Fix concept set permission checking

DataBiosphere · Jul 21, 2023 · c57f910 · c57f910
1 parent 1b5fbc7
commit c57f910
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/service/src/main/java/bio/terra/tanagra/app/controller/ConceptSetsV2ApiController.java b/service/src/main/java/bio/terra/tanagra/app/controller/ConceptSetsV2ApiController.java
@@ -60,7 +60,7 @@ public ResponseEntity<Void> deleteConceptSet(String studyId, String conceptSetId
     accessControlService.throwIfUnauthorized(
         SpringAuthentication.getCurrentUser(),
         Permissions.forActions(CONCEPT_SET, DELETE),
-        ResourceId.forCohort(studyId, conceptSetId));
+        ResourceId.forConceptSet(studyId, conceptSetId));
     conceptSetService.deleteConceptSet(studyId, conceptSetId);
     return new ResponseEntity<>(HttpStatus.NO_CONTENT);
   }
@@ -70,7 +70,7 @@ public ResponseEntity<ApiConceptSetV2> getConceptSet(String studyId, String conc
     accessControlService.throwIfUnauthorized(
         SpringAuthentication.getCurrentUser(),
         Permissions.forActions(CONCEPT_SET, READ),
-        ResourceId.forCohort(studyId, conceptSetId));
+        ResourceId.forConceptSet(studyId, conceptSetId));
     return ResponseEntity.ok(toApiObject(conceptSetService.getConceptSet(studyId, conceptSetId)));
   }
 
@@ -96,7 +96,7 @@ public ResponseEntity<ApiConceptSetV2> updateConceptSet(
     accessControlService.throwIfUnauthorized(
         SpringAuthentication.getCurrentUser(),
         Permissions.forActions(CONCEPT_SET, UPDATE),
-        ResourceId.forCohort(studyId, conceptSetId));
+        ResourceId.forConceptSet(studyId, conceptSetId));
     Criteria singleCriteria =
         body.getCriteria() == null
             ? null