app/permissions/decidim/consultations/permissions.rb in decidim-consultations-0.18.1 vs app/permissions/decidim/consultations/permissions.rb in decidim-consultations-0.19.0

@@ -5,10 +5,11 @@
     class Permissions < Decidim::DefaultPermissions
       def permissions
         allowed_public_anonymous_action?
 
         return permission_action unless user
+
         allowed_public_action?
 
         return Decidim::Consultations::Admin::Permissions.new(user, permission_action, context).permissions if permission_action.scope == :admin
 
         permission_action
@@ -22,10 +23,16 @@
 
       def consultation
         @consultation ||= context.fetch(:consultation, nil)
       end
 
+      def authorized?(permission_action, resource: nil)
+        return unless resource || question
+
+        ActionAuthorizer.new(user, permission_action, question, resource).authorize.ok?
+      end
+
       def allowed_public_anonymous_action?
         return unless permission_action.action == :read
         return unless permission_action.scope == :public
 
         case permission_action.subject
@@ -39,9 +46,12 @@
       end
 
       def allowed_public_action?
         return unless permission_action.scope == :public
         return unless permission_action.subject == :question
+
+        # check if question has been limited by admins first
+        return unless authorized? :vote
 
         case permission_action.action
         when :vote
           toggle_allow(question.can_be_voted_by?(user))
         when :unvote