FIX ‘删除’公共api更改删除权限

app/controllers/commons_controller.rb

@@ -42,7 +42,18 @@ class CommonsController < ApplicationController
   end
 
   def validate_power
-    tip_exception(403, "无操作权限") unless current_user.admin?
+    code =
+      case params[:object_type].strip
+      when 'message'
+        if current_user.course_identity(@object.board.course) >= 5 || @object.author != current_user
+          403
+        else
+          200
+        end
+      else
+        current_user.admin? ? 200 : 403
+      end
+    return normal_status(403, "你没有权限操作！") if code == 403
   end
 
   def action(flag)