Check privilege

2025-01-31 12:39:08 +01:00 · 2015-04-26 07:09:51 +05:30 · 2015-04-26 07:09:51 +05:30 · ac14fefb3c
commit ac14fefb3c
parent ee29e1f28f
1 changed files with 7 additions and 0 deletions
--- a/app/controllers/ajax/question_controller.rb
+++ b/app/controllers/ajax/question_controller.rb
@ -12,6 +12,13 @@ class Ajax::QuestionController < ApplicationController
      return
    end

+    if not (current_user.mod? or question.user == current_user)
+      @status = :not_authorized
+      @message = "You are not allowed to delete this question"
+      @success = false
+      return
+    end
+
    question.destroy!

    @status = :okay