create(); $this->actingAs($user)->get($url)->assertNotFound(); })->with([ '/system/login', '/system', '/system/ops/runbooks', '/system/ops/runs', ]); it('returns 403 when a platform user lacks the required capability on system pages', function (string $url) { $platformUser = PlatformUser::factory()->create([ 'capabilities' => [], 'is_active' => true, ]); $this->actingAs($platformUser, 'platform') ->get($url) ->assertForbidden(); })->with([ '/system', '/system/ops/runbooks', '/system/ops/runs', ]); it('returns 200 when a platform user has the required capability', function () { $platformUser = PlatformUser::factory()->create([ 'capabilities' => [ PlatformCapabilities::ACCESS_SYSTEM_PANEL, PlatformCapabilities::CONSOLE_VIEW, ], 'is_active' => true, ]); $this->actingAs($platformUser, 'platform') ->get('/system') ->assertSuccessful(); }); it('returns 403 on runbooks when a platform user lacks the runbooks view capability even with system access', function () { $platformUser = PlatformUser::factory()->create([ 'capabilities' => [ PlatformCapabilities::ACCESS_SYSTEM_PANEL, PlatformCapabilities::OPS_VIEW, ], 'is_active' => true, ]); $this->actingAs($platformUser, 'platform') ->get('/system/ops/runbooks') ->assertForbidden(); }); it('returns 200 on runbooks when a platform user has the required runbooks capability set', function () { $platformUser = PlatformUser::factory()->create([ 'capabilities' => [ PlatformCapabilities::ACCESS_SYSTEM_PANEL, PlatformCapabilities::OPS_VIEW, PlatformCapabilities::RUNBOOKS_VIEW, ], 'is_active' => true, ]); $this->actingAs($platformUser, 'platform') ->get('/system/ops/runbooks') ->assertSuccessful(); });