From 9e129b35838fb003a7d5a742a1c31988814ca0d6 Mon Sep 17 00:00:00 2001 From: Bryan Robitaille Date: Fri, 5 Jul 2024 08:57:23 -0400 Subject: [PATCH] fix: Permissions on Admin pages (#3959) --- .../admin/(no nav)/upload/page.tsx | 10 +++++++--- .../admin/(no nav)/view-templates/page.tsx | 7 ++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/upload/page.tsx b/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/upload/page.tsx index e60a422acb..3a0681ab4f 100644 --- a/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/upload/page.tsx +++ b/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/upload/page.tsx @@ -20,9 +20,13 @@ export default async function Page() { const { ability } = await authCheckAndRedirect(); - checkPrivilegesAsBoolean(ability, [{ action: "create", subject: "FormRecord" }], { - redirect: true, - }); + checkPrivilegesAsBoolean( + ability, + [{ action: "update", subject: { type: "FormRecord", object: {} } }], + { + redirect: true, + } + ); return ( <>

{t("upload.title")}

diff --git a/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/view-templates/page.tsx b/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/view-templates/page.tsx index ce1357b287..bcdc17d3ce 100644 --- a/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/view-templates/page.tsx +++ b/app/(gcforms)/[locale]/(app administration)/admin/(no nav)/view-templates/page.tsx @@ -21,11 +21,8 @@ export default async function Page() { checkPrivilegesAsBoolean( ability, - [ - { action: "view", subject: "FormRecord" }, - { action: "update", subject: "FormRecord" }, - ], - { logic: "one", redirect: true } + [{ action: "update", subject: { type: "FormRecord", object: {} } }], + { redirect: true } ); const templates = (await getAllTemplates(ability)).map((template) => {