Fix authorized bug.

2021-11-18 19:08:07 +08:00 · 2021-11-18 19:08:07 +08:00 · b597bbaa1c
parent 4fc5e5ba38
commit b597bbaa1c
1 changed files with 3 additions and 0 deletions
--- a/app/controllers/admin/seminars_controller.rb
+++ b/app/controllers/admin/seminars_controller.rb
@ -21,9 +21,12 @@ class Admin::SeminarsController < OrbitAdminController
  end
  def check_manager_for_seminar
    OrbitHelper.set_params(params,current_user)
+    OrbitHelper.set_this_module_app("seminar")
    access_level = OrbitHelper.user_access_level?
    if (access_level.nil? || access_level == "user") && (@seminar.organizer_id != current_user.member_profile_id rescue true)
      render_401
+    elsif access_level == "sub_manager" && @seminar && !(OrbitHelper.user_can_edit(@seminar))
+      render_401
    end
  end
  def check_permission_for_seminar