From 006380037cae95f318ed712a79e842bdf19cd701 Mon Sep 17 00:00:00 2001
From: p31729568 <winse.wang@foxmail.com>
Date: Mon, 11 Nov 2019 16:22:19 +0800
Subject: [PATCH] partner customer manager: add some check

---
 app/controllers/partners_controller.rb               |  4 ++++
 app/views/partners/shared/_partner_managers.html.erb | 12 +++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/app/controllers/partners_controller.rb b/app/controllers/partners_controller.rb
index b2f8abc4c..7875e1780 100644
--- a/app/controllers/partners_controller.rb
+++ b/app/controllers/partners_controller.rb
@@ -26,6 +26,7 @@ class PartnersController < ApplicationController
     if params[:manager_group_id].present?
       # 重命名
       @manager_group = current_partner.partner_manager_groups.find(params[:manager_group_id])
+      return render_error('不能修改管理者权限组名称') if @manager_group.admin?
       @manager_group.update!(name: name)
     else
       # 新建
@@ -35,6 +36,7 @@ class PartnersController < ApplicationController
 
   def remove_manager_group
     manager_group = current_partner.partner_manager_groups.find(params[:manager_group_id])
+    return render_error('不能删除管理者权限组') if manager_group.admin?
     manager_group.destroy!
 
     render_delete_success
@@ -57,6 +59,8 @@ class PartnersController < ApplicationController
 
   def remove_partner_manager
     partner_manager = current_partner.partner_managers.find(params[:manager_id])
+    return render_error('不能删除自己') if partner_manager.user_id == current_user.id && partner_manager.partner_manager_group.admin?
+
     partner_manager.destroy!
 
     render_delete_success
diff --git a/app/views/partners/shared/_partner_managers.html.erb b/app/views/partners/shared/_partner_managers.html.erb
index 3896d70ed..7ad98d0b9 100644
--- a/app/views/partners/shared/_partner_managers.html.erb
+++ b/app/views/partners/shared/_partner_managers.html.erb
@@ -4,11 +4,13 @@
 
 <% manager_group.partner_managers.each do |manager| %>
   <div class="partner-manager-item partner-manager-item-<%= manager.id %>">
-    <%= delete_link 'x',
-                    remove_partner_manager_partner_path(current_partner, manager_id: manager.id, element: ".partner-manager-item-#{manager.id}"),
-                    data: { toggle: 'tooltip', title: '删除' },
-                    class: 'remove-partner-manager-action' do %>
-      <i class="fa fa-times-circle"></i>
+    <% if !manager_group.admin? || manager.user_id != current_user.id %>
+      <%= delete_link 'x',
+                      remove_partner_manager_partner_path(current_partner, manager_id: manager.id, element: ".partner-manager-item-#{manager.id}"),
+                      data: { toggle: 'tooltip', title: '删除' },
+                      class: 'remove-partner-manager-action' do %>
+        <i class="fa fa-times-circle"></i>
+      <% end %>
     <% end %>
 
     <%= link_to "/users/#{manager.user.login}", data: { toggle: 'tooltip', title: '查看个人主页' },