fix access to /admin/invoices for managers

app/policies/payment_policy.rb

@@ -3,6 +3,6 @@
 # Check the access policies for API::PaymentsController
 class PaymentPolicy < ApplicationPolicy
   def online_payment_status?
-    user.admin?
+    user.admin? || user.manager?
   end
 end

app/policies/setting_policy.rb

@@ -24,7 +24,7 @@ class SettingPolicy < ApplicationPolicy
   end
 
   def test_present?
-    user&.admin? || SettingPolicy.public_whitelist.push('openlab_app_secret').include?(record.name)
+    user&.admin? || SettingPolicy.public_whitelist.concat(%w[openlab_app_secret stripe_secret_key]).include?(record.name)
   end
 
   ##