Check privilege

This commit is contained in:
Yuki 2015-04-26 07:09:51 +05:30
parent ee29e1f28f
commit ac14fefb3c
1 changed files with 7 additions and 0 deletions

View File

@ -12,6 +12,13 @@ class Ajax::QuestionController < ApplicationController
return
end
if not (current_user.mod? or question.user == current_user)
@status = :not_authorized
@message = "You are not allowed to delete this question"
@success = false
return
end
question.destroy!
@status = :okay