From acba31d29da183d370667c8a4c366884ee74e7e6 Mon Sep 17 00:00:00 2001
From: mike12345567 <me@michaeldrury.co.uk>
Date: Fri, 26 Feb 2021 10:19:06 +0000
Subject: [PATCH] Fixing an issue discovered by test case.

---
 packages/server/src/utilities/security/permissions.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/server/src/utilities/security/permissions.js b/packages/server/src/utilities/security/permissions.js
index e6028ac2da..03fa5fa562 100644
--- a/packages/server/src/utilities/security/permissions.js
+++ b/packages/server/src/utilities/security/permissions.js
@@ -138,7 +138,7 @@ exports.doesHaveResourcePermission = (
 ) => {
   // set foundSub to not subResourceId, incase there is no subResource
   let foundMain = false,
-    foundSub = !subResourceId
+    foundSub = false
   for (let [resource, level] of Object.entries(permissions)) {
     const levels = getAllowedLevels(level)
     if (resource === resourceId && levels.indexOf(permLevel) !== -1) {