From aef83490cfeecfc82ad66352dac4cdb6a99b8caf Mon Sep 17 00:00:00 2001
From: Graham Triggs <gtriggs@duraspace.org>
Date: Sat, 23 Sep 2017 13:24:35 +0100
Subject: [PATCH] Fix permissions in site

---
 .../webapp/controller/freemarker/BaseSiteAdminController.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BaseSiteAdminController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BaseSiteAdminController.java
index 2220dbda1..90dfee2b2 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BaseSiteAdminController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BaseSiteAdminController.java
@@ -112,7 +112,7 @@ public class BaseSiteAdminController extends FreemarkerHttpServlet {
         Map<String, Object> urls = new HashMap<>();
 
         for (AdminUrl adminUrl : siteMaintenanceUrls) {
-            if (adminUrl.permission == null || PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.USE_MISCELLANEOUS_ADMIN_PAGES.ACTION)) {
+            if (adminUrl.permission == null || PolicyHelper.isAuthorizedForActions(vreq, adminUrl.permission)) {
                 if (adminUrl.url.startsWith("javascript:")) {
                     urls.put(adminUrl.key, adminUrl.url);
                 } else {
@@ -175,7 +175,7 @@ public class BaseSiteAdminController extends FreemarkerHttpServlet {
         Map<String, Object> data = new HashMap<String, Object>();
 
         for (AdminUrl adminUrl : siteConfigData) {
-            if (adminUrl.permission == null || PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.USE_MISCELLANEOUS_ADMIN_PAGES.ACTION)) {
+            if (adminUrl.permission == null || PolicyHelper.isAuthorizedForActions(vreq, adminUrl.permission)) {
                 if (adminUrl.url.startsWith("javascript:")) {
                     data.put(adminUrl.key, adminUrl.url);
                 } else {