(int) $tenant->workspace_id, WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [ (string) $tenant->workspace_id => (int) $tenant->getKey(), ], ]; } dataset('tenant-owned-list-pages', [ 'policy list' => [ ListPolicies::class, static fn (Tenant $tenant, string $label): Policy => Policy::factory()->for($tenant)->create([ 'display_name' => $label, ]), ], 'policy-version list' => [ ListPolicyVersions::class, static function (Tenant $tenant, string $label): PolicyVersion { $policy = Policy::factory()->for($tenant)->create([ 'display_name' => $label.' policy', ]); return PolicyVersion::factory()->for($tenant)->for($policy)->create([ 'version_number' => random_int(1, 9999), ]); }, ], 'backup-schedule list' => [ ListBackupSchedules::class, static function (Tenant $tenant, string $label): BackupSchedule { return BackupSchedule::create([ 'tenant_id' => (int) $tenant->getKey(), 'name' => $label, 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '10:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, 'next_run_at' => now()->addHour(), ]); }, ], 'backup-set list' => [ ListBackupSets::class, static fn (Tenant $tenant, string $label): BackupSet => BackupSet::factory()->for($tenant)->create([ 'name' => $label, ]), ], 'restore-run list' => [ ListRestoreRuns::class, static function (Tenant $tenant, string $label): RestoreRun { $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => $label.' backup set', ]); return RestoreRun::factory()->for($tenant)->for($backupSet)->create(); }, ], 'inventory-item list' => [ ListInventoryItems::class, static fn (Tenant $tenant, string $label): InventoryItem => InventoryItem::factory()->create([ 'tenant_id' => (int) $tenant->getKey(), 'display_name' => $label, ]), ], 'finding list' => [ ListFindings::class, static fn (Tenant $tenant, string $label): Finding => Finding::factory()->for($tenant)->create(), ], 'entra-group list' => [ ListEntraGroups::class, static fn (Tenant $tenant, string $label): EntraGroup => EntraGroup::factory()->for($tenant)->create([ 'display_name' => $label, ]), ], ]); dataset('tenant-owned-detail-pages', [ 'policy view' => [ PolicyResource::class, 'view', static fn (Tenant $tenant, string $label): Policy => Policy::factory()->for($tenant)->create([ 'display_name' => $label, ]), ], 'policy-version view' => [ PolicyVersionResource::class, 'view', static function (Tenant $tenant, string $label): PolicyVersion { $policy = Policy::factory()->for($tenant)->create([ 'display_name' => $label.' policy', ]); return PolicyVersion::factory()->for($tenant)->for($policy)->create([ 'version_number' => random_int(1, 9999), ]); }, ], 'backup-set view' => [ BackupSetResource::class, 'view', static fn (Tenant $tenant, string $label): BackupSet => BackupSet::factory()->for($tenant)->create([ 'name' => $label, ]), ], 'restore-run view' => [ RestoreRunResource::class, 'view', static function (Tenant $tenant, string $label): RestoreRun { $backupSet = BackupSet::factory()->for($tenant)->create([ 'name' => $label.' backup set', ]); return RestoreRun::factory()->for($tenant)->for($backupSet)->create(); }, ], 'inventory-item view' => [ InventoryItemResource::class, 'view', static fn (Tenant $tenant, string $label): InventoryItem => InventoryItem::factory()->create([ 'tenant_id' => (int) $tenant->getKey(), 'display_name' => $label, ]), ], 'finding view' => [ FindingResource::class, 'view', static fn (Tenant $tenant, string $label): Finding => Finding::factory()->for($tenant)->create(), ], 'entra-group view' => [ EntraGroupResource::class, 'view', static fn (Tenant $tenant, string $label): EntraGroup => EntraGroup::factory()->for($tenant)->create([ 'display_name' => $label, ]), ], 'backup-schedule edit' => [ BackupScheduleResource::class, 'edit', static function (Tenant $tenant, string $label): BackupSchedule { return BackupSchedule::create([ 'tenant_id' => (int) $tenant->getKey(), 'name' => $label, 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '10:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, 'next_run_at' => now()->addHour(), ]); }, ], ]); it('scopes covered tenant-owned admin lists to the remembered canonical tenant', function (string $pageClass, Closure $makeRecord): void { $tenantA = Tenant::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = Tenant::factory()->create(['workspace_id' => (int) $tenantA->workspace_id]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $allowed = $makeRecord($tenantA, 'Allowed record'); $blocked = $makeRecord($tenantB, 'Blocked record'); $this->actingAs($user); Filament::setCurrentPanel('admin'); Filament::setTenant(null, true); Filament::bootCurrentPanel(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [ (string) $tenantA->workspace_id => (int) $tenantA->getKey(), ]); Livewire::actingAs($user)->test($pageClass) ->assertCanSeeTableRecords([$allowed]) ->assertCanNotSeeTableRecords([$blocked]); })->with('tenant-owned-list-pages'); it('returns not found for covered tenant-owned admin detail pages outside the remembered canonical tenant', function (string $resourceClass, string $page, Closure $makeRecord): void { $tenantA = Tenant::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = Tenant::factory()->create(['workspace_id' => (int) $tenantA->workspace_id]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $allowed = $makeRecord($tenantA, 'Allowed record'); $blocked = $makeRecord($tenantB, 'Blocked record'); $this->actingAs($user); Filament::setCurrentPanel('admin'); Filament::setTenant(null, true); Filament::bootCurrentPanel(); $session = tenantOwnedAdminSession($tenantA); $this->withSession($session) ->get($resourceClass::getUrl($page, ['record' => $allowed], panel: 'admin')) ->assertSuccessful(); $this->withSession($session) ->get($resourceClass::getUrl($page, ['record' => $blocked], panel: 'admin')) ->assertNotFound(); })->with('tenant-owned-detail-pages');