made these checkboxes work

app/assets/javascripts/moderation/privileges.coffee

@@ -0,0 +1,24 @@
+($ document).on "click", "input[type=checkbox][name=check-your-privileges]", ->
+  box = $(this)
+  box.attr 'disabled', 'disabled'
+
+  privType = box[0].dataset.type
+  boxChecked = box[0].checked
+
+  $.ajax
+    url: '/ajax/mod/privilege'
+    type: 'POST'
+    data:
+      user: box[0].dataset.user
+      type: privType
+      status: boxChecked
+    success: (data, status, jqxhr) ->
+      if data.success
+        box[0].checked = if data.checked? then data.checked else !boxChecked
+      showNotification data.message, data.success
+    error: (jqxhr, status, error) ->
+      box[0].checked = false
+      console.log jqxhr, status, error
+      showNotification "An error occurred, a developer should check the console for details", false
+    complete: (jqxhr, status) ->
+      box.removeAttr "disabled"

app/controllers/ajax/moderation_controller.rb

@@ -104,4 +104,37 @@ class Ajax::ModerationController < ApplicationController
     @message = "Successfully deleted comment."
     @success = true
   end
+
+  def privilege
+    @status = :err
+    @success = false
+
+    params.require :user
+    params.require :type
+    params.require :status
+
+    status = params[:status] == 'true'
+
+    target_user = User.find_by_screen_name(params[:user])
+
+    @message = "nope!"
+    return unless %w(banned blogger supporter moderator admin).include? params[:type].downcase
+
+    if (%w(supporter moderator admin).include?(params[:type].downcase) and !current_user.admin?) or
+      (params[:type].downcase == 'banned' and target_user.admin?)
+      @status = :nopriv
+      @message = "You'd better check YOUR privileges first!"
+      @success = false
+      return
+    end
+
+    @checked = status
+    target_user.send("#{params[:type]}=", status)
+    target_user.save!
+
+    @message = "Successfully checked this user's #{params[:type]} privilege."
+
+    @status = :okay
+    @success = true
+  end
 end

app/views/ajax/moderation/privilege.json.jbuilder

@@ -0,0 +1,2 @@
+json.partial! 'ajax/shared/status'
+json.checked @checked

config/routes.rb

@@ -12,7 +12,7 @@ Rails.application.routes.draw do
 
   # Moderation panel
   constraints ->(req) { req.env['warden'].authenticate?(scope: :user) &&
-                       (req.env['warden'].user.admin? or req.env['warden'].user.moderator?) } do
+                       (req.env['warden'].user.mod?) } do
     match '/moderation(/:type)', to: 'moderation#index', via: :get, as: :moderation, defaults: {type: 'all'}
     namespace :ajax do
       match '/mod/destroy_report', to: 'moderation#destroy_report', via: :post, as: :mod_destroy_report
@@ -20,6 +20,7 @@ Rails.application.routes.draw do
       match '/mod/destroy_comment', to: 'moderation#destroy_comment', via: :post, as: :mod_destroy_comment
       match '/mod/create_vote', to: 'moderation#vote', via: :post, as: :mod_create_vote
       match '/mod/destroy_vote', to: 'moderation#destroy_vote', via: :post, as: :mod_destroy_vote
+      match '/mod/privilege', to: 'moderation#privilege', via: :post, as: :mod_privilege
     end
   end