statamic · duncanmcclean · Feb 28, 2025 · Feb 28, 2025 · Feb 28, 2025 · Feb 28, 2025
diff --git a/src/Http/Middleware/CP/Authorize.php b/src/Http/Middleware/CP/Authorize.php
@@ -18,7 +18,6 @@ public function handle($request, Closure $next)
         }
 
         if ($user->cant('access cp')) {
-            // dd('theres a user but they are unauthorized', $user);
             throw new AuthorizationException('Unauthorized.');
         }
 

diff --git a/src/Policies/AssetContainerPolicy.php b/src/Policies/AssetContainerPolicy.php
@@ -9,7 +9,12 @@ class AssetContainerPolicy
 {
     public function before($user, $ability)
     {
-        if (User::fromUser($user)->hasPermission('configure asset containers')) {
+        $user = User::fromUser($user);
+
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure asset containers')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/AssetFolderPolicy.php b/src/Policies/AssetFolderPolicy.php
@@ -8,6 +8,13 @@
 
 class AssetFolderPolicy
 {
+    public function before($user)
+    {
+        if (User::fromUser($user)->isSuper()) {
+            return true;
+        }
+    }
+
     public function create($user, $assetContainer)
     {
         $user = User::fromUser($user);

diff --git a/src/Policies/AssetPolicy.php b/src/Policies/AssetPolicy.php
@@ -10,7 +10,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure asset containers')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure asset containers')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/CollectionPolicy.php b/src/Policies/CollectionPolicy.php
@@ -13,7 +13,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure collections')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure collections')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/EntryPolicy.php b/src/Policies/EntryPolicy.php
@@ -12,7 +12,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure collections')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure collections')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/FieldsetPolicy.php b/src/Policies/FieldsetPolicy.php
@@ -10,7 +10,10 @@ public function before($user, $ability, $fieldset)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure fields')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure fields')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/FormPolicy.php b/src/Policies/FormPolicy.php
@@ -11,7 +11,10 @@ public function before($user, $ability)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure forms')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure forms')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/FormSubmissionPolicy.php b/src/Policies/FormSubmissionPolicy.php
@@ -10,7 +10,10 @@ public function before($user, $ability)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure forms')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure forms')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/GlobalSetPolicy.php b/src/Policies/GlobalSetPolicy.php
@@ -13,7 +13,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure globals')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure globals')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/NavPolicy.php b/src/Policies/NavPolicy.php
@@ -13,7 +13,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure navs')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure navs')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/NavTreePolicy.php b/src/Policies/NavTreePolicy.php
@@ -8,6 +8,13 @@ class NavTreePolicy extends NavPolicy
 {
     use Concerns\HasMultisitePolicy;
 
+    public function before($user)
+    {
+        if (User::fromUser($user)->isSuper()) {
+            return true;
+        }
+    }
+
     public function view($user, $nav)
     {
         $user = User::fromUser($user);

diff --git a/src/Policies/SitePolicy.php b/src/Policies/SitePolicy.php
@@ -7,6 +7,13 @@
 
 class SitePolicy
 {
+    public function before($user)
+    {
+        if (User::fromUser($user)->isSuper()) {
+            return true;
+        }
+    }
+
     public function view($user, $site)
     {
         if (! Site::multiEnabled()) {

diff --git a/src/Policies/TaxonomyPolicy.php b/src/Policies/TaxonomyPolicy.php
@@ -13,7 +13,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure taxonomies')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure taxonomies')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/TermPolicy.php b/src/Policies/TermPolicy.php
@@ -12,7 +12,10 @@ public function before($user)
     {
         $user = User::fromUser($user);
 
-        if ($user->hasPermission('configure taxonomies')) {
+        if (
+            $user->isSuper() ||
+            $user->hasPermission('configure taxonomies')
+        ) {
             return true;
         }
     }

diff --git a/src/Policies/UserPolicy.php b/src/Policies/UserPolicy.php
@@ -6,6 +6,13 @@
 
 class UserPolicy
 {
+    public function before($user)
+    {
+        if (User::fromUser($user)->isSuper()) {
+            return true;
+        }
+    }
+
     public function index($authed)
     {
         $authed = User::fromUser($authed);

diff --git a/src/Providers/AuthServiceProvider.php b/src/Providers/AuthServiceProvider.php
@@ -14,6 +14,7 @@
 use Statamic\Contracts\Auth\RoleRepository;
 use Statamic\Contracts\Auth\UserGroupRepository;
 use Statamic\Contracts\Auth\UserRepository;
+use Statamic\Facades\Permission;
 use Statamic\Facades\User;
 use Statamic\Policies;
 
@@ -84,7 +85,13 @@ public function boot()
         });
 
         Gate::before(function ($user, $ability) {
-            return optional(User::fromUser($user))->isSuper() ? true : null;
+            Permission::boot();
+
+            $isStatamicPermission = Permission::all()->first(fn ($permission) => $permission->value() === $ability);
+
+            if ($isStatamicPermission) {
+                return optional(User::fromUser($user))->isSuper() ? true : null;
+            }
         });
 
         Gate::after(function ($user, $ability) {

diff --git a/tests/CP/Navigation/ActiveNavItemTest.php b/tests/CP/Navigation/ActiveNavItemTest.php
@@ -218,6 +218,9 @@ public function it_resolves_core_children_closure_and_can_check_when_parent_and_
     #[Test]
     public function it_can_check_if_parent_extension_with_array_based_children_item_is_active()
     {
+        Facades\Permission::register('view seo reports');
+        Facades\Permission::register('edit seo section defaults');
+
         Facades\CP\Nav::extend(function ($nav) {
             $nav->tools('SEO Pro')
                 ->url('/cp/seo-pro')
@@ -243,6 +246,9 @@ public function it_can_check_if_parent_extension_with_array_based_children_item_
     #[Test]
     public function it_can_check_when_parent_and_array_based_child_extension_items_are_active()
     {
+        Facades\Permission::register('view seo reports');
+        Facades\Permission::register('edit seo section defaults');
+
         Facades\CP\Nav::extend(function ($nav) {
             $nav->tools('SEO Pro')
                 ->url('/cp/seo-pro')
@@ -268,6 +274,9 @@ public function it_can_check_when_parent_and_array_based_child_extension_items_a
     #[Test]
     public function it_can_check_when_parent_and_array_based_descendant_of_child_extension_item_is_active()
     {
+        Facades\Permission::register('view seo reports');
+        Facades\Permission::register('edit seo section defaults');
+
         Facades\CP\Nav::extend(function ($nav) {
             $nav->tools('SEO Pro')
                 ->url('/cp/seo-pro')
@@ -319,6 +328,9 @@ public function it_builds_extension_children_closure_when_not_active()
     #[Test]
     public function it_resolves_extension_children_closure_and_can_check_when_parent_item_is_active()
     {
+        Facades\Permission::register('view seo reports');
+        Facades\Permission::register('edit seo section defaults');
+
         Facades\CP\Nav::extend(function ($nav) {
             $nav->tools('SEO Pro')
                 ->url('/cp/seo-pro')
@@ -346,6 +358,9 @@ public function it_resolves_extension_children_closure_and_can_check_when_parent
     #[Test]
     public function it_resolves_extension_children_closure_and_can_check_when_parent_and_child_item_are_active()
     {
+        Facades\Permission::register('view seo reports');
+        Facades\Permission::register('edit seo section defaults');
+
         Facades\CP\Nav::extend(function ($nav) {
             $nav->tools('SEO Pro')
                 ->url('/cp/seo-pro')
@@ -373,6 +388,9 @@ public function it_resolves_extension_children_closure_and_can_check_when_parent
     #[Test]
     public function it_resolves_extension_children_closure_and_can_check_when_parent_and_descendant_of_child_item_is_active()
     {
+        Facades\Permission::register('view seo reports');
+        Facades\Permission::register('edit seo section defaults');
+
         Facades\CP\Nav::extend(function ($nav) {
             $nav->tools('SEO Pro')
                 ->url('/cp/seo-pro')

diff --git a/tests/CP/Navigation/NavTest.php b/tests/CP/Navigation/NavTest.php
@@ -73,12 +73,14 @@ public function it_can_create_a_nav_item_with_a_more_custom_config()
     {
         $this->actingAs(tap(User::make()->makeSuper())->save());
 
+        Facades\Permission::register('view droids');
+
         Nav::droids('C-3PO')
             ->id('some::custom::id')
             ->active('threepio*')
             ->url('/human-cyborg-relations')
             ->view('cp.nav.importer')
-            ->can('index', 'DroidsClass')
+            ->can('view droids')
             ->attributes(['target' => '_blank', 'class' => 'red']);
 
         $item = $this->build()->get('Droids')->first();
@@ -89,8 +91,7 @@ public function it_can_create_a_nav_item_with_a_more_custom_config()
         $this->assertEquals('http://localhost/human-cyborg-relations', $item->url());
         $this->assertEquals('cp.nav.importer', $item->view());
         $this->assertEquals('threepio*', $item->active());
-        $this->assertEquals('index', $item->authorization()->ability);
-        $this->assertEquals('DroidsClass', $item->authorization()->arguments);
+        $this->assertEquals('view droids', $item->authorization()->ability);
         $this->assertEquals(' target="_blank" class="red"', $item->attributes());
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,7 +18,6 @@ public function handle($request, Closure $next) @@
             }
             if ($user->cant('access cp')) {
-                // dd('theres a user but they are unauthorized', $user);
                 throw new AuthorizationException('Unauthorized.');
             }
@@ Expand Down @@