From 9871562359fe5cf01c297750bbf54d9850f4f07b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-S=C3=A9bastien=20Herbaux?=
 <jean-sebastien.herbaux@epitech.eu>
Date: Tue, 13 Oct 2020 18:51:09 +0200
Subject: [PATCH] Fix wrong permissions assigns (upload, users-permissions)
 (#8320)

Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu>
---
 packages/strapi-plugin-upload/controllers/upload/admin.js   | 2 +-
 packages/strapi-plugin-users-permissions/config/routes.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/strapi-plugin-upload/controllers/upload/admin.js b/packages/strapi-plugin-upload/controllers/upload/admin.js
index 0126abde3a..baab32c61b 100644
--- a/packages/strapi-plugin-upload/controllers/upload/admin.js
+++ b/packages/strapi-plugin-upload/controllers/upload/admin.js
@@ -100,7 +100,7 @@ module.exports = {
       state: { userAbility },
     } = ctx;
 
-    if (userAbility.cannot(ACTIONS.read, fileModel)) {
+    if (userAbility.cannot(ACTIONS.readSettings, fileModel)) {
       return ctx.forbidden();
     }
 
diff --git a/packages/strapi-plugin-users-permissions/config/routes.json b/packages/strapi-plugin-users-permissions/config/routes.json
index 08a1d5b697..3fddd5ad50 100644
--- a/packages/strapi-plugin-users-permissions/config/routes.json
+++ b/packages/strapi-plugin-users-permissions/config/routes.json
@@ -52,7 +52,7 @@
       "handler": "UsersPermissions.getRoles",
       "config": {
         "policies": [
-          ["admin::hasPermissions", ["plugins::users-permissions.roles.create"]]
+          ["admin::hasPermissions", ["plugins::users-permissions.roles.read"]]
         ],
         "description": "Retrieve all role documents",
         "tag": {