From af7c10991261313d79f20eba885ea91428d3ac82 Mon Sep 17 00:00:00 2001
From: Type-kun <workwork-1@yandex.ru>
Date: Wed, 1 Nov 2017 13:19:52 +0500
Subject: [PATCH] Restrict post replacements to mod+ (issue #3348)

---
 app/controllers/post_replacements_controller.rb | 2 +-
 app/views/posts/partials/show/_options.html.erb | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/controllers/post_replacements_controller.rb b/app/controllers/post_replacements_controller.rb
index 0f95e8f92..6b66cffe7 100644
--- a/app/controllers/post_replacements_controller.rb
+++ b/app/controllers/post_replacements_controller.rb
@@ -1,6 +1,6 @@
 class PostReplacementsController < ApplicationController
   respond_to :html, :xml, :json
-  before_filter :approver_only, except: [:index]
+  before_filter :moderator_only, except: [:index]
 
   def new
     @post = Post.find(params[:post_id])
diff --git a/app/views/posts/partials/show/_options.html.erb b/app/views/posts/partials/show/_options.html.erb
index 126c18ca0..81350deaa 100644
--- a/app/views/posts/partials/show/_options.html.erb
+++ b/app/views/posts/partials/show/_options.html.erb
@@ -55,9 +55,8 @@
           <li><%= link_to "Expunge", expunge_moderator_post_post_path(:post_id => post.id), :remote => true, :method => :post, :id => "expunge", :data => {:confirm => "This will permanently delete this post (meaning the file will be deleted). Are you sure you want to delete this post?"} %></li>
         <% end %>
 
-        <li><%= link_to "Replace Image", new_post_replacement_path(:post_id => post.id), :id => "replace-image" %></li>
-
         <% if CurrentUser.is_moderator? %>
+          <li><%= link_to "Replace Image", new_post_replacement_path(:post_id => post.id), :id => "replace-image" %></li>
           <li><%= link_to "Down vote report", reports_down_voting_post_path(post_id: post.id) %></li>
         <% end %>
       <% end %>