From 162aa90114b63931694844ceb8cdca9d062f6db8 Mon Sep 17 00:00:00 2001
From: Cian Hughes <chughes000@gmail.com>
Date: Mon, 17 Feb 2025 13:47:44 +0000
Subject: [PATCH] Added `AuthenticatedUser` to allow list for `can_create`
 permission

---
 invenio.cfg | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/invenio.cfg b/invenio.cfg
index bfcbdb8..3e6bae1 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -59,6 +59,7 @@ from invenio_rdm_records.services.generators import (
 )
 from invenio_rdm_records.services.permissions import RDMRecordPermissionPolicy
 from invenio_records_permissions.generators import (
+    AuthenticatedUser,
     Disable,
     IfConfig,
     SystemProcess,
@@ -730,7 +731,7 @@ class InvenioRDMStarterRecordPermissionPolicy(RDMRecordPermissionPolicy):
     # Used for search filtering of deleted records
     # cannot be implemented inside can_read - otherwise permission will
     # kick in before tombstone renders
-    can_create = [SystemProcess()]
+    can_create = [AuthenticatedUser(), SystemProcess()]
     can_read_deleted = [SystemProcess()]
     can_read_deleted_files = can_read_deleted
     can_media_read_deleted_files = can_read_deleted_files