From f6f1cc3905b62bcb9f13e1c89c38df5dcfef21d7 Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Thu, 20 Jul 2023 09:06:14 +1000
Subject: [PATCH] fix: use the id in the permission check

---
 services/api/src/resources/fact/resolvers.ts | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/services/api/src/resources/fact/resolvers.ts b/services/api/src/resources/fact/resolvers.ts
index e91cfaa988..90469963b7 100644
--- a/services/api/src/resources/fact/resolvers.ts
+++ b/services/api/src/resources/fact/resolvers.ts
@@ -317,13 +317,12 @@ export const addFactsByName: ResolverFn = async (
     throw new Error("Both 'project' and 'environment' require values"); //Presumably this'll be taken care of via the schema, but let's check either way.
   }
 
+  let lagoonProject = await projectHelpers(sqlClientPool).getProjectIdByName(project);
   if (!adminScopes.projectViewAll) {
     await hasPermission('environment', 'view', {
-      project: project
+      project: lagoonProject
     });
   }
-
-  let lagoonProject = await projectHelpers(sqlClientPool).getProjectIdByName(project);
   let environments = await environmentHelpers(sqlClientPool).getEnvironmentsByProjectId(lagoonProject);
 
   if (environments.length == 0) {