From 8052c0c0dd082dfcfba3954467c7efa8b21349f4 Mon Sep 17 00:00:00 2001
From: Aleksandr Tereshchenko <aleksandr.tereshchenko@helsinki.fi>
Date: Thu, 12 Dec 2024 15:47:05 +0200
Subject: [PATCH] Allow all program managers to change status from planning to
 started

---
 src/client/components/ThesisPage/ThesisEditForm.tsx |  2 +-
 src/server/middleware/authorizeStatusChange.ts      | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/client/components/ThesisPage/ThesisEditForm.tsx b/src/client/components/ThesisPage/ThesisEditForm.tsx
index 6fbb4a0..272a623 100644
--- a/src/client/components/ThesisPage/ThesisEditForm.tsx
+++ b/src/client/components/ThesisPage/ThesisEditForm.tsx
@@ -407,7 +407,7 @@ const ThesisEditForm: FC<{
                 disabled={
                   initialThesis.status === 'PLANNING' &&
                   !user.isAdmin &&
-                  !user.approvableProgramIds?.includes(editedThesis.programId)
+                  !user.managedProgramIds?.includes(editedThesis.programId)
                 }
                 value={editedThesis.status}
                 label={t('statusHeader')}
diff --git a/src/server/middleware/authorizeStatusChange.ts b/src/server/middleware/authorizeStatusChange.ts
index 365710d..f769624 100644
--- a/src/server/middleware/authorizeStatusChange.ts
+++ b/src/server/middleware/authorizeStatusChange.ts
@@ -54,17 +54,17 @@ export const authorizeStatusChange = async (
   // and the user is trying to update it
   // to something else than PLANNING,
   // then we need to check permissions i.e.
-  // only allow it if the user is an approver-program-manager
-  const programsWhereUserIsApprover = await ProgramManagement.findAll({
+  // only allow it if the user is a-program-manager
+  const programsWhereUserIsManager = await ProgramManagement.findAll({
     attributes: ['programId'],
-    where: { userId: actionUser.id, isThesisApprover: true },
+    where: { userId: actionUser.id },
   })
-  const programIdsWhereUserIsApprover = programsWhereUserIsApprover.map(
+  const programIdsWhereUserIsManager = programsWhereUserIsManager.map(
     (program) => program.programId
   )
 
-  if (!programIdsWhereUserIsApprover.includes(req.body.programId)) {
-    // if the user is not an approver-program-manager and the status
+  if (!programIdsWhereUserIsManager.includes(req.body.programId)) {
+    // if the user is not a program-manager and the status
     // is changed or the thesis a new one throw an Authorization error
     if (!thesis || thesis.status !== req.body.status) {
       throw new CustomAuthorizationError(