diff --git a/atst/routes/portfolios/task_orders.py b/atst/routes/portfolios/task_orders.py
index f9ef106f..d5278ec6 100644
--- a/atst/routes/portfolios/task_orders.py
+++ b/atst/routes/portfolios/task_orders.py
@@ -68,6 +68,7 @@ def view_task_order(portfolio_id, task_order_id):
         portfolio=portfolio,
         task_order=task_order,
         all_sections_complete=completed,
+        user=g.current_user,
     )
 
 
@@ -75,6 +76,7 @@ def view_task_order(portfolio_id, task_order_id):
 def ko_review(portfolio_id, task_order_id):
     task_order = TaskOrders.get(g.current_user, task_order_id)
     portfolio = Portfolios.get(g.current_user, portfolio_id)
+
     Authorization.check_is_ko(g.current_user, task_order)
     return render_template(
         "/portfolios/task_orders/review.html",
@@ -89,9 +91,10 @@ def ko_review(portfolio_id, task_order_id):
 )
 def submit_ko_review(portfolio_id, task_order_id, form=None):
     task_order = TaskOrders.get(g.current_user, task_order_id)
-    Authorization.check_is_ko(g.current_user, task_order)
-    form = KOReviewForm(http_request.form)
+    form_data = {**http_request.form, **http_request.files}
+    form = KOReviewForm(form_data)
 
+    Authorization.check_is_ko(g.current_user, task_order)
     if form.validate():
         TaskOrders.update(user=g.current_user, task_order=task_order, **form.data)
         return redirect(
diff --git a/templates/portfolios/task_orders/show.html b/templates/portfolios/task_orders/show.html
index a75a1836..54787e00 100644
--- a/templates/portfolios/task_orders/show.html
+++ b/templates/portfolios/task_orders/show.html
@@ -92,8 +92,17 @@
           link_text="edit",
           complete=all_sections_complete) %}
           <div class="task-order-next-steps__action col">
+            {% if user == task_order.contracting_officer %}
+              {% set url=url_for("portfolios.ko_review", portfolio_id=portfolio.id, task_order_id=task_order.id) %}
+            {% elif user == task_order.creator or user == task_order.contracting_officer_representative %}
+              {% set url = url_for("task_orders.new", screen=1, task_order_id=task_order.id) %}
+            {% else %}
+              {% set url = url_for("portfolios.ko_review", portfolio_id=portfolio.id, task_order_id=task_order.id) %}
+            {% endif %}
+            <p>creator: {{task_order.creator.full_name}}</p>
+            <p>cor: {{task_order.contracting_officer_representative.full_name}}</p>
             <a
-              href="{{ url_for("portfolios.ko_review", portfolio_id=portfolio.id, task_order_id=task_order.id) }}"
+              href="{{ url }}"
               class="usa-button usa-button-primary">
                 Edit
             </a>
diff --git a/tests/routes/portfolios/test_task_orders.py b/tests/routes/portfolios/test_task_orders.py
index 48d4aa21..0501d9a6 100644
--- a/tests/routes/portfolios/test_task_orders.py
+++ b/tests/routes/portfolios/test_task_orders.py
@@ -172,3 +172,33 @@ def test_ko_can_view_ko_review_page(client, user_session):
         )
     )
     assert response.status_code == 200
+
+
+def test_mo_redirected_to_build_page(client, user_session):
+    portfolio = PortfolioFactory.create()
+    user_session(portfolio.owner)
+    task_order = TaskOrderFactory.create(portfolio=portfolio)
+
+    response = client.get(
+        url_for("task_orders.new", screen=1, task_order_id=task_order.id)
+    )
+    assert response.status_code == 200
+
+
+def test_cor_redirected_to_build_page(client, user_session):
+    portfolio = PortfolioFactory.create()
+    cor = UserFactory.create()
+    PortfolioRoleFactory.create(
+        role=Roles.get("officer"),
+        portfolio=portfolio,
+        user=cor,
+        status=PortfolioStatus.ACTIVE,
+    )
+    task_order = TaskOrderFactory.create(
+        portfolio=portfolio, contracting_officer_representative=cor
+    )
+    user_session(cor)
+    response = client.get(
+        url_for("task_orders.new", screen=1, task_order_id=task_order.id)
+    )
+    assert response.status_code == 200