From 71554e40e7ff6abd1b3c6a69632686ac5ab3c6c6 Mon Sep 17 00:00:00 2001
From: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
Date: Tue, 4 Feb 2025 20:34:00 -0700
Subject: [PATCH] fix

Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
---
 internal/ent/hooks/objectownedtuples.go | 6 ++++--
 internal/graphapi/control_test.go       | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/internal/ent/hooks/objectownedtuples.go b/internal/ent/hooks/objectownedtuples.go
index 79be729c..1004ed40 100644
--- a/internal/ent/hooks/objectownedtuples.go
+++ b/internal/ent/hooks/objectownedtuples.go
@@ -332,8 +332,10 @@ func HookRelationTuples(objects map[string]string, relation fgax.Relation) ent.H
 // using the tuple structs that are about to be written
 func checkAccessToObjectsFromTuples(ctx context.Context, m ent.Mutation, tuples []fgax.TupleKey) error {
 	for _, tuple := range tuples {
-		objectID := tuple.Object.Identifier
-		objectType := string(tuple.Object.Kind)
+		// subject is the group that the permissions are being added to
+		// this is the reverse edge
+		objectID := tuple.Subject.Identifier
+		objectType := string(tuple.Subject.Kind)
 
 		if _, allow := privacy.DecisionFromContext(ctx); allow {
 			return nil
diff --git a/internal/graphapi/control_test.go b/internal/graphapi/control_test.go
index ccd6746f..06d75c98 100644
--- a/internal/graphapi/control_test.go
+++ b/internal/graphapi/control_test.go
@@ -217,7 +217,7 @@ func (suite *GraphTestSuite) TestMutationCreateControl() {
 		{
 			name: "add groups",
 			request: openlaneclient.CreateControlInput{
-				Name:            "Test Procedure",
+				Name:            "Test Control CC1.2",
 				EditorIDs:       []string{testUser1.GroupID},
 				BlockedGroupIDs: []string{blockedGroup.ID},
 				ViewerIDs:       []string{viewerGroup.ID},