diff --git a/src/MediaController.php b/src/MediaController.php index 525dc50..b10dabe 100644 --- a/src/MediaController.php +++ b/src/MediaController.php @@ -25,9 +25,9 @@ class MediaController ]); $model = $this->validateModel($request); - $this->authorize('storeMedia', $model); $collection = $model->getMediaCollection($request->input('collection')); $isSingle = 1 === $collection->collectionSizeLimit; + $this->authorize('storeMedia', [$model, $collection->name]); $request->validate($isSingle ? [ 'payload' => 'array', @@ -62,7 +62,7 @@ class MediaController public function update(Request $request, Media $media): MediaData { - $this->authorize('updateMedia', $media->model); + $this->authorize('updateMedia', [$media->model, $media->collection_name]); $rules = collect($media->model->getMediaCollection($media->collection_name)->runCallback('withPropertyValidation', $media->file_name)) ->mapWithKeys(fn ($rule, $key) => ["properties.{$key}" => $rule])->toArray(); @@ -78,7 +78,7 @@ class MediaController { $model = app('media-library-helpers')->get($parentModel); $model = $model::find($parentId); - $this->authorize('listMedia', $model); + $this->authorize('listMedia', [$model, $collectionName]); $collection = $model->getMediaCollection($collectionName); $isSingle = 1 === $collection->collectionSizeLimit; @@ -95,7 +95,7 @@ class MediaController public function destroy(Media $media, Request $request): JsonResponse { - $this->authorize('destroyMedia', $media->model); + $this->authorize('destroyMedia', [$media->model, $media->collection_name]); $media->delete(); return response()->json([]); diff --git a/tests/TestCase.php b/tests/TestCase.php index c64b6e4..976064f 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -74,7 +74,7 @@ class TestCase extends BaseTestCase ]; foreach ($policies as $ability => $result) { - Gate::define($ability, fn (?string $whatever) => $result); + Gate::define($ability, fn (?string $user, string $collectionName) => $result); } return $this;