diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb
index 53874988c..5d76e5362 100644
--- a/app/controllers/locations_controller.rb
+++ b/app/controllers/locations_controller.rb
@@ -54,7 +54,7 @@ private
   end
 
   def authenticate_action!
-    if %w[details edit update].include?(action_name) && !((current_user.organisation == @scheme.organisation) || current_user.support?)
+    if %w[new edit update].include?(action_name) && !((current_user.organisation == @scheme.organisation) || current_user.support?)
       render_not_found and return
     end
   end
diff --git a/app/controllers/schemes_controller.rb b/app/controllers/schemes_controller.rb
index b79316f02..c6e18db29 100644
--- a/app/controllers/schemes_controller.rb
+++ b/app/controllers/schemes_controller.rb
@@ -20,12 +20,6 @@ class SchemesController < ApplicationController
     @scheme = Scheme.find_by(id: params[:id])
   end
 
-  def locations
-    @scheme = Scheme.find_by(id: params[:id])
-    @pagy, @locations = pagy(@scheme.locations)
-    @total_count = @scheme.locations.size
-  end
-
   def new
     @scheme = Scheme.new
   end
diff --git a/spec/requests/locations_controller_spec.rb b/spec/requests/locations_controller_spec.rb
index b48df1448..5097f7607 100644
--- a/spec/requests/locations_controller_spec.rb
+++ b/spec/requests/locations_controller_spec.rb
@@ -8,7 +8,7 @@ RSpec.describe LocationsController, type: :request do
   describe "#new" do
     context "when not signed in" do
       it "redirects to the sign in page" do
-        get "/schemes/1/location/new"
+        get "/schemes/1/locations/new"
         expect(response).to redirect_to("/account/sign-in")
       end
     end
@@ -18,7 +18,7 @@ RSpec.describe LocationsController, type: :request do
 
       before do
         sign_in user
-        get "/schemes/1/location/new"
+        get "/schemes/1/locations/new"
       end
 
       it "returns 401 unauthorized" do
@@ -33,7 +33,7 @@ RSpec.describe LocationsController, type: :request do
 
       before do
         sign_in user
-        get "/schemes/#{scheme.id}/location/new"
+        get "/schemes/#{scheme.id}/locations/new"
       end
 
       it "returns a template for a new location" do
@@ -45,7 +45,7 @@ RSpec.describe LocationsController, type: :request do
         let(:another_scheme)  { FactoryBot.create(:scheme) }
 
         it "displays the new page with an error message" do
-          get "/schemes/#{another_scheme.id}/location/new"
+          get "/schemes/#{another_scheme.id}/locations/new"
           expect(response).to have_http_status(:not_found)
         end
       end
@@ -55,7 +55,7 @@ RSpec.describe LocationsController, type: :request do
       before do
         allow(user).to receive(:need_two_factor_authentication?).and_return(false)
         sign_in user
-        get "/schemes/#{scheme.id}/location/new"
+        get "/schemes/#{scheme.id}/locations/new"
       end
 
       it "returns a template for a new location" do