From 9a62d8c0be3e3845ed77c5678cd8751379d90694 Mon Sep 17 00:00:00 2001
From: himeshr <himeshl@samanvayfoundation.org>
Date: Thu, 16 May 2024 12:55:39 +0530
Subject: [PATCH] #727 | Use appropriate privilege check that works for
 rule-server upload-user as well

---
 .../src/main/java/org/avni/server/web/ImportController.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/avni-server-api/src/main/java/org/avni/server/web/ImportController.java b/avni-server-api/src/main/java/org/avni/server/web/ImportController.java
index 8a4ac6621..1a97bbb33 100644
--- a/avni-server-api/src/main/java/org/avni/server/web/ImportController.java
+++ b/avni-server-api/src/main/java/org/avni/server/web/ImportController.java
@@ -172,7 +172,7 @@ public JsonObject uploadMedia(@RequestParam("url") String url,
     public JsonObject getSubjectOrLocationObsValue(@RequestParam("type") String type,
                                                    @RequestParam("ids") String ids,
                                                    @RequestParam("formElementUuid") String formElementUuid) {
-        accessControlService.checkPrivilege(PrivilegeType.Analytics);
+        accessControlService.checkPrivilege(PrivilegeType.UploadMetadataAndData);
         FormElement formElement = formElementRepository.findByUuid(formElementUuid);
         JsonObject response = new JsonObject();
         if (ConceptDataType.Location.toString().equals(type)) {