FreakU
/
Retrospring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check privilege

This commit is contained in:
Yuki 2015-04-26 07:09:51 +05:30
parent ee29e1f28f
commit ac14fefb3c
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/ajax/question_controller.rb
View File

@ -12,6 +12,13 @@ class Ajax::QuestionController < ApplicationController
return return
end end
if not (current_user.mod? or question.user == current_user)
@status = :not_authorized
@message = "You are not allowed to delete this question"
@success = false
return
end
question.destroy! question.destroy!
@status = :okay @status = :okay