diff --git a/backend/core/views.py b/backend/core/views.py index fc6c21fd1..6af9f6117 100644 --- a/backend/core/views.py +++ b/backend/core/views.py @@ -1827,7 +1827,7 @@ def create_suggested_applied_controls(request, pk): compliance_assessment = ComplianceAssessment.objects.get(id=pk) if not RoleAssignment.is_access_allowed( user=request.user, - perm=Permission.objects.get(codename="create_appliedcontrol"), + perm=Permission.objects.get(codename="add_appliedcontrol"), folder=compliance_assessment.folder, ): return Response(status=status.HTTP_403_FORBIDDEN) @@ -1933,7 +1933,7 @@ def create_suggested_applied_controls(request, pk): requirement_assessment = RequirementAssessment.objects.get(id=pk) if not RoleAssignment.is_access_allowed( user=request.user, - perm=Permission.objects.get(codename="create_appliedcontrol"), + perm=Permission.objects.get(codename="add_appliedcontrol"), folder=requirement_assessment.folder, ): return Response(status=status.HTTP_403_FORBIDDEN)