diff --git a/app/helpers/orbit_backend_helper.rb b/app/helpers/orbit_backend_helper.rb index c946456..7b3ed0f 100644 --- a/app/helpers/orbit_backend_helper.rb +++ b/app/helpers/orbit_backend_helper.rb @@ -353,9 +353,9 @@ module OrbitBackendHelper def is_authorized(object) autorized = @module_app.authorizable_models.inject(false) do |autorized, klass| if object.is_a?(klass.constantize) - autorized ||= object.user_can_sub_manage?(current_user) + autorized ||= (object.user_can_sub_manage?(current_user) and object.create_user_id == current_user.id) else - autorized ||= object.send(klass.underscore).user_can_sub_manage?(current_user) + autorized ||= (object.send(klass.underscore).user_can_sub_manage?(current_user) and object.create_user_id == current_user.id) end autorized end