Fix authenrization problem for non-admin users.

app/controllers/admin/selected_courses_controller.rb

@@ -172,4 +172,38 @@ class Admin::SelectedCoursesController < OrbitMemberController
 	    @closed = (@course_assignment.deadline < DateTime.now) rescue false
 	    @member_profile = MemberProfile.where(:uid=>params[:member_profile_uid]).first
 	end
+	def has_access?
+		if @user_has_privileges
+			return true
+		else
+			if !params[:id].nil?
+				course = Course.find(params[:id]) rescue nil
+				if course.present? && (( course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) || (course.student_ids.include?(current_user.member_profile_id.to_s) rescue false))
+					return true
+				elsif( CourseAssignment.find(params[:id]).course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+					return true
+				elsif( StudentAssignment.find(params[:id]).member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) || (StudentAssignment.find(params[:id]).course_assignment.course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+					return true
+				else
+					return false
+				end 
+			elsif !params[:uid].nil?
+				course_assignment = CourseAssignment.where(:uid=>params[:uid]).first
+				if course_assignment.nil?
+					return false
+				else
+					if( course_assignment.course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) || (course_assignment.course.student_ids.include?(current_user.member_profile_id.to_s) rescue false)
+						return true
+					else
+						return false
+					end
+
+				end
+			elsif( Course.find(course_assignment_params[:course_id]).member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+				return true
+			else
+				return false
+			end
+		end
+	end
 end