From d7ddff9bb71cdbcfba3bb951686d44d0513fd1ba Mon Sep 17 00:00:00 2001
From: Seth Call <sethcall@gmail.com>
Date: Mon, 8 Feb 2016 20:47:01 -0600
Subject: [PATCH] * fix validation

---
 web/app/controllers/api_teachers_controller.rb | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/web/app/controllers/api_teachers_controller.rb b/web/app/controllers/api_teachers_controller.rb
index 90cae056f..4348ab5e7 100644
--- a/web/app/controllers/api_teachers_controller.rb
+++ b/web/app/controllers/api_teachers_controller.rb
@@ -42,13 +42,9 @@ class ApiTeachersController < ApiController
 
 private
   def auth_teacher
-    if current_user.admin
-      @teacher = Teacher.find(params[:id])
-    else
-      @teacher = Teacher.where("user_id=? AND id=?", current_user.id, params[:id]).first
-    end
-    
-    unless @teacher
+    @teacher = Teacher.find(params[:id])
+
+    if !current_user.admin && !@teacher.user == current_user
       Rails.logger.info("Could not find teacher #{params[:id]} for #{current_user}")
       raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
     end