From a541bde7e158f981c99f1869b3eefd5ab673d0ca Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Fri, 1 Sep 2023 12:19:16 +0200
Subject: [PATCH] Secure view read

---
 packages/server/src/api/routes/view.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/server/src/api/routes/view.ts b/packages/server/src/api/routes/view.ts
index e09ecba679..545d3016a3 100644
--- a/packages/server/src/api/routes/view.ts
+++ b/packages/server/src/api/routes/view.ts
@@ -1,7 +1,7 @@
 import Router from "@koa/router"
 import * as viewController from "../controllers/view"
 import * as rowController from "../controllers/row"
-import authorized from "../../middleware/authorized"
+import authorized, { authorizedResource } from "../../middleware/authorized"
 import { paramResource } from "../../middleware/resourceId"
 import { permissions } from "@budibase/backend-core"
 
@@ -10,10 +10,10 @@ const router: Router = new Router()
 router
   .get(
     "/api/v2/views/:viewId",
-    paramResource("viewId"),
-    authorized(
-      permissions.PermissionType.TABLE,
-      permissions.PermissionLevel.READ
+    authorizedResource(
+      permissions.PermissionType.VIEW,
+      permissions.PermissionLevel.READ,
+      "viewId"
     ),
     viewController.v2.get
   )