ZupIT · wiliansilvazup · Oct 15, 2020 · Oct 14, 2020 · Oct 14, 2020 · Oct 14, 2020
diff --git a/README.md b/README.md
@@ -24,6 +24,8 @@ Currently, performance analysis consists of:
 
 You can see more details about the horusec <a href="assets/horusec-complete-architecture.jpg">/assets/horusec-complete-architecture.jpg</a>
 
+### For more details see our [DOCUMENTATION](https://zup-products.gitbook.io/horusec)
+
 ## Project roadmap
 
 We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.

diff --git a/development-kit/pkg/services/middlewares/repository_authz.go b/development-kit/pkg/services/middlewares/repository_authz.go
@@ -110,8 +110,13 @@ func (rm *repositoryAuthzMiddleware) IsRepositorySupervisor(next http.Handler) h
 		repositoryID, _ := uuid.Parse(chi.URLParam(r, "repositoryID"))
 		accountRepository, err := rm.repoAccountRepository.GetAccountRepository(accountID, repositoryID)
 		if err != nil || accountRepository.Role != accountEnums.Supervisor && accountRepository.Role != accountEnums.Admin {
-			httpUtil.StatusForbidden(w, errors.ErrorUnauthorized)
-			return
+			companyID, _ := uuid.Parse(chi.URLParam(r, "companyID"))
+			accountCompany, errCompany := rm.repositoryRepo.GetAccountCompanyRole(accountID, companyID)
+
+			if errCompany != nil || accountCompany.Role != accountEnums.Admin {
+				httpUtil.StatusForbidden(w, errors.ErrorUnauthorized)
+				return
+			}
 		}
 		next.ServeHTTP(w, r)
 	})