diff --git a/src/Http/Middleware/CP/Authorize.php b/src/Http/Middleware/CP/Authorize.php index 336acc232f..17d21efd29 100644 --- a/src/Http/Middleware/CP/Authorize.php +++ b/src/Http/Middleware/CP/Authorize.php @@ -18,7 +18,6 @@ public function handle($request, Closure $next) } if ($user->cant('access cp')) { - // dd('theres a user but they are unauthorized', $user); throw new AuthorizationException('Unauthorized.'); } diff --git a/src/Policies/AssetContainerPolicy.php b/src/Policies/AssetContainerPolicy.php index 2daa445538..06cca1bd0a 100644 --- a/src/Policies/AssetContainerPolicy.php +++ b/src/Policies/AssetContainerPolicy.php @@ -9,7 +9,12 @@ class AssetContainerPolicy { public function before($user, $ability) { - if (User::fromUser($user)->hasPermission('configure asset containers')) { + $user = User::fromUser($user); + + if ( + $user->isSuper() || + $user->hasPermission('configure asset containers') + ) { return true; } } diff --git a/src/Policies/AssetFolderPolicy.php b/src/Policies/AssetFolderPolicy.php index f977508f84..bd8b9dcd5a 100644 --- a/src/Policies/AssetFolderPolicy.php +++ b/src/Policies/AssetFolderPolicy.php @@ -8,6 +8,13 @@ class AssetFolderPolicy { + public function before($user) + { + if (User::fromUser($user)->isSuper()) { + return true; + } + } + public function create($user, $assetContainer) { $user = User::fromUser($user); diff --git a/src/Policies/AssetPolicy.php b/src/Policies/AssetPolicy.php index 2892deed26..3e4de51d87 100644 --- a/src/Policies/AssetPolicy.php +++ b/src/Policies/AssetPolicy.php @@ -10,7 +10,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure asset containers')) { + if ( + $user->isSuper() || + $user->hasPermission('configure asset containers') + ) { return true; } } diff --git a/src/Policies/CollectionPolicy.php b/src/Policies/CollectionPolicy.php index d17a9682ce..dfd8aa1c2d 100644 --- a/src/Policies/CollectionPolicy.php +++ b/src/Policies/CollectionPolicy.php @@ -13,7 +13,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure collections')) { + if ( + $user->isSuper() || + $user->hasPermission('configure collections') + ) { return true; } } diff --git a/src/Policies/EntryPolicy.php b/src/Policies/EntryPolicy.php index ba6f7ab9e5..073b4afec1 100644 --- a/src/Policies/EntryPolicy.php +++ b/src/Policies/EntryPolicy.php @@ -12,7 +12,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure collections')) { + if ( + $user->isSuper() || + $user->hasPermission('configure collections') + ) { return true; } } diff --git a/src/Policies/FieldsetPolicy.php b/src/Policies/FieldsetPolicy.php index dcdc22d050..4bf6ee807e 100644 --- a/src/Policies/FieldsetPolicy.php +++ b/src/Policies/FieldsetPolicy.php @@ -10,7 +10,10 @@ public function before($user, $ability, $fieldset) { $user = User::fromUser($user); - if ($user->hasPermission('configure fields')) { + if ( + $user->isSuper() || + $user->hasPermission('configure fields') + ) { return true; } } diff --git a/src/Policies/FormPolicy.php b/src/Policies/FormPolicy.php index 13358aba18..e75a6e6d86 100644 --- a/src/Policies/FormPolicy.php +++ b/src/Policies/FormPolicy.php @@ -11,7 +11,10 @@ public function before($user, $ability) { $user = User::fromUser($user); - if ($user->hasPermission('configure forms')) { + if ( + $user->isSuper() || + $user->hasPermission('configure forms') + ) { return true; } } diff --git a/src/Policies/FormSubmissionPolicy.php b/src/Policies/FormSubmissionPolicy.php index e5d4e7b318..2624b56a9d 100644 --- a/src/Policies/FormSubmissionPolicy.php +++ b/src/Policies/FormSubmissionPolicy.php @@ -10,7 +10,10 @@ public function before($user, $ability) { $user = User::fromUser($user); - if ($user->hasPermission('configure forms')) { + if ( + $user->isSuper() || + $user->hasPermission('configure forms') + ) { return true; } } diff --git a/src/Policies/GlobalSetPolicy.php b/src/Policies/GlobalSetPolicy.php index 6f48eb36b4..2417dd553f 100644 --- a/src/Policies/GlobalSetPolicy.php +++ b/src/Policies/GlobalSetPolicy.php @@ -13,7 +13,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure globals')) { + if ( + $user->isSuper() || + $user->hasPermission('configure globals') + ) { return true; } } diff --git a/src/Policies/NavPolicy.php b/src/Policies/NavPolicy.php index 9b63a6ad26..8f939ebadc 100644 --- a/src/Policies/NavPolicy.php +++ b/src/Policies/NavPolicy.php @@ -13,7 +13,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure navs')) { + if ( + $user->isSuper() || + $user->hasPermission('configure navs') + ) { return true; } } diff --git a/src/Policies/NavTreePolicy.php b/src/Policies/NavTreePolicy.php index 2caa568e0a..1fbdfc8dce 100644 --- a/src/Policies/NavTreePolicy.php +++ b/src/Policies/NavTreePolicy.php @@ -8,6 +8,13 @@ class NavTreePolicy extends NavPolicy { use Concerns\HasMultisitePolicy; + public function before($user) + { + if (User::fromUser($user)->isSuper()) { + return true; + } + } + public function view($user, $nav) { $user = User::fromUser($user); diff --git a/src/Policies/SitePolicy.php b/src/Policies/SitePolicy.php index 5981a5c2e9..61cab2040b 100644 --- a/src/Policies/SitePolicy.php +++ b/src/Policies/SitePolicy.php @@ -7,6 +7,13 @@ class SitePolicy { + public function before($user) + { + if (User::fromUser($user)->isSuper()) { + return true; + } + } + public function view($user, $site) { if (! Site::multiEnabled()) { diff --git a/src/Policies/TaxonomyPolicy.php b/src/Policies/TaxonomyPolicy.php index ed91bd4c8b..db345ee857 100644 --- a/src/Policies/TaxonomyPolicy.php +++ b/src/Policies/TaxonomyPolicy.php @@ -13,7 +13,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure taxonomies')) { + if ( + $user->isSuper() || + $user->hasPermission('configure taxonomies') + ) { return true; } } diff --git a/src/Policies/TermPolicy.php b/src/Policies/TermPolicy.php index b823b87743..f3fedceff9 100644 --- a/src/Policies/TermPolicy.php +++ b/src/Policies/TermPolicy.php @@ -12,7 +12,10 @@ public function before($user) { $user = User::fromUser($user); - if ($user->hasPermission('configure taxonomies')) { + if ( + $user->isSuper() || + $user->hasPermission('configure taxonomies') + ) { return true; } } diff --git a/src/Policies/UserPolicy.php b/src/Policies/UserPolicy.php index 3bf5380ba1..c691d2256b 100644 --- a/src/Policies/UserPolicy.php +++ b/src/Policies/UserPolicy.php @@ -6,6 +6,13 @@ class UserPolicy { + public function before($user) + { + if (User::fromUser($user)->isSuper()) { + return true; + } + } + public function index($authed) { $authed = User::fromUser($authed); diff --git a/src/Providers/AuthServiceProvider.php b/src/Providers/AuthServiceProvider.php index c37bb1b03a..ac60de55f1 100755 --- a/src/Providers/AuthServiceProvider.php +++ b/src/Providers/AuthServiceProvider.php @@ -14,6 +14,7 @@ use Statamic\Contracts\Auth\RoleRepository; use Statamic\Contracts\Auth\UserGroupRepository; use Statamic\Contracts\Auth\UserRepository; +use Statamic\Facades\Permission; use Statamic\Facades\User; use Statamic\Policies; @@ -84,7 +85,13 @@ public function boot() }); Gate::before(function ($user, $ability) { - return optional(User::fromUser($user))->isSuper() ? true : null; + Permission::boot(); + + $isStatamicPermission = Permission::all()->first(fn ($permission) => $permission->value() === $ability); + + if ($isStatamicPermission) { + return optional(User::fromUser($user))->isSuper() ? true : null; + } }); Gate::after(function ($user, $ability) { diff --git a/tests/CP/Navigation/ActiveNavItemTest.php b/tests/CP/Navigation/ActiveNavItemTest.php index 5f344c902c..779da8e24b 100644 --- a/tests/CP/Navigation/ActiveNavItemTest.php +++ b/tests/CP/Navigation/ActiveNavItemTest.php @@ -218,6 +218,9 @@ public function it_resolves_core_children_closure_and_can_check_when_parent_and_ #[Test] public function it_can_check_if_parent_extension_with_array_based_children_item_is_active() { + Facades\Permission::register('view seo reports'); + Facades\Permission::register('edit seo section defaults'); + Facades\CP\Nav::extend(function ($nav) { $nav->tools('SEO Pro') ->url('/cp/seo-pro') @@ -243,6 +246,9 @@ public function it_can_check_if_parent_extension_with_array_based_children_item_ #[Test] public function it_can_check_when_parent_and_array_based_child_extension_items_are_active() { + Facades\Permission::register('view seo reports'); + Facades\Permission::register('edit seo section defaults'); + Facades\CP\Nav::extend(function ($nav) { $nav->tools('SEO Pro') ->url('/cp/seo-pro') @@ -268,6 +274,9 @@ public function it_can_check_when_parent_and_array_based_child_extension_items_a #[Test] public function it_can_check_when_parent_and_array_based_descendant_of_child_extension_item_is_active() { + Facades\Permission::register('view seo reports'); + Facades\Permission::register('edit seo section defaults'); + Facades\CP\Nav::extend(function ($nav) { $nav->tools('SEO Pro') ->url('/cp/seo-pro') @@ -319,6 +328,9 @@ public function it_builds_extension_children_closure_when_not_active() #[Test] public function it_resolves_extension_children_closure_and_can_check_when_parent_item_is_active() { + Facades\Permission::register('view seo reports'); + Facades\Permission::register('edit seo section defaults'); + Facades\CP\Nav::extend(function ($nav) { $nav->tools('SEO Pro') ->url('/cp/seo-pro') @@ -346,6 +358,9 @@ public function it_resolves_extension_children_closure_and_can_check_when_parent #[Test] public function it_resolves_extension_children_closure_and_can_check_when_parent_and_child_item_are_active() { + Facades\Permission::register('view seo reports'); + Facades\Permission::register('edit seo section defaults'); + Facades\CP\Nav::extend(function ($nav) { $nav->tools('SEO Pro') ->url('/cp/seo-pro') @@ -373,6 +388,9 @@ public function it_resolves_extension_children_closure_and_can_check_when_parent #[Test] public function it_resolves_extension_children_closure_and_can_check_when_parent_and_descendant_of_child_item_is_active() { + Facades\Permission::register('view seo reports'); + Facades\Permission::register('edit seo section defaults'); + Facades\CP\Nav::extend(function ($nav) { $nav->tools('SEO Pro') ->url('/cp/seo-pro') diff --git a/tests/CP/Navigation/NavTest.php b/tests/CP/Navigation/NavTest.php index 91834f1d86..72b8ba48df 100644 --- a/tests/CP/Navigation/NavTest.php +++ b/tests/CP/Navigation/NavTest.php @@ -73,12 +73,14 @@ public function it_can_create_a_nav_item_with_a_more_custom_config() { $this->actingAs(tap(User::make()->makeSuper())->save()); + Facades\Permission::register('view droids'); + Nav::droids('C-3PO') ->id('some::custom::id') ->active('threepio*') ->url('/human-cyborg-relations') ->view('cp.nav.importer') - ->can('index', 'DroidsClass') + ->can('view droids') ->attributes(['target' => '_blank', 'class' => 'red']); $item = $this->build()->get('Droids')->first(); @@ -89,8 +91,7 @@ public function it_can_create_a_nav_item_with_a_more_custom_config() $this->assertEquals('http://localhost/human-cyborg-relations', $item->url()); $this->assertEquals('cp.nav.importer', $item->view()); $this->assertEquals('threepio*', $item->active()); - $this->assertEquals('index', $item->authorization()->ability); - $this->assertEquals('DroidsClass', $item->authorization()->arguments); + $this->assertEquals('view droids', $item->authorization()->ability); $this->assertEquals(' target="_blank" class="red"', $item->attributes()); }