fix: use verified routes in navbar and improve can_access_page?

Use ~p verified routes instead of string paths in navbar template. Update can_access_page? to handle both string and verified route paths for better type safety.
2026-01-08 15:54:47 +01:00 · 2026-01-08 15:54:47 +01:00 · 34afe798ec
commit 34afe798ec
parent ad0a3cd458
2 changed files with 8 additions and 4 deletions
--- a/lib/mv_web/authorization.ex
+++ b/lib/mv_web/authorization.ex
@ -106,14 +106,18 @@ defmodule MvWeb.Authorization do
      iex> can_access_page?(mitglied, "/members")
      false
  """
-  @spec can_access_page?(map() | nil, String.t()) :: boolean()
+  @spec can_access_page?(map() | nil, String.t() | Phoenix.VerifiedRoutes.unverified_path()) ::
+          boolean()
  def can_access_page?(nil, _page_path), do: false

  def can_access_page?(user, page_path) do
+    # Convert verified route to string if needed
+    page_path_str = if is_binary(page_path), do: page_path, else: to_string(page_path)
+
    with %{role: %{permission_set_name: ps_name}} when not is_nil(ps_name) <- user,
         {:ok, ps_atom} <- PermissionSets.permission_set_name_to_atom(ps_name),
         permissions <- PermissionSets.get_permissions(ps_atom) do
-      page_matches?(permissions.pages, page_path)
+      page_matches?(permissions.pages, page_path_str)
    else
      _ -> false
    end
--- a/lib/mv_web/components/layouts/navbar.ex
+++ b/lib/mv_web/components/layouts/navbar.ex
@ -34,9 +34,9 @@ defmodule MvWeb.Layouts.Navbar do
                <li>
                  <.link navigate="/settings">{gettext("Global Settings")}</.link>
                </li>
-                <%= if can_access_page?(@current_user, "/admin/roles") do %>
+                <%= if can_access_page?(@current_user, ~p"/admin/roles") do %>
                  <li>
-                    <.link navigate="/admin/roles">{gettext("Roles")}</.link>
+                    <.link navigate={~p"/admin/roles"}>{gettext("Roles")}</.link>
                  </li>
                <% end %>
              </ul>