fix app authorized

2014-05-08 10:53:44 +08:00 · 2014-05-08 10:53:44 +08:00 · feefc99db8
parent 9205f47590
commit feefc99db8
1 changed files with 2 additions and 2 deletions
--- a/app/helpers/orbit_backend_helper.rb
+++ b/app/helpers/orbit_backend_helper.rb
@ -353,9 +353,9 @@ module OrbitBackendHelper
  def is_authorized(object)
    autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
      if object.is_a?(klass.constantize)
-        autorized ||= object.user_can_sub_manage?(current_user)
+        autorized ||= (object.user_can_sub_manage?(current_user) and object.create_user_id == current_user.id)
      else
-        autorized ||= object.send(klass.underscore).user_can_sub_manage?(current_user)
+        autorized ||= (object.send(klass.underscore).user_can_sub_manage?(current_user) and object.create_user_id == current_user.id)
      end
      autorized
    end