add auth for reorder

This commit is contained in:
Philipp Lang 2023-03-13 09:32:09 +01:00
parent c24c32afd3
commit ff3516ca4f
2 changed files with 14 additions and 1 deletions

View File

@ -25,7 +25,7 @@ class OrderController
$model = app('media-library-helpers')->get($parentModel); $model = app('media-library-helpers')->get($parentModel);
$model = $model::find($parentId); $model = $model::find($parentId);
$this->authorize('updateMedia', [$model, $collectionName]); $this->authorize('listMedia', [$model, $collectionName]);
Media::setNewOrder($request->order); Media::setNewOrder($request->order);

View File

@ -38,3 +38,16 @@ test('images should belong to same model', function () {
$response->assertJsonValidationErrors('order'); $response->assertJsonValidationErrors('order');
}); });
test('it should authorize', function () {
$this->auth(['listMedia' => false])->registerModel();
$post = $this->newPost();
$media = $post->addMedia($this->pdfFile()->getPathname())->preservingOriginal()->toMediaCollection('images');
$response = $this->patchJson("/mediaupload/post/{$post->id}/images", [
'order' => [$media->id],
]);
$response->assertStatus(403);
});