Danbooru Setup: Setting user configurations

Hello!

Finally danbooru is up and running on a local box, but I want to get some feedback on possible security setups. I'm sure you guys get a lot of pool/image/score/tag vandalism, so I want to see how you guys deal with it.

Is there a way to turn off the ability for new users to edit tags, edit scores and move items in and out of pools? It seems by default, members (not privileged members) can edit and undo tags, move items in and out of pools, etc etc. I'd like to prevent that, and looking for anybody that has setup their own booru to see if they have modified features before.

I'm looking for specific files. I'm looking in the user_controller.rb file but its not telling me much.

Any help would be greatly appreciated!!

The code for restricting people from editing tags would go in the update method in post_controller.rb. See the other methods in that file for examples of restricting access - look for conditionals operating on @current_user. For pools the best way to restrict access would be to modify the can_be_updated_by? method in models/pool.rb.

Oh, and if you just want to change which user levels have access to a particular method then you just have to modify the appropriate before_filter at the top of the file.