From 00d2a7c2ad305bf2ac5aba60939a6890c693705b Mon Sep 17 00:00:00 2001
From: Joao Correia <joao.correia@ecrop.dev>
Date: Fri, 7 Feb 2025 12:57:26 +0000
Subject: [PATCH] forgot permissions on [id] view

---
 src/pages/approval-workflows/[id]/index.tsx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/pages/approval-workflows/[id]/index.tsx b/src/pages/approval-workflows/[id]/index.tsx
index b9087217..cd051cbe 100644
--- a/src/pages/approval-workflows/[id]/index.tsx
+++ b/src/pages/approval-workflows/[id]/index.tsx
@@ -14,8 +14,10 @@ import useExamStore from "@/stores/exam";
 import { redirect, serialize } from "@/utils";
 import { requestUser } from "@/utils/api";
 import { getApprovalWorkflow } from "@/utils/approval.workflows.be";
+import { getEntityWithRoles } from "@/utils/entities.be";
 import { getExamById } from "@/utils/exams";
 import { shouldRedirectHome } from "@/utils/navigation.disabled";
+import { doesEntityAllow } from "@/utils/permissions";
 import { getSpecificUsers, getUser } from "@/utils/users.be";
 import axios from "axios";
 import { AnimatePresence, LayoutGroup, motion } from "framer-motion";
@@ -46,8 +48,12 @@ export const getServerSideProps = withIronSessionSsr(async ({ req, res, params }
 
     const workflow: ApprovalWorkflow | null = await getApprovalWorkflow("active-workflows", id);
 
-    if (!workflow)
-        return redirect("/approval-workflows")
+    if (!workflow) return redirect("/approval-workflows")
+
+    const entityWithRole = await getEntityWithRoles(workflow.entityId);
+    if (!entityWithRole) return redirect("/approval-workflows");
+
+    if (!doesEntityAllow(user, entityWithRole, "view_workflows")) return redirect("/approval-workflows");
 
     const allAssigneeIds: string[] = [
         ...new Set(