create(); $destination = AlertDestination::factory()->create([ 'workspace_id' => (int) $otherWorkspace->getKey(), ]); $workspaceId = (int) session()->get(\App\Support\Workspaces\WorkspaceContext::SESSION_KEY); expect($workspaceId)->not->toBe(0); $this->actingAs($user) ->get(AlertDestinationResource::getUrl('edit', ['record' => $destination], panel: 'admin')) ->assertNotFound(); }); it('returns 403 for members missing alerts view capability', function (): void { $workspace = Workspace::factory()->create(); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'readonly', ]); $resolver = \Mockery::mock(WorkspaceCapabilityResolver::class); $resolver->shouldReceive('isMember')->andReturnTrue(); $resolver->shouldReceive('can')->andReturnFalse(); app()->instance(WorkspaceCapabilityResolver::class, $resolver); session()->put(\App\Support\Workspaces\WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); $this->actingAs($user) ->get(AlertDestinationResource::getUrl(panel: 'admin')) ->assertForbidden(); }); it('allows members with alerts view but forbids create for members without alerts manage', function (): void { [$user] = createUserWithTenant(role: 'readonly'); $this->actingAs($user) ->get(AlertDestinationResource::getUrl(panel: 'admin')) ->assertOk(); $this->actingAs($user) ->get(AlertDestinationResource::getUrl('create', panel: 'admin')) ->assertForbidden(); });