create([ 'workspace_id' => (int) $tenant->workspace_id, 'tenant_id' => (int) $tenant->getKey(), 'provider' => 'microsoft', ]); $this->actingAs($user) ->get('/admin/tenants/'.$tenant->external_id.'/provider-connections') ->assertStatus(302) ->assertRedirect('/admin/provider-connections?tenant_id='.$tenant->external_id); $this->actingAs($user) ->get('/admin/tenants/'.$tenant->external_id.'/provider-connections/create') ->assertStatus(302) ->assertRedirect('/admin/provider-connections/create?tenant_id='.$tenant->external_id); $this->actingAs($user) ->get('/admin/tenants/'.$tenant->external_id.'/provider-connections/'.$connection->getKey().'/edit') ->assertStatus(302) ->assertRedirect('/admin/provider-connections/'.$connection->getKey().'/edit?tenant_id='.$tenant->external_id); }); it('redirects non-workspace-members on legacy routes', function (): void { $user = User::factory()->create(); $tenant = Tenant::factory()->create(); $this->actingAs($user) ->get('/admin/tenants/'.$tenant->external_id.'/provider-connections') ->assertRedirect(); }); it('returns 404 without location header for non-tenant members on legacy routes', function (): void { $tenantA = Tenant::factory()->create(); $tenantB = Tenant::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); [$user] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id]) ->get('/admin/tenants/'.$tenantB->external_id.'/provider-connections') ->assertNotFound() ->assertHeaderMissing('Location'); }); it('keeps /admin/t/{tenant}/provider-connections as not found and not redirected', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user) ->get('/admin/t/'.$tenant->external_id.'/provider-connections') ->assertNotFound() ->assertHeaderMissing('Location'); });