From 1c0658e204874cf0108fc553789b15cc5b95bc50 Mon Sep 17 00:00:00 2001
From: riking <rikingcoding@gmail.com>
Date: Wed, 25 Feb 2015 21:08:52 -0800
Subject: [PATCH] FIX: People could retitle restricted topics

Sort of a security fix but not really
---
 lib/guardian/topic_guardian.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index 3efd1e38872..334c7a50217 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -28,6 +28,7 @@ module TopicGuardian
   # Editing Method
   def can_edit_topic?(topic)
     return false if Discourse.static_doc_topic_ids.include?(topic.id) && !is_admin?
+    return false unless can_see?(topic)
     return true if is_staff? || (!topic.private_message? && user.has_trust_level?(TrustLevel[3]))
     return false if topic.archived
     is_my_own?(topic) && !topic.edit_time_limit_expired?