From b597bbaa1c3cd2d8f972a4e95cd10bbf863fe2d0 Mon Sep 17 00:00:00 2001
From: Bohung <bohung@rulingcom.com>
Date: Thu, 18 Nov 2021 19:08:07 +0800
Subject: [PATCH] Fix authorized bug.

---
 app/controllers/admin/seminars_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/admin/seminars_controller.rb b/app/controllers/admin/seminars_controller.rb
index e1e5269..21318b2 100644
--- a/app/controllers/admin/seminars_controller.rb
+++ b/app/controllers/admin/seminars_controller.rb
@@ -21,9 +21,12 @@ class Admin::SeminarsController < OrbitAdminController
   end
   def check_manager_for_seminar
     OrbitHelper.set_params(params,current_user)
+    OrbitHelper.set_this_module_app("seminar")
     access_level = OrbitHelper.user_access_level?
     if (access_level.nil? || access_level == "user") && (@seminar.organizer_id != current_user.member_profile_id rescue true)
       render_401
+    elsif access_level == "sub_manager" && @seminar && !(OrbitHelper.user_can_edit(@seminar))
+      render_401
     end
   end
   def check_permission_for_seminar