Added a rule for submanager to allow to edit announcement once authorized

2013-12-10 15:00:06 +08:00 · 2013-12-10 15:00:06 +08:00 · d3565daef4
parent 44cd8854a9
commit d3565daef4
1 changed files with 3 additions and 1 deletions
--- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
+++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb
@ -64,7 +64,9 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
  # GET /bulletins/1/edit
  def edit
    @bulletin = Bulletin.find(params[:id])
-    if !(is_manager? || is_admin?)
+    is_authorized_sub_manager = @bulletin.category.auth_sub_manager.authorized_user_ids rescue nil
+
+    if !(is_manager? || is_admin? || is_authorized_sub_manager.include?(current_user.id))
      redirect_to :action => :index
    else
      # @summary_variable = @bulletin.summary_variable