FIX: users can see the raw email source of their own posts

2025-06-04 23:24:41 +08:00 · 2014-11-12 14:49:42 +01:00
parent fe541891fc
commit a036ac7bdc
3 changed files with 5 additions and 6 deletions
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@ -180,8 +180,8 @@ module PostGuardian
    is_staff?
  end

-  def can_view_raw_email?
-    is_staff?
+  def can_view_raw_email?(post)
+    post && (is_staff? || post.user_id == @user.id)
  end

  def can_unhide?(post)