Fix audit logs route policy

2025-12-09 14:03:52 +00:00 · 2023-01-23 19:06:12 +01:00 · 2023-01-23 19:06:12 +01:00 · 0875dc97a8
commit 0875dc97a8
parent 9b348b4969
1 changed files with 18 additions and 4 deletions
--- a/packages/core/admin/ee/server/routes/features-routes.js
+++ b/packages/core/admin/ee/server/routes/features-routes.js
@ -49,8 +49,15 @@ module.exports = {
      path: '/audit-logs',
      handler: 'auditLogs.findMany',
      config: {
-        // @TODO: Check to right permissions
-        policies: ['admin::isAuthenticatedAdmin'],
+        policies: [
+          'admin::isAuthenticatedAdmin',
+          {
+            name: 'admin::hasPermissions',
+            config: {
+              actions: ['admin::audit-logs.read'],
+            },
+          },
+        ],
      },
    },
    {
@ -58,8 +65,15 @@ module.exports = {
      path: '/audit-logs/:id',
      handler: 'auditLogs.findOne',
      config: {
-        // @TODO: Check to right permissions
-        policies: ['admin::isAuthenticatedAdmin'],
+        policies: [
+          'admin::isAuthenticatedAdmin',
+          {
+            name: 'admin::hasPermissions',
+            config: {
+              actions: ['admin::audit-logs.read'],
+            },
+          },
+        ],
      },
    },
  ],