From 34afe798ecbe8eb9fbc6fd17d216d608b3bac255 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Thu, 8 Jan 2026 15:54:47 +0100
Subject: [PATCH] fix: use verified routes in navbar and improve
 can_access_page?

Use ~p verified routes instead of string paths in navbar template.
Update can_access_page? to handle both string and verified route paths
for better type safety.
---
 lib/mv_web/authorization.ex             | 8 ++++++--
 lib/mv_web/components/layouts/navbar.ex | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/mv_web/authorization.ex b/lib/mv_web/authorization.ex
index 18ecd70..95a8524 100644
--- a/lib/mv_web/authorization.ex
+++ b/lib/mv_web/authorization.ex
@@ -106,14 +106,18 @@ defmodule MvWeb.Authorization do
       iex> can_access_page?(mitglied, "/members")
       false
   """
-  @spec can_access_page?(map() | nil, String.t()) :: boolean()
+  @spec can_access_page?(map() | nil, String.t() | Phoenix.VerifiedRoutes.unverified_path()) ::
+          boolean()
   def can_access_page?(nil, _page_path), do: false
 
   def can_access_page?(user, page_path) do
+    # Convert verified route to string if needed
+    page_path_str = if is_binary(page_path), do: page_path, else: to_string(page_path)
+
     with %{role: %{permission_set_name: ps_name}} when not is_nil(ps_name) <- user,
          {:ok, ps_atom} <- PermissionSets.permission_set_name_to_atom(ps_name),
          permissions <- PermissionSets.get_permissions(ps_atom) do
-      page_matches?(permissions.pages, page_path)
+      page_matches?(permissions.pages, page_path_str)
     else
       _ -> false
     end
diff --git a/lib/mv_web/components/layouts/navbar.ex b/lib/mv_web/components/layouts/navbar.ex
index 692f949..e3e9319 100644
--- a/lib/mv_web/components/layouts/navbar.ex
+++ b/lib/mv_web/components/layouts/navbar.ex
@@ -34,9 +34,9 @@ defmodule MvWeb.Layouts.Navbar do
                 <li>
                   <.link navigate="/settings">{gettext("Global Settings")}</.link>
                 </li>
-                <%= if can_access_page?(@current_user, "/admin/roles") do %>
+                <%= if can_access_page?(@current_user, ~p"/admin/roles") do %>
                   <li>
-                    <.link navigate="/admin/roles">{gettext("Roles")}</.link>
+                    <.link navigate={~p"/admin/roles"}>{gettext("Roles")}</.link>
                   </li>
                 <% end %>
               </ul>