diff --git a/packages/component-manuscript-manager/src/routes/fragmentsRecommendations/patch.js b/packages/component-manuscript-manager/src/routes/fragmentsRecommendations/patch.js
index cda67212c7da2f4733b359596820d85974ef9e68..e2dfc1a65d31c017ae83256f76fc3366ea4aade0 100644
--- a/packages/component-manuscript-manager/src/routes/fragmentsRecommendations/patch.js
+++ b/packages/component-manuscript-manager/src/routes/fragmentsRecommendations/patch.js
@@ -29,12 +29,8 @@ module.exports = models => async (req, res) => {
       })
 
     const authsome = authsomeHelper.getAuthsome(models)
-    const authsomeObject =
-      recommendation.recommendationType === 'editorRecommendation'
-        ? collection
-        : fragment
     const target = {
-      authsomeObject,
+      fragment,
       path: req.route.path,
     }
     const canPatch = await authsome.can(req.user, 'PATCH', target)
diff --git a/packages/component-manuscript/src/components/utils.js b/packages/component-manuscript/src/components/utils.js
index d9785efb43eeaa1501c8f74b40d292c0d308a4c0..47c080f7ea60b9ea2b4bc412f01c06a36bdc17e8 100644
--- a/packages/component-manuscript/src/components/utils.js
+++ b/packages/component-manuscript/src/components/utils.js
@@ -139,7 +139,6 @@ const onChange = (
 ) => {
   const newValues = parseReviewRequest(values)
   const prevValues = parseReviewRequest(previousValues)
-
   if (!isEqual(newValues, prevValues)) {
     dispatch(autosaveRequest())
     if (newValues.id) {
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 8da1d852cd52e880cc08fa36c731237a78592234..de9c03f99be041add6cbe27f152f5d430dc7dd41 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -201,7 +201,7 @@ async function authenticatedUser(user, operation, object, context) {
     // allow reviewer to patch his recommendation
     if (
       get(object, 'path') ===
-      '/api/collections/:collectionId/fragments/:fragmentId/recommendations'
+      '/api/collections/:collectionId/fragments/:fragmentId/recommendations/:recommendationId'
     ) {
       return helpers.hasPermissionForObject({
         user,