From 92981a3aaa80037a86421b539d0b0ceed50bb1c0 Mon Sep 17 00:00:00 2001
From: p31729568 <winse.wang@foxmail.com>
Date: Wed, 6 Nov 2019 11:45:15 +0800
Subject: [PATCH] competition certificate

---
 app/controllers/competitions/prizes_controller.rb | 11 +++++++++--
 app/views/competitions/prizes/show.json.jbuilder  |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/controllers/competitions/prizes_controller.rb b/app/controllers/competitions/prizes_controller.rb
index e8119a67f..c87026042 100644
--- a/app/controllers/competitions/prizes_controller.rb
+++ b/app/controllers/competitions/prizes_controller.rb
@@ -1,8 +1,10 @@
 class Competitions::PrizesController < Competitions::BaseController
   before_action :require_prize_user!
 
+  helper_method :current_prize_user
+
   def show
-    self_prizes = current_competition.competition_prize_users.where(user_id: current_user.id).includes(:competition_team).order(:competition_prize_id)
+    self_prizes = current_competition.competition_prize_users.where(user_id: current_prize_user.id).includes(:competition_team).order(:competition_prize_id)
 
     @leader = self_prizes.any?{ |prize_user| prize_user.leader? && prize_user.competition_prize.category == 'bonus' } # 是否为队长并且有奖金奖励
     if @leader
@@ -22,8 +24,13 @@ class Competitions::PrizesController < Competitions::BaseController
   private
 
   def require_prize_user!
-    return if current_competition.competition_prize_users.exists?(user: current_user)
+    return if current_competition.competition_prize_users.exists?(user: current_prize_user)
+    return if current_user.admin_or_business? || current_user.id == current_prize_user.id
 
     render_forbidden
   end
+
+  def current_prize_user
+    @_current_prize_user ||= User.find(params[:user_id])
+  end
 end
\ No newline at end of file
diff --git a/app/views/competitions/prizes/show.json.jbuilder b/app/views/competitions/prizes/show.json.jbuilder
index 9bb6b8256..18113a7ed 100644
--- a/app/views/competitions/prizes/show.json.jbuilder
+++ b/app/views/competitions/prizes/show.json.jbuilder
@@ -5,7 +5,7 @@ if @leader
   json.bank_account_editable @bank_account_editable
 end
 
-json.all_certified current_user.all_certified?
+json.all_certified current_prize_user.all_certified?
 json.personal_certifications do
   json.array! @self_prizes do |prize_user|
     json.url personal_competition_certificate_path(current_competition.identifier, prize_user)