diff --git a/src/controllers/quotation-controller.ts b/src/controllers/quotation-controller.ts
index 658bae4..8f130c3 100644
--- a/src/controllers/quotation-controller.ts
+++ b/src/controllers/quotation-controller.ts
@@ -166,10 +166,9 @@ const MANAGE_ROLES = [
   "account",
 ];
 
-function globalAllow(roles?: string[]) {
-  return ["system", "head_of_admin", "admin", "branch_manager", "head_of_account"].some((v) =>
-    roles?.includes(v),
-  );
+function globalAllow(user: RequestWithUser["user"]) {
+  const allowList = ["system", "head_of_admin", "admin", "branch_manager", "head_of_account"];
+  return allowList.some((v) => user.roles?.includes(v));
 }
 
 @Route("/api/v1/quotation")