From 94666c24984148552e5362e127bae6875bf2a1ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20Schwei=C3=9Finger?=
 <simon.schweissinger@visuellverstehen.de>
Date: Fri, 26 Apr 2024 20:55:17 +0200
Subject: [PATCH] [4.x] Use 'configure' permission for configuring navs (#9961)

---
 src/Http/Controllers/CP/Navigation/NavigationController.php | 2 +-
 src/Policies/NavPolicy.php                                  | 5 +++++
 tests/Feature/Navigation/EditNavigationTest.php             | 6 +++---
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/Http/Controllers/CP/Navigation/NavigationController.php b/src/Http/Controllers/CP/Navigation/NavigationController.php
index 4df03b6411..d5f8928f22 100644
--- a/src/Http/Controllers/CP/Navigation/NavigationController.php
+++ b/src/Http/Controllers/CP/Navigation/NavigationController.php
@@ -39,7 +39,7 @@ public function edit($nav)
     {
         $nav = Nav::find($nav);
 
-        $this->authorize('edit', $nav, __('You are not authorized to configure navs.'));
+        $this->authorize('configure', $nav, __('You are not authorized to configure navs.'));
 
         $values = [
             'title' => $nav->title(),
diff --git a/src/Policies/NavPolicy.php b/src/Policies/NavPolicy.php
index 8614dc0db4..9b63a6ad26 100644
--- a/src/Policies/NavPolicy.php
+++ b/src/Policies/NavPolicy.php
@@ -41,6 +41,11 @@ public function store($user)
         // handled by before()
     }
 
+    public function configure($user)
+    {
+        // handled by before()
+    }
+
     public function view($user, $nav)
     {
         $user = User::fromUser($user);
diff --git a/tests/Feature/Navigation/EditNavigationTest.php b/tests/Feature/Navigation/EditNavigationTest.php
index bbd9db838c..f29e9e4bc3 100644
--- a/tests/Feature/Navigation/EditNavigationTest.php
+++ b/tests/Feature/Navigation/EditNavigationTest.php
@@ -15,13 +15,13 @@ class EditNavigationTest extends TestCase
     use PreventSavingStacheItemsToDisk;
 
     /** @test */
-    public function it_shows_the_edit_form_if_user_has_edit_permission()
+    public function it_shows_the_edit_form_if_user_has_configure_permission()
     {
         $nav = $this->createNav('foo');
         Nav::shouldReceive('all')->andReturn(collect([$nav]));
         Nav::shouldReceive('find')->andReturn($nav);
 
-        $this->setTestRoles(['test' => ['access cp', 'edit foo nav']]);
+        $this->setTestRoles(['test' => ['access cp', 'configure navs']]);
         $user = Facades\User::make()->assignRole('test')->save();
 
         $response = $this
@@ -32,7 +32,7 @@ public function it_shows_the_edit_form_if_user_has_edit_permission()
     }
 
     /** @test */
-    public function it_denies_access_if_user_doesnt_have_edit_permission()
+    public function it_denies_access_if_user_doesnt_have_configure_permission()
     {
         $nav = $this->createNav('foo');
         Nav::shouldReceive('all')->andReturn(collect([$nav]));