create(); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'readonly', ]); session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); Livewire::actingAs($user) ->test(ManagedTenantOnboardingWizard::class) ->call('identifyManagedTenant', [ 'entra_tenant_id' => '11111111-1111-1111-1111-111111111111', 'environment' => 'prod', 'name' => 'Acme', ]) ->assertStatus(403); }); it('denies provider connection creation for operator members', function (): void { $workspace = Workspace::factory()->create(); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'operator', ]); session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); Livewire::actingAs($user) ->test(ManagedTenantOnboardingWizard::class) ->call('createProviderConnection', [ 'display_name' => 'Acme connection', 'client_id' => '00000000-0000-0000-0000-000000000000', 'client_secret' => 'super-secret', 'is_default' => true, ]) ->assertStatus(403); }); it('allows operator members to start verification for an existing onboarding session', function (): void { Queue::fake(); $workspace = Workspace::factory()->create(); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'operator', ]); session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); $tenant = Tenant::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'status' => Tenant::STATUS_ONBOARDING, ]); $connection = ProviderConnection::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'tenant_id' => (int) $tenant->getKey(), 'entra_tenant_id' => (string) $tenant->tenant_id, ]); TenantOnboardingSession::query()->create([ 'workspace_id' => (int) $workspace->getKey(), 'tenant_id' => (int) $tenant->getKey(), 'entra_tenant_id' => (string) $tenant->tenant_id, 'current_step' => 'connection', 'state' => [ 'provider_connection_id' => (int) $connection->getKey(), ], 'started_by_user_id' => (int) $user->getKey(), 'updated_by_user_id' => (int) $user->getKey(), ]); Livewire::actingAs($user) ->test(ManagedTenantOnboardingWizard::class) ->call('startVerification'); Queue::assertPushed(ProviderConnectionHealthCheckJob::class, 1); }); });