diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/booking/BookingFlow.kt b/src/main/kotlin/com/android/trisolarisserver/controller/booking/BookingFlow.kt
index a9992c2..0249f0f 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/booking/BookingFlow.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/booking/BookingFlow.kt
@@ -674,7 +674,7 @@ class BookingFlow(
     }
 
     private fun requireActor(propertyId: UUID, principal: MyPrincipal?): com.android.trisolarisserver.models.property.AppUser {
-        val resolved = requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)
+        val resolved = requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.STAFF)
         return appUserRepo.findById(resolved.userId).orElseThrow {
             ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
         }