From 0e86397b8a7bedaefeeec3db1938b9a0532e1fa8 Mon Sep 17 00:00:00 2001
From: Rik Smale <git@riksmale.info>
Date: Tue, 24 Sep 2024 17:48:08 +0200
Subject: [PATCH] fix(applications): allow admin access to boardview

---
 lib/events.js  | 4 ++--
 lib/helpers.js | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/events.js b/lib/events.js
index 15986076..00abc099 100644
--- a/lib/events.js
+++ b/lib/events.js
@@ -77,8 +77,8 @@ exports.listBodyApplications = async (req, res) => {
         return errors.makeBadRequestError(res, 'bodyId is not a number.');
     }
 
-    // Only visible to board members
-    if (!req.permissions.see_boardview[bodyId]) {
+    // Only visible to board members and admins
+    if (!req.permissions.see_boardview.global && !req.permissions.see_boardview[bodyId]) {
         return errors.makeForbiddenError(res, 'You are not allowed to see this');
     }
 
diff --git a/lib/helpers.js b/lib/helpers.js
index 09aeaf9d..aa6fa2f5 100644
--- a/lib/helpers.js
+++ b/lib/helpers.js
@@ -204,7 +204,9 @@ exports.getPermissions = (user, corePermissions, approvePermissions) => {
     permissions.apply_general = hasPermission(corePermissions, 'apply:summeruniversity');
 
     permissions.set_board_comment = {};
-    permissions.see_boardview = {};
+    permissions.see_boardview = {
+        global: hasPermission(corePermissions, 'global:approve_members:summeruniversity')
+    };
 
     const approveBodiesList = getBodiesListFromPermissions(approvePermissions);
     const userBodies = user && Array.isArray(user.bodies) ? user.bodies : [];