diff --git a/backend/app/controllers/spree/admin/promotion_rules_controller.rb b/backend/app/controllers/spree/admin/promotion_rules_controller.rb
index 497b62d0aa0..1f7438f3288 100644
--- a/backend/app/controllers/spree/admin/promotion_rules_controller.rb
+++ b/backend/app/controllers/spree/admin/promotion_rules_controller.rb
@@ -35,6 +35,10 @@ def load_promotion
     @promotion = Spree::Promotion.find(params[:promotion_id])
   end
 
+  def model_class
+    Spree::PromotionRule
+  end
+
   def validate_promotion_rule_type
     requested_type = params[:promotion_rule].delete(:type)
     promotion_rule_types = Rails.application.config.spree.promotions.rules
diff --git a/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb b/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb
index 2db34b4a9d5..ee4d2966954 100644
--- a/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb
+++ b/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb
@@ -3,21 +3,34 @@
 require 'spec_helper'
 
 describe Spree::Admin::PromotionRulesController, type: :controller do
-  stub_authorization!
-
   let!(:promotion) { create(:promotion) }
 
-  it "can create a promotion rule of a valid type" do
-    post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" } }
-    expect(response).to be_redirect
-    expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
-    expect(promotion.rules.count).to eq(1)
+  context "when the user is authorized" do
+    stub_authorization! do |_u|
+      Spree::PermissionSets::PromotionManagement.new(self).activate!
+    end
+
+    it "can create a promotion rule of a valid type" do
+      post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" } }
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
+      expect(promotion.rules.count).to eq(1)
+    end
+
+    it "can not create a promotion rule of an invalid type" do
+      post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::InvalidType" } }
+      expect(response).to be_redirect
+      expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
+      expect(promotion.rules.count).to eq(0)
+    end
   end
 
-  it "can not create a promotion rule of an invalid type" do
-    post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::InvalidType" } }
-    expect(response).to be_redirect
-    expect(response).to redirect_to spree.edit_admin_promotion_path(promotion)
-    expect(promotion.rules.count).to eq(0)
+  context "when the user is not authorized" do
+    it "sets an error message and redirects the user" do
+      post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" } }
+
+      expect(flash[:error]).to eq("Authorization Failure")
+      expect(response).to redirect_to('/unauthorized')
+    end
   end
 end