From b1f0a43dce753df6ffa11889ab86dd8d8baf2250 Mon Sep 17 00:00:00 2001
From: Julian Gallimore <julian@mactwister.com>
Date: Thu, 1 Aug 2024 11:00:39 +0200
Subject: [PATCH] Can only see approved organisations

---
 app/controllers/organizations_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
index a9c74d48..248e225b 100644
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -42,6 +42,11 @@ def update
 
   def find_organization
     @organization = Organization.friendly.find(params[:id])
+
+    unless @organization.workflow_state == "approved" || (current_user && (current_user.has_role?(:superadmin) || @organization.creator == current_user))
+      error_not_found
+    end
+
   end
 
   def organization_params