Adjust permission settings

2026-06-04 10:06:05 +00:00 · 2026-06-04 10:06:05 +00:00 · 5f3e00164b
parent e2da713248
commit 5f3e00164b
3 changed files with 26 additions and 10 deletions
--- a/app/controllers/admin/seminar_signups_controller.rb
+++ b/app/controllers/admin/seminar_signups_controller.rb
@ -10,7 +10,7 @@ class Admin::SeminarSignupsController < OrbitAdminController
  def check_manager_for_seminar
    OrbitHelper.set_params(params,current_user)
    access_level = OrbitHelper.user_access_level?
-    if (access_level.nil? || access_level == "user")
+    if (access_level.nil? || access_level == "user") || access_level == "sub_manager"
      @seminar = SeminarSignup.find(params[:id]).seminar_main rescue nil
      if (@seminar.organizer_id != current_user.member_profile_id rescue true)
        render_401
--- a/app/controllers/admin/seminars_controller.rb
+++ b/app/controllers/admin/seminars_controller.rb
@ -5,9 +5,9 @@ class Admin::SeminarsController < OrbitAdminController
  include Admin::SeminarsHelper
  helper Admin::SeminarsFieldHelper
  before_action ->(module_app = @app_title) { set_variables module_app }
-  before_action :set_seminar, only: [:edit, :set_write_off, :seminar_signup, :destroy,:seminar_signup_admin_setting,:update_seminar_signup_admin_setting,:get_reviewer_block,:get_session_block,:update_seminar_review,:update_seminar_session,:reviewer_setting,:update_reviewer_setting,:template_setting,:update_template_setting,:sub_page_setting]
+  before_action :set_seminar, only: [:edit, :set_write_off, :seminar_signup, :destroy,:seminar_signup_admin_setting,:update_seminar_signup_admin_setting,:get_reviewer_block,:get_session_block,:update_seminar_review,:update_seminar_session,:reviewer_setting,:update_reviewer_setting,:template_setting,:update_template_setting,:sub_page_setting,:export]
  before_action :set_seminar_signup_admin_setting, only: [:seminar_signup,:seminar_signup_admin_setting,:update_seminar_signup_admin_setting,:get_reviewer_block,:get_session_block]
-  before_action :check_permission_for_seminar, only: [:seminar_signup,:get_reviewer_block,:get_session_block]
+  before_action :check_permission_for_seminar, only: [:seminar_signup,:get_reviewer_block,:get_session_block,:export]
  before_action :check_manager_for_seminar, only: [:seminar_signup_admin_setting,:update_seminar_signup_admin_setting,:update_seminar_review,:update_seminar_session,:reviewer_setting,:update_reviewer_setting,:template_setting,:update_template_setting]
  def initialize
    super
@ -39,6 +39,10 @@ class Admin::SeminarsController < OrbitAdminController
      else
        @user_authenticated_categories = ['all']
      end
+    elsif access_level == "sub_manager"
+      unless can_see_seminar_signup(@seminar)
+        render_401
+      end
    end
  end
  def template_setting
@ -407,7 +411,7 @@ class Admin::SeminarsController < OrbitAdminController
        }
      end
    else
-      render :nothing => true
+      render_401     
    end
  end
  def copy
@ -619,6 +623,8 @@ class Admin::SeminarsController < OrbitAdminController
    @can_edit = true
    if @access_level == "user" || @access_level.nil?
      @can_edit = false
+    elsif @access_level == "sub_manager"
+      @can_edit = false
    end
    unless @can_edit
      @can_edit = (@seminar.organizer_id == current_user.member_profile_id rescue false)
--- a/app/views/admin/seminars/_index.html.erb
+++ b/app/views/admin/seminars/_index.html.erb
@ -40,14 +40,24 @@
        </td>
        <td><%= SeminarMain.time_range(seminar.seminar_start_date, seminar.seminar_end_date) %></td>
        <td><%= SeminarMain.time_range(seminar.signup_start_date, seminar.signup_end_date) %></td>
-        <td><a href="/admin/seminars/<%=seminar.id.to_s%>/seminar_signup">
+        <td>
          <% @seminar_review = seminar.seminar_reviews.where(:reviewer_id => current_user.member_profile_id.to_s).first %>
-          <% if @seminar_review.present? && !@can_edit %>
-            <%= @seminar_review.get_all_seminar_signup_ids.count %>
+          <% if can_see_seminar_signup(seminar) %>
+            <a href="/admin/seminars/<%=seminar.id.to_s%>/seminar_signup">
+              <% if @seminar_review.present? && !@can_edit %>
+                <%= @seminar_review.get_all_seminar_signup_ids.count %>
+              <% else %>
+                <%= seminar.seminar_signups.count %>
+              <% end %>
+            </a>
          <% else %>
-            <%= seminar.seminar_signups.count %>
+            <% if @seminar_review.present? && !@can_edit %>
+              <%= @seminar_review.get_all_seminar_signup_ids.count %>
+            <% else %>
+              <%= seminar.seminar_signups.count %>
+            <% end %>
          <% end %>
-          </a></td>
+        </td>
        <td>
          <% if can_see_seminar_signup(seminar) %>
            <a href="/admin/seminars/<%=seminar.id.to_s%>/export?format=xlsx" target="_blank"><%= t('seminar.export') %></a>
@ -62,4 +72,4 @@
  content_tag :div, class: "bottomnav clearfix" do
    content_tag :div, paginate(@seminars), class: "pagination pagination-centered"
  end
-%>
+%>