gistfile1.diff

diff --git a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/ash_scd_site.py b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/ash_scd_site.py
index b037c9bae..5659ac2ed 100644
--- a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/ash_scd_site.py
+++ b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/ash_scd_site.py
@@ -58,6 +58,7 @@ from .utils import check_user_permission
 class DownloadConsent(QueryEndpoint):
 
     site = "ash-scd-site"
+    access = "site-dashboard"
     name = "download-consent"
     content_type = "text/csv"
     query = """
diff --git a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
index b0ea4507b..89b8018ed 100644
--- a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
+++ b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
@@ -1,6 +1,7 @@
 from rex.core import cached
 from rex.db import get_db
 from rex.attach import upload
+from rex.site_feedback_portal import GetSite
 
 from .ash_scd.database import pscopg_db_execute
 
@@ -199,3 +200,24 @@ def check_user_permission(user, site, permission) -> bool:
         return True
     return False
 
+
+class CustomAuthorize(Authorize, GetSite):
+
+    def __call__(self, req):
+        remote_user, site = self.get_user_site(req)
+        if remote_user is None:
+            return False
+        if site is None:
+            return False
+        return check_user_permission(remote_user, site, self.access)
+
+
+class SiteDashabordAuthorize(CustomAuthorize):
+    access = 'site-dashboard'
+
+
+class DataSubmissionsAuthorize(CustomAuthorize):
+    access = 'data-submissions'
+
+
+# TODO: add more CustomAuthorize subclasses, one for each permission