Fix authorized bug.

This commit is contained in:
BoHung Chiu 2021-11-18 19:08:07 +08:00
parent 4fc5e5ba38
commit b597bbaa1c
1 changed files with 3 additions and 0 deletions

View File

@ -21,9 +21,12 @@ class Admin::SeminarsController < OrbitAdminController
end end
def check_manager_for_seminar def check_manager_for_seminar
OrbitHelper.set_params(params,current_user) OrbitHelper.set_params(params,current_user)
OrbitHelper.set_this_module_app("seminar")
access_level = OrbitHelper.user_access_level? access_level = OrbitHelper.user_access_level?
if (access_level.nil? || access_level == "user") && (@seminar.organizer_id != current_user.member_profile_id rescue true) if (access_level.nil? || access_level == "user") && (@seminar.organizer_id != current_user.member_profile_id rescue true)
render_401 render_401
elsif access_level == "sub_manager" && @seminar && !(OrbitHelper.user_can_edit(@seminar))
render_401
end end
end end
def check_permission_for_seminar def check_permission_for_seminar