d1d71f0044
We were adding the condition to show the form in the view. However, that doesn't prevent users from sending a POST/PUT request to the controller action. We could add the condition to the controller as well, but since the `valuate` permission is only used in one place, it's easier to restrict that permission to valuators who can edit the dossier.