fix app authorized

app/helpers/orbit_backend_helper.rb

@@ -353,9 +353,9 @@ module OrbitBackendHelper
   def is_authorized(object)
     autorized = @module_app.authorizable_models.inject(false) do |autorized, klass|
       if object.is_a?(klass.constantize)
-        autorized ||= object.user_can_sub_manage?(current_user)
+        autorized ||= (object.user_can_sub_manage?(current_user) and object.create_user_id == current_user.id)
       else
-        autorized ||= object.send(klass.underscore).user_can_sub_manage?(current_user)
+        autorized ||= (object.send(klass.underscore).user_can_sub_manage?(current_user) and object.create_user_id == current_user.id)
       end
       autorized
     end