toBeFalse(); })->with('admin hidden navigation classes'); it('registers current tenant-owned surfaces on the admin navigation', function (string $class): void { Filament::setCurrentPanel('admin'); expect($class::shouldRegisterNavigation())->toBeTrue(); })->with('admin visible navigation classes'); it('keeps retired tenant-panel entry routes unavailable', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user) ->withSession([ WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id, ]) ->get("/admin/t/{$tenant->external_id}") ->assertNotFound(); }); it('keeps baseline navigation on the admin panel and off retired tenant routes', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); Filament::setCurrentPanel('admin'); expect(BaselineProfileResource::shouldRegisterNavigation())->toBeTrue(); expect(BaselineSnapshotResource::shouldRegisterNavigation())->toBeTrue(); $this->actingAs($user) ->withSession([ WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id, ]) ->get("/admin/t/{$tenant->external_id}/baseline-profiles") ->assertNotFound(); $this->actingAs($user) ->withSession([ WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id, ]) ->get("/admin/t/{$tenant->external_id}/baseline-snapshots") ->assertNotFound(); }); it('keeps the workspace panel sidebar free of tenant-sensitive entries even with a remembered tenant', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $response = $this->actingAs($user) ->withSession([ WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id, WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [ (string) $tenant->workspace_id => (int) $tenant->getKey(), ], ]) ->get(route('admin.workspace.home', ['workspace' => $tenant->workspace_id])) ->assertOk(); $response->assertDontSee('>Items', false); $response->assertDontSee('>Policies', false); $response->assertDontSee('>Policy Versions', false); $response->assertDontSee('>Backup Schedules', false); $response->assertDontSee('>Backup Sets', false); $response->assertDontSee('>Restore Runs', false); $response->assertDontSee('>Findings', false); });