From ff3516ca4f2e28ca799401741802a1563f5d492e Mon Sep 17 00:00:00 2001 From: Philipp Lang Date: Mon, 13 Mar 2023 09:32:09 +0100 Subject: [PATCH] add auth for reorder --- src/OrderController.php | 2 +- tests/Feature/ReorderTest.php | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/OrderController.php b/src/OrderController.php index 212b43a..05a60c3 100644 --- a/src/OrderController.php +++ b/src/OrderController.php @@ -25,7 +25,7 @@ class OrderController $model = app('media-library-helpers')->get($parentModel); $model = $model::find($parentId); - $this->authorize('updateMedia', [$model, $collectionName]); + $this->authorize('listMedia', [$model, $collectionName]); Media::setNewOrder($request->order); diff --git a/tests/Feature/ReorderTest.php b/tests/Feature/ReorderTest.php index e1153fb..4338563 100644 --- a/tests/Feature/ReorderTest.php +++ b/tests/Feature/ReorderTest.php @@ -38,3 +38,16 @@ test('images should belong to same model', function () { $response->assertJsonValidationErrors('order'); }); + +test('it should authorize', function () { + $this->auth(['listMedia' => false])->registerModel(); + + $post = $this->newPost(); + $media = $post->addMedia($this->pdfFile()->getPathname())->preservingOriginal()->toMediaCollection('images'); + + $response = $this->patchJson("/mediaupload/post/{$post->id}/images", [ + 'order' => [$media->id], + ]); + + $response->assertStatus(403); +});