# HG changeset patch
# User Nattee Niparnan <nattee@gmail.com>
# Date 2020-09-28 15:03:49
# Node ID f3c1c942cc5119b2e64102c99dc324f326e2bcd9
# Parent  b9faf3362123aa2bc289f575cdac1d4c56a7f575
# Parent  30dd5b343f6bc85321ee40275bc7e34e6fe476b2

merge

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -34,8 +34,7 @@
 
   def authorization_by_roles(allowed_roles)
     return false unless check_valid_login
-    user = User.find(session[:user_id])
-    unless user.roles.detect { |role| allowed_roles.member?(role.name) }
+    unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) }
       unauthorized_redirect
       return false
     end
diff --git a/app/controllers/problems_controller.rb b/app/controllers/problems_controller.rb
--- a/app/controllers/problems_controller.rb
+++ b/app/controllers/problems_controller.rb
@@ -1,6 +1,9 @@
 class ProblemsController < ApplicationController
 
-  before_action :admin_authorization
+  before_action :admin_authorization, except: [:stat]
+  before_action only: [:stat] do
+    authorization_by_roles(['admin','ta'])
+  end
 
   in_place_edit_for :problem, :name
   in_place_edit_for :problem, :full_name