restrict deleting forum posts to janitors

2013-02-18 15:59:35 -05:00
parent b109d44daf
commit b8c0cbeed1
2 changed files with 32 additions and 30 deletions
--- a/app/controllers/forum_posts_controller.rb
+++ b/app/controllers/forum_posts_controller.rb
@@ -43,7 +43,7 @@ class ForumPostsController < ApplicationController
  def destroy
    @forum_post = ForumPost.find(params[:id])
-    check_privilege(@forum_post)
+    raise User::PrivilegeError unless CurrentUser.is_janitor?
    @forum_post.update_attribute(:is_deleted, true)
    respond_with(@forum_post)
  end
--- a/app/views/forum_posts/_forum_post.html.erb
+++ b/app/views/forum_posts/_forum_post.html.erb
@@ -1,4 +1,5 @@
-<article data-forum-post-id="<%= forum_post.id %>">
+<% if CurrentUser.is_janitor? || !forum_post.is_deleted? %>
  <article data-forum-post-id="<%= forum_post.id %>">
    <div class="author">
      <h4>
        <%= link_to forum_post.creator.name, user_path(forum_post.creator_id) %>
@@ -16,7 +17,7 @@
      </div>
      <menu> 
        <li><%= link_to "Quote", new_forum_post_path(:post_id => forum_post.id), :method => :get, :remote => true %></li>
-      <% if CurrentUser.user.is_janitor? || CurrentUser.user.id == forum_post.creator_id %>
+        <% if CurrentUser.user.is_janitor? %>
          <% if forum_post.is_deleted %>
            <li><%= link_to "Undelete", undelete_forum_post_path(forum_post.id), :method => :post, :remote => true %></li>
          <% else %>
@@ -27,4 +28,5 @@
      </menu>
    </div>
    <div class="clearfix"></div>
-</article>
+  </article>
 <% end %>