CurrentUser.id
+          raise ApprovalError.new("You cannot undelete a post you uploaded")
+        end
+      end
+
       self.is_deleted = false
       self.approver_id = CurrentUser.id
       save
diff --git a/test/unit/post_test.rb b/test/unit/post_test.rb
index 51ec43ebe..2df454d79 100644
--- a/test/unit/post_test.rb
+++ b/test/unit/post_test.rb
@@ -301,6 +301,37 @@ class PostTest < ActiveSupport::TestCase
         end
       end
 
+      context "that is undeleted" do
+        setup do
+          @mod = FactoryGirl.create(:moderator_user)
+          CurrentUser.user = @mod
+        end
+
+        context "by the approver" do
+          setup do
+            @post.update_attribute(:approver_id, @mod.id)
+          end
+
+          should "not be permitted" do
+            assert_raises(::Post::ApprovalError) do
+              @post.undelete!
+            end
+          end
+        end
+
+        context "by the uploader" do
+          setup do
+            @post.update_attribute(:uploader_id, @mod.id)
+          end
+
+          should "not be permitted" do
+            assert_raises(::Post::ApprovalError) do
+              @post.undelete!
+            end
+          end
+        end
+      end
+
       should "be undeleted" do
         @post.undelete!
         @post.reload