jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: don't allow gifting upgrades to demote privileged users.

Browse Source 
Don't allow gifting Gold or Platinum upgrades to users above Platinum
level. Fixes an exploit where you could demote Builders and above by
gifting them an upgrade.
This commit is contained in:
evazion
2020-12-13 18:43:34 -06:00
parent 2144f45fa4
commit d8b51e3f02
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/logical/user_promotion.rb
View File

@@ -54,6 +54,8 @@ class UserPromotion
raise User::PrivilegeError, "You can't promote other users to your rank or above"
elsif user.level >= promoter.level
raise User::PrivilegeError, "You can't promote or demote other users at your rank or above"
elsif is_upgrade && user.is_builder?
raise User::PrivilegeError, "You can't upgrade a user that is above Platinum level"
end
end