diff --git a/routes/routes.go b/routes/routes.go
index 2431c6a..0ada8f1 100644
--- a/routes/routes.go
+++ b/routes/routes.go
@@ -12,6 +12,7 @@ import (
"git.marketally.com/gitcaddy/gitcaddy-vault/models"
"git.marketally.com/gitcaddy/gitcaddy-vault/services"
+ "code.gitcaddy.com/server/v3/models/perm"
"code.gitcaddy.com/server/v3/models/unit"
"code.gitcaddy.com/server/v3/modules/log"
"code.gitcaddy.com/server/v3/modules/templates"
@@ -915,9 +916,16 @@ func webListSecrets(lic *license.Manager) http.HandlerFunc {
ctx.Data["Secrets"] = secrets
ctx.Data["IncludeDeleted"] = includeDeleted
- ctx.Data["ShowDeleted"] = ctx.Repo.IsAdmin()
- ctx.Data["CanWrite"] = ctx.Repo.CanWrite(unit.TypeCode)
- ctx.Data["IsRepoAdmin"] = ctx.Repo.IsAdmin()
+
+ // Check permissions - use multiple fallbacks for team-based access
+ isOwner := ctx.Repo.Repository.OwnerID == ctx.Doer.ID
+ hasWriteAccess := ctx.Repo.CanWrite(unit.TypeCode)
+ isAdmin := ctx.Repo.IsAdmin()
+ hasAccess := ctx.Repo.AccessMode >= perm.AccessModeWrite
+
+ ctx.Data["ShowDeleted"] = isAdmin || isOwner || hasAccess
+ ctx.Data["CanWrite"] = hasWriteAccess || isOwner || hasAccess
+ ctx.Data["IsRepoAdmin"] = isAdmin || isOwner || hasAccess
// License info for display
licInfo := lic.Info()
diff --git a/templates/repo/vault/navbar.tmpl b/templates/repo/vault/navbar.tmpl
index 581284b..7c99a9c 100644
--- a/templates/repo/vault/navbar.tmpl
+++ b/templates/repo/vault/navbar.tmpl
@@ -6,7 +6,7 @@
{{svg "octicon-lock" 16}} {{ctx.Locale.Tr "vault.secrets"}}
- {{if .IsRepoAdmin}}
+ {{if or .CanWrite .IsRepoAdmin}}
{{svg "octicon-log" 16}} {{ctx.Locale.Tr "vault.audit"}}