create([ 'managed_environment_id' => (int) $tenant->getKey(), 'name' => $name, 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '01:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, ]); } it('shows only operation runs belonging to the owner backup schedule', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $scheduleA = makeBackupScheduleForTenant($tenant, 'Schedule A'); $scheduleB = makeBackupScheduleForTenant($tenant, 'Schedule B'); $runA = OperationRun::factory()->forTenant($tenant)->create([ 'type' => 'backup_schedule_run', 'context' => ['backup_schedule_id' => (int) $scheduleA->getKey()], ]); $runB = OperationRun::factory()->forTenant($tenant)->create([ 'type' => 'backup_schedule_run', 'context' => ['backup_schedule_id' => (int) $scheduleB->getKey()], ]); Livewire::test(BackupScheduleOperationRunsRelationManager::class, [ 'ownerRecord' => $scheduleA, 'pageClass' => EditBackupSchedule::class, ]) ->assertCanSeeTableRecords([$runA]) ->assertCanNotSeeTableRecords([$runB]); }); it('renders operation runs when ambient Filament tenant context is missing', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user); setAdminPanelContext(null); $schedule = makeBackupScheduleForTenant($tenant, 'Schedule A'); $run = OperationRun::factory()->forTenant($tenant)->create([ 'type' => 'backup_schedule_run', 'context' => ['backup_schedule_id' => (int) $schedule->getKey()], ]); Livewire::test(BackupScheduleOperationRunsRelationManager::class, [ 'ownerRecord' => $schedule, 'pageClass' => EditBackupSchedule::class, ]) ->assertCanSeeTableRecords([$run]); }); it('does not broaden scope when ambient Filament tenant context is wrong', function (): void { $tenantA = \App\Models\ManagedEnvironment::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = \App\Models\ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $this->actingAs($user); setAdminPanelContext($tenantB); $scheduleA = makeBackupScheduleForTenant($tenantA, 'Schedule A'); $runA = OperationRun::factory()->forTenant($tenantA)->create([ 'type' => 'backup_schedule_run', 'context' => ['backup_schedule_id' => (int) $scheduleA->getKey()], ]); Livewire::test(BackupScheduleOperationRunsRelationManager::class, [ 'ownerRecord' => $scheduleA, 'pageClass' => EditBackupSchedule::class, ]) ->assertCanSeeTableRecords([$runA]); }); it('returns 404 when a forged same-tenant run key is mounted on the wrong schedule relation manager', function (): void { [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $scheduleA = makeBackupScheduleForTenant($tenant, 'Schedule A'); $scheduleB = makeBackupScheduleForTenant($tenant, 'Schedule B'); $foreignRun = OperationRun::factory()->forTenant($tenant)->create([ 'type' => 'backup_schedule_run', 'context' => ['backup_schedule_id' => (int) $scheduleB->getKey()], ]); $component = Livewire::test(BackupScheduleOperationRunsRelationManager::class, [ 'ownerRecord' => $scheduleA, 'pageClass' => EditBackupSchedule::class, ]); $table = $component->instance()->getTable(); expect(fn () => $table->getRecordUrl($foreignRun)) ->toThrow(NotFoundHttpException::class); });