fix object_auth security problem

app/controllers/admin/object_auths_new_interface_controller.rb

@@ -66,4 +66,18 @@ class Admin::ObjectAuthsNewInterfaceController < OrbitBackendController
     end
   end
 
+  def check_permission(var)
+    # binding.pry
+    #app = ModuleApp.first({conditions:{key: params[:module_app_key]}})
+    # setup_vars
+    @module_app.is_manager?(current_user) || current_user.admin?
+  end
+
+  def setup_vars
+    @app_title = request.env['HTTP_REFERER'].split('/')[4]
+    #@app_title = request.fullpath.split('/')[1] if(@app_title == "back_end") 
+    @app_title.gsub!(/[?].*/,'')
+    @module_app = ModuleApp.first(conditions: {:key => @app_title} )
+  end
+
 end