From df57da8ddcd62a15bc14c48426f28b93298c73e9 Mon Sep 17 00:00:00 2001
From: Jeff LADIRAY <ladirayjeff@gmail.com>
Date: Thu, 19 May 2022 15:26:20 +0200
Subject: [PATCH] fix(permissions): switch read to browse for csv permissions

---
 packages/agent/src/agent/routes/access/csv.ts       | 2 +-
 packages/agent/test/agent/routes/access/csv.test.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/agent/src/agent/routes/access/csv.ts b/packages/agent/src/agent/routes/access/csv.ts
index 1a9857f83e..4cf6c24932 100644
--- a/packages/agent/src/agent/routes/access/csv.ts
+++ b/packages/agent/src/agent/routes/access/csv.ts
@@ -14,7 +14,7 @@ export default class CsvRoute extends CollectionRoute {
   }
 
   async handleCsv(context: Context): Promise<void> {
-    await this.services.permissions.can(context, `read:${this.collection.name}`);
+    await this.services.permissions.can(context, `browse:${this.collection.name}`);
     await this.services.permissions.can(context, `export:${this.collection.name}`);
 
     const { header } = context.request.query as Record<string, string>;
diff --git a/packages/agent/test/agent/routes/access/csv.test.ts b/packages/agent/test/agent/routes/access/csv.test.ts
index 0e8fb49a5a..60fc2420c7 100644
--- a/packages/agent/test/agent/routes/access/csv.test.ts
+++ b/packages/agent/test/agent/routes/access/csv.test.ts
@@ -84,7 +84,7 @@ describe('CsvRoute', () => {
       await csvRoute.handleCsv(context);
 
       // then
-      expect(services.permissions.can).toHaveBeenCalledWith(context, 'read:books');
+      expect(services.permissions.can).toHaveBeenCalledWith(context, 'browse:books');
       expect(services.permissions.can).toHaveBeenCalledWith(context, 'export:books');
 
       expect(buildPaginated).toHaveBeenCalledWith(booksCollection, context, scopeCondition);