fix backend edit authorized

2014-05-08 10:46:08 +08:00 · 2014-05-08 10:46:08 +08:00 · 8af795e2ac
parent 34a13479d4
commit 8af795e2ac
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/panel/er_email/back_end/email_ers_controller.rb
+++ b/app/controllers/panel/er_email/back_end/email_ers_controller.rb
@ -92,7 +92,7 @@ class Panel::ErEmail::BackEnd::EmailErsController < OrbitBackendController

    is_authorized_sub_manager = @email_er.category.auth_sub_manager.authorized_user_ids rescue nil

-    if !(is_manager? || is_admin? || is_authorized_sub_manager.include?(current_user.id))
+    if !(is_manager? || is_admin? || (is_authorized_sub_manager.include?(current_user.id) and @email_er.create_user_id == current_user.id))
      redirect_to :action => :index
    else
      # @summary_variable = @bulletin.summary_variable