From feefc99db8dde64f799c2fd0e10b315c35937fd6 Mon Sep 17 00:00:00 2001
From: spen <spen@rulingcom.com>
Date: Thu, 8 May 2014 10:53:44 +0800
Subject: [PATCH] fix app authorized

---
 app/helpers/orbit_backend_helper.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/helpers/orbit_backend_helper.rb b/app/helpers/orbit_backend_helper.rb
index c946456..7b3ed0f 100644
--- a/app/helpers/orbit_backend_helper.rb
+++ b/app/helpers/orbit_backend_helper.rb
@@ -353,9 +353,9 @@ module OrbitBackendHelper
   def is_authorized(object)
     autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
       if object.is_a?(klass.constantize)
-        autorized ||= object.user_can_sub_manage?(current_user)
+        autorized ||= (object.user_can_sub_manage?(current_user) and object.create_user_id == current_user.id)
       else
-        autorized ||= object.send(klass.underscore).user_can_sub_manage?(current_user)
+        autorized ||= (object.send(klass.underscore).user_can_sub_manage?(current_user) and object.create_user_id == current_user.id)
       end
       autorized
     end