From b8c0cbeed115976ddd9906784d0ae5da128755ad Mon Sep 17 00:00:00 2001
From: albert <r888888888@gmail.com>
Date: Mon, 18 Feb 2013 15:59:35 -0500
Subject: [PATCH] restrict deleting forum posts to janitors

---
 app/controllers/forum_posts_controller.rb  |  2 +-
 app/views/forum_posts/_forum_post.html.erb | 60 +++++++++++-----------
 2 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/app/controllers/forum_posts_controller.rb b/app/controllers/forum_posts_controller.rb
index 62c03aec5..2789d8aab 100644
--- a/app/controllers/forum_posts_controller.rb
+++ b/app/controllers/forum_posts_controller.rb
@@ -43,7 +43,7 @@ class ForumPostsController < ApplicationController
   
   def destroy
     @forum_post = ForumPost.find(params[:id])
-    check_privilege(@forum_post)
+    raise User::PrivilegeError unless CurrentUser.is_janitor?
     @forum_post.update_attribute(:is_deleted, true)
     respond_with(@forum_post)
   end
diff --git a/app/views/forum_posts/_forum_post.html.erb b/app/views/forum_posts/_forum_post.html.erb
index baf0d032d..71b989a7e 100644
--- a/app/views/forum_posts/_forum_post.html.erb
+++ b/app/views/forum_posts/_forum_post.html.erb
@@ -1,30 +1,32 @@
-<article data-forum-post-id="<%= forum_post.id %>">
-  <div class="author">
-    <h4>
-      <%= link_to forum_post.creator.name, user_path(forum_post.creator_id) %>
-      <% if forum_post.is_deleted? %>
-        (deleted)
-      <% end %>
-    </h4>
-    <p>
-      <%= time_ago_in_words_tagged(forum_post.created_at) %>
-    </p>
-  </div>
-  <div class="content">
-    <div>
-      <%= format_text(forum_post.body) %>
-    </div>
-    <menu> 
-      <li><%= link_to "Quote", new_forum_post_path(:post_id => forum_post.id), :method => :get, :remote => true %></li>
-      <% if CurrentUser.user.is_janitor? || CurrentUser.user.id == forum_post.creator_id %>
-        <% if forum_post.is_deleted %>
-          <li><%= link_to "Undelete", undelete_forum_post_path(forum_post.id), :method => :post, :remote => true %></li>
-        <% else %>
-          <li><%= link_to "Delete", forum_post_path(forum_post.id), :confirm => "Do you really want to delete this post?", :method => :delete, :remote => true %></li>
+<% if CurrentUser.is_janitor? || !forum_post.is_deleted? %>
+  <article data-forum-post-id="<%= forum_post.id %>">
+    <div class="author">
+      <h4>
+        <%= link_to forum_post.creator.name, user_path(forum_post.creator_id) %>
+        <% if forum_post.is_deleted? %>
+          (deleted)
         <% end %>
-        <li><%= link_to "Edit", edit_forum_post_path(forum_post.id) %></li>
-      <% end %>
-    </menu>
-  </div>
-  <div class="clearfix"></div>
-</article>
\ No newline at end of file
+      </h4>
+      <p>
+        <%= time_ago_in_words_tagged(forum_post.created_at) %>
+      </p>
+    </div>
+    <div class="content">
+      <div>
+        <%= format_text(forum_post.body) %>
+      </div>
+      <menu> 
+        <li><%= link_to "Quote", new_forum_post_path(:post_id => forum_post.id), :method => :get, :remote => true %></li>
+        <% if CurrentUser.user.is_janitor? %>
+          <% if forum_post.is_deleted %>
+            <li><%= link_to "Undelete", undelete_forum_post_path(forum_post.id), :method => :post, :remote => true %></li>
+          <% else %>
+            <li><%= link_to "Delete", forum_post_path(forum_post.id), :confirm => "Do you really want to delete this post?", :method => :delete, :remote => true %></li>
+          <% end %>
+          <li><%= link_to "Edit", edit_forum_post_path(forum_post.id) %></li>
+        <% end %>
+      </menu>
+    </div>
+    <div class="clearfix"></div>
+  </article>
+<% end %>
\ No newline at end of file