add auth for reorder

src/OrderController.php

@@ -25,7 +25,7 @@ class OrderController
 
         $model = app('media-library-helpers')->get($parentModel);
         $model = $model::find($parentId);
-        $this->authorize('updateMedia', [$model, $collectionName]);
+        $this->authorize('listMedia', [$model, $collectionName]);
 
         Media::setNewOrder($request->order);
 

tests/Feature/ReorderTest.php

@@ -38,3 +38,16 @@ test('images should belong to same model', function () {
 
     $response->assertJsonValidationErrors('order');
 });
+
+test('it should authorize', function () {
+    $this->auth(['listMedia' => false])->registerModel();
+
+    $post = $this->newPost();
+    $media = $post->addMedia($this->pdfFile()->getPathname())->preservingOriginal()->toMediaCollection('images');
+
+    $response = $this->patchJson("/mediaupload/post/{$post->id}/images", [
+        'order' => [$media->id],
+    ]);
+
+    $response->assertStatus(403);
+});