diff --git a/app/controllers/admin/seminar_signups_controller.rb b/app/controllers/admin/seminar_signups_controller.rb index 9e640f45..53ac0478 100644 --- a/app/controllers/admin/seminar_signups_controller.rb +++ b/app/controllers/admin/seminar_signups_controller.rb @@ -3,18 +3,26 @@ class Admin::SeminarSignupsController < OrbitAdminController include Admin::SeminarsHelper before_action ->(module_app = @app_title) { set_variables module_app } before_action :check_manager_for_seminar + skip_before_action :check_for_nil_categories def initialize super @app_title = "seminar" end def check_manager_for_seminar OrbitHelper.set_params(params,current_user) + OrbitHelper.set_this_module_app("seminar") access_level = OrbitHelper.user_access_level? - if (access_level.nil? || access_level == "user") || access_level == "sub_manager" + if access_level.nil? || access_level == "user" @seminar = SeminarSignup.find(params[:id]).seminar_main rescue nil if (@seminar.organizer_id != current_user.member_profile_id rescue true) render_401 end + elsif access_level == "sub_manager" + @seminar = SeminarSignup.find(params[:id]).seminar_main rescue nil + approved_category_ids = current_user.approved_categories.collect{|c| c.id} + unless approved_category_ids.include?(@seminar.category_id) || (@seminar.organizer_id == current_user.member_profile_id rescue false) + render_401 + end end end def edit diff --git a/app/controllers/admin/seminars_controller.rb b/app/controllers/admin/seminars_controller.rb index 66686039..d2591ceb 100644 --- a/app/controllers/admin/seminars_controller.rb +++ b/app/controllers/admin/seminars_controller.rb @@ -624,7 +624,7 @@ class Admin::SeminarsController < OrbitAdminController if @access_level == "user" || @access_level.nil? @can_edit = false elsif @access_level == "sub_manager" - @can_edit = false + @can_edit = can_edit_or_delete?(@seminar) end unless @can_edit @can_edit = (@seminar.organizer_id == current_user.member_profile_id rescue false)