server/AyaNova/ControllerHelpers/Authorized.cs

@@ -94,13 +94,17 @@ namespace AyaNova.Api.ControllerHelpers
         internal static bool HasReadFullRole(AuthorizationRoles currentUserRoles, AyaType objectType)
         {
             //NOTE: this assumes that if you can change you can read
-            if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
+            var RoleSet = BizRoles.GetRoleSet(objectType);
-                return true;
+            var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
+            return currentUserRoles.HasAnyFlags(AllowedRoles);
             
-            if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).ReadFullRecord))
+            // if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
-                return true;
+            //     return true;
 
-            return false;
+            // if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).ReadFullRecord))
+            //     return true;
+
+            //return false;
         }