From 0c7019b7a49ff2b139d1b27b80662d8aaf03f957 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Fankh=C3=A4nel?= <tfankhaenel@codevise.de>
Date: Tue, 8 Aug 2017 16:51:46 +0200
Subject: [PATCH] Allow :create Entry only for publishers on accounts, not on
 entries

---
 app/policies/pageflow/entry_policy.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/policies/pageflow/entry_policy.rb b/app/policies/pageflow/entry_policy.rb
index 0f1626c1fd..ad315a325c 100644
--- a/app/policies/pageflow/entry_policy.rb
+++ b/app/policies/pageflow/entry_policy.rb
@@ -87,7 +87,8 @@ def publish?
     end
 
     def create?
-      publish? && AccountPolicy::Scope.new(user, Account).entry_creatable.any?
+      query.has_at_least_account_role?(:publisher) &&
+        AccountPolicy::Scope.new(user, Account).entry_creatable.any?
     end
 
     def duplicate?