diff --git a/Filter/CollaboratorFilter.cs b/Filter/CollaboratorFilter.cs
index f73196e..c68f4f1 100644
--- a/Filter/CollaboratorFilter.cs
+++ b/Filter/CollaboratorFilter.cs
@@ -17,6 +17,7 @@ namespace CarCareTracker.Filter
         }
         public override void OnActionExecuting(ActionExecutingContext filterContext)
         {
+            var shopSupplyEndpoints = new List<string> { "ImportToVehicleIdFromCsv", "GetSupplyRecordsByVehicleId", "ExportFromVehicleToCsv" };
             if (!filterContext.HttpContext.User.IsInRole(nameof(UserData.IsRootUser)))
             {
                 var vehicleId = int.Parse(filterContext.ActionArguments["vehicleId"].ToString());
@@ -27,11 +28,11 @@ namespace CarCareTracker.Filter
                     {
                         filterContext.Result = new RedirectResult("/Error/Unauthorized");
                     }
-                } else if (filterContext.RouteData.Values["action"].ToString() == "GetSupplyRecordsByVehicleId" && !_config.GetServerEnableShopSupplies())
+                } else if (shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()) && !_config.GetServerEnableShopSupplies())
                 {
                     //user trying to access shop supplies but shop supplies is not enabled by root user.
                     filterContext.Result = new RedirectResult("/Error/Unauthorized");
-                } else if (filterContext.RouteData.Values["action"].ToString() != "GetSupplyRecordsByVehicleId")
+                } else if (!shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()))
                 {
                     //user trying to access any other endpoints using 0 as vehicle id.
                     filterContext.Result = new RedirectResult("/Error/Unauthorized");