From 0875dc97a8226e639fbf55a31ee62a98b79ea0b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20de=20Juvigny?= <remi.dejuvigny@strapi.io>
Date: Mon, 23 Jan 2023 19:06:12 +0100
Subject: [PATCH] Fix audit logs route policy

---
 .../admin/ee/server/routes/features-routes.js | 22 +++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/packages/core/admin/ee/server/routes/features-routes.js b/packages/core/admin/ee/server/routes/features-routes.js
index bb085adfd8..fa1448667e 100644
--- a/packages/core/admin/ee/server/routes/features-routes.js
+++ b/packages/core/admin/ee/server/routes/features-routes.js
@@ -49,8 +49,15 @@ module.exports = {
       path: '/audit-logs',
       handler: 'auditLogs.findMany',
       config: {
-        // @TODO: Check to right permissions
-        policies: ['admin::isAuthenticatedAdmin'],
+        policies: [
+          'admin::isAuthenticatedAdmin',
+          {
+            name: 'admin::hasPermissions',
+            config: {
+              actions: ['admin::audit-logs.read'],
+            },
+          },
+        ],
       },
     },
     {
@@ -58,8 +65,15 @@ module.exports = {
       path: '/audit-logs/:id',
       handler: 'auditLogs.findOne',
       config: {
-        // @TODO: Check to right permissions
-        policies: ['admin::isAuthenticatedAdmin'],
+        policies: [
+          'admin::isAuthenticatedAdmin',
+          {
+            name: 'admin::hasPermissions',
+            config: {
+              actions: ['admin::audit-logs.read'],
+            },
+          },
+        ],
       },
     },
   ],