diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb
index 115727efd..824af74b9 100644
--- a/app/controllers/locations_controller.rb
+++ b/app/controllers/locations_controller.rb
@@ -8,11 +8,10 @@ class LocationsController < ApplicationController
   end
 
   def create
-    debugger
     @scheme = Scheme.find(params[:id])
     @location = Location.new(location_params)
     @location.save
-    render "schemes/check_answers"
+    redirect_to scheme_check_answers_path(scheme_id: @scheme.id)
   end
 
 private
diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb
index 5340e5357..3ba53c3e4 100644
--- a/spec/requests/locations_controller_spec.rb
+++ b/spec/requests/locations_controller_spec.rb
@@ -63,5 +63,19 @@ RSpec.describe LocationsController, type: :request do
         expect(response).to redirect_to("/account/sign-in")
       end
     end
+
+    context "when signed in as a data provider" do
+      let(:user) { FactoryBot.create(:user) }
+
+      before do
+        sign_in user
+        post "/schemes/1/location/create"
+      end
+
+      it "returns 401 unauthorized" do
+        request
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
   end
 end