From c7e013c5ee71b2f523a636ad17733c0b999944f0 Mon Sep 17 00:00:00 2001
From: Anton <anton@scinote.net>
Date: Mon, 7 Oct 2024 14:30:26 +0200
Subject: [PATCH] Fix permission for shared storage locations [SCI-11118]

---
 app/controllers/storage_locations_controller.rb               | 4 ++--
 .../toolbars/storage_location_repository_rows_service.rb      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/storage_locations_controller.rb b/app/controllers/storage_locations_controller.rb
index 0e39fb5da..13da18b9c 100644
--- a/app/controllers/storage_locations_controller.rb
+++ b/app/controllers/storage_locations_controller.rb
@@ -9,9 +9,9 @@ class StorageLocationsController < ApplicationController
   before_action :switch_team_with_param, only: %i(index show)
   before_action :check_storage_locations_enabled, except: :unassign_rows
   before_action :load_storage_location, only: %i(update destroy duplicate move show available_positions unassign_rows export_container import_container)
-  before_action :check_read_permissions, except: %i(index create tree actions_toolbar)
+  before_action :check_read_permissions, except: %i(index create tree actions_toolbar import_container unassign_rows)
   before_action :check_create_permissions, only: :create
-  before_action :check_manage_permissions, only: %i(update destroy duplicate move unassign_rows import_container)
+  before_action :check_manage_permissions, only: %i(update destroy duplicate move)
   before_action :set_breadcrumbs_items, only: %i(index show)
 
   def index
diff --git a/app/services/toolbars/storage_location_repository_rows_service.rb b/app/services/toolbars/storage_location_repository_rows_service.rb
index 214e441dd..d0507f980 100644
--- a/app/services/toolbars/storage_location_repository_rows_service.rb
+++ b/app/services/toolbars/storage_location_repository_rows_service.rb
@@ -27,7 +27,7 @@ module Toolbars
     private
 
     def unassign_action
-      return unless can_manage_storage_location?(@storage_location)
+      return unless can_read_storage_location?(@storage_location)
 
       {
         name: 'unassign',
@@ -39,7 +39,7 @@ module Toolbars
     end
 
     def move_action
-      return unless @single && can_manage_storage_location?(@storage_location)
+      return unless @single && can_read_storage_location?(@storage_location)
 
       {
         name: 'move',