rubyforgood · maebeale · May 15, 2026
diff --git a/app/policies/person_policy.rb b/app/policies/person_policy.rb
@@ -2,7 +2,7 @@ class PersonPolicy < ApplicationPolicy
   # See https://actionpolicy.evilmartians.io/#/writing_policies
 
   def index?
-    admin?
+    authenticated?
   end
 
   def show?
@@ -26,7 +26,7 @@ def destroy?
   end
 
   def search?
-    admin?
+    authenticated?
   end
 
   # Scoping

diff --git a/spec/policies/person_policy_spec.rb b/spec/policies/person_policy_spec.rb
@@ -23,7 +23,7 @@ def policy_for(record: nil, user:)
     context "with regular user" do
       subject { policy_for(user: regular_user) }
 
-      it { is_expected.not_to be_allowed_to(:index?) }
+      it { is_expected.to be_allowed_to(:index?) }
     end
 
     context "with no user" do

diff --git a/spec/requests/people_authorization_spec.rb b/spec/requests/people_authorization_spec.rb
@@ -16,9 +16,9 @@
     context "as a regular user" do
       before { sign_in regular_user }
 
-      it "redirects to root" do
+      it "renders successfully" do
         get people_path
-        expect(response).to redirect_to(root_path)
+        expect(response).to have_http_status(:ok)
       end
     end