fix: enable non-PA-admins to view PA messages

fd8fdd5 implemented support for the frontend to display PA message navigation and read-only views when the current user is not a PA message admin, but didn't change the authorization requirement on the relevant routes.
mbta · Feb 3, 2025 · a5928a0 · a5928a0
1 parent 4ea0372
commit a5928a0
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/lib/screenplay_web/router.ex b/lib/screenplay_web/router.ex
@@ -76,7 +76,7 @@ defmodule ScreenplayWeb.Router do
   # PA Message Management
 
   scope "/pa-messages", ScreenplayWeb do
-    pipe_through([:browser, :authenticate, :ensure_pa_message_admin])
+    pipe_through([:browser, :authenticate])
 
     get("/", PaMessagesController, :index)
     get("/new", PaMessagesController, :index)
@@ -90,10 +90,16 @@ defmodule ScreenplayWeb.Router do
   end
 
   scope "/api/pa-messages", ScreenplayWeb do
-    pipe_through([:api, :authenticate, :ensure_pa_message_admin])
+    pipe_through([:api, :authenticate])
 
     get("/preview_audio", PaMessagesApiController, :preview_audio)
-    resources("/", PaMessagesApiController, only: [:index, :show, :create, :update])
+    resources("/", PaMessagesApiController, only: [:index, :show])
+  end
+
+  scope "/api/pa-messages", ScreenplayWeb do
+    pipe_through([:api, :authenticate, :ensure_pa_message_admin])
+
+    resources("/", PaMessagesApiController, only: [:create, :update])
   end
 
   # Permanent Configuration