From 667bc67f04b2a52163f2b763cab1052ccc30ded6 Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 26 Jun 2019 12:06:57 -0400
Subject: [PATCH] fix: dont allow edit if post is deleted by someone else

---
 src/privileges/posts.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/privileges/posts.js b/src/privileges/posts.js
index 9da75c769f..55c1e57b7a 100644
--- a/src/privileges/posts.js
+++ b/src/privileges/posts.js
@@ -154,7 +154,7 @@ module.exports = function (privileges) {
 					isMod: async.apply(posts.isModerator, [pid], uid),
 					owner: async.apply(posts.isOwner, pid, uid),
 					edit: async.apply(privileges.posts.can, 'posts:edit', pid, uid),
-					postData: async.apply(posts.getPostFields, pid, ['tid', 'timestamp']),
+					postData: async.apply(posts.getPostFields, pid, ['tid', 'timestamp', 'deleted', 'deleterUid']),
 				}, next);
 			},
 			function (_results, next) {
@@ -174,6 +174,10 @@ module.exports = function (privileges) {
 					return callback(null, { flag: false, message: '[[error:topic-locked]]' });
 				}
 
+				if (!results.isMod && results.postData.deleted && parseInt(uid, 10) !== parseInt(results.postData.deleterUid, 10)) {
+					return callback(null, { flag: false, message: '[[error:post-deleted]]' });
+				}
+
 				results.pid = parseInt(pid, 10);
 				results.uid = uid;