Fixd Category Authorization Permissions

app/controllers/admin/seminar_signups_controller.rb

@@ -3,18 +3,26 @@ class Admin::SeminarSignupsController < OrbitAdminController
   include Admin::SeminarsHelper
   before_action ->(module_app = @app_title) { set_variables module_app }
   before_action :check_manager_for_seminar
+  skip_before_action :check_for_nil_categories
   def initialize
     super
     @app_title = "seminar"
   end
   def check_manager_for_seminar
     OrbitHelper.set_params(params,current_user)
+    OrbitHelper.set_this_module_app("seminar")
     access_level = OrbitHelper.user_access_level?
-    if (access_level.nil? || access_level == "user") || access_level == "sub_manager"
+    if access_level.nil? || access_level == "user"
       @seminar = SeminarSignup.find(params[:id]).seminar_main rescue nil
       if (@seminar.organizer_id != current_user.member_profile_id rescue true)
         render_401
       end
+    elsif access_level == "sub_manager"
+      @seminar = SeminarSignup.find(params[:id]).seminar_main rescue nil
+      approved_category_ids = current_user.approved_categories.collect{|c| c.id}
+      unless approved_category_ids.include?(@seminar.category_id) || (@seminar.organizer_id == current_user.member_profile_id rescue false)
+        render_401
+      end
     end
   end
   def edit

app/controllers/admin/seminars_controller.rb

@@ -624,7 +624,7 @@ class Admin::SeminarsController < OrbitAdminController
     if @access_level == "user" || @access_level.nil?
       @can_edit = false
     elsif @access_level == "sub_manager"
-      @can_edit = false
+      @can_edit = can_edit_or_delete?(@seminar)
     end
     unless @can_edit
       @can_edit = (@seminar.organizer_id == current_user.member_profile_id rescue false)