create([ 'tenant_id' => null, 'external_id' => 'platform', 'name' => 'Platform', ]); config()->set('tenantpilot.break_glass.enabled', true); config()->set('tenantpilot.break_glass.ttl_minutes', 15); }); it('can assign a workspace owner via break-glass and audits it', function () { $platformUser = PlatformUser::factory()->create([ 'capabilities' => [ PlatformCapabilities::ACCESS_SYSTEM_PANEL, PlatformCapabilities::USE_BREAK_GLASS, ], ]); $this->actingAs($platformUser, 'platform'); $workspace = Workspace::factory()->create(); $targetUser = User::factory()->create(); // Ensure the workspace is in a "broken" state: zero owners. WorkspaceMembership::factory()->create([ 'workspace_id' => $workspace->getKey(), 'user_id' => $targetUser->getKey(), 'role' => WorkspaceRole::Operator->value, ]); Livewire::test(Dashboard::class) ->callAction('enter_break_glass', data: [ 'reason' => 'Recover workspace ownership', ]); Livewire::test(RepairWorkspaceOwners::class) ->callAction('assign_owner', data: [ 'workspace_id' => (int) $workspace->getKey(), 'target_user_id' => (int) $targetUser->getKey(), 'reason' => 'Fix last owner removed via DB edit', ]); $membership = WorkspaceMembership::query() ->where('workspace_id', $workspace->getKey()) ->where('user_id', $targetUser->getKey()) ->firstOrFail(); expect($membership->role)->toBe(WorkspaceRole::Owner->value); $audit = AuditLog::query() ->where('workspace_id', $workspace->getKey()) ->where('action', 'workspace_membership.break_glass.assign_owner') ->where('status', 'success') ->latest('id') ->first(); expect($audit)->not->toBeNull(); expect($audit->metadata)->toMatchArray([ 'workspace_id' => (int) $workspace->getKey(), 'actor_user_id' => (int) $platformUser->getKey(), 'target_user_id' => (int) $targetUser->getKey(), 'attempted_role' => WorkspaceRole::Owner->value, 'source' => 'break_glass', ]); });