create(); [$user] = createUserWithTenant(role: 'owner'); $this->actingAs($user) ->get(BackupScheduleResource::getUrl('index', tenant: $tenant)) ->assertNotFound(); }); it('treats members without manage capability as forbidden for archive and restore', function () { [$user, $tenant] = createUserWithTenant(role: 'readonly'); $schedule = BackupSchedule::query()->create([ 'tenant_id' => $tenant->id, 'name' => 'Lifecycle auth readonly', 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '01:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, ]); $this->actingAs($user); Filament::setTenant($tenant, true); Livewire::test(ListBackupSchedules::class) ->assertTableActionDisabled('archive', $schedule) ->assertTableActionExists('archive', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $schedule) ->callTableAction('archive', $schedule); expect(function () use ($user, $schedule): void { Gate::forUser($user)->authorize('delete', $schedule); })->toThrow(AuthorizationException::class); $schedule->delete(); Livewire::test(ListBackupSchedules::class) ->filterTable(TrashedFilter::class, false) ->assertTableActionDisabled('restore', BackupSchedule::withTrashed()->findOrFail($schedule->id)) ->assertTableActionExists('restore', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), BackupSchedule::withTrashed()->findOrFail($schedule->id)); expect(function () use ($user, $schedule): void { Gate::forUser($user)->authorize('restore', $schedule->fresh()); })->toThrow(AuthorizationException::class); }); it('treats members without tenant delete capability as forbidden for force delete', function () { [$user, $tenant] = createUserWithTenant(role: 'manager'); $schedule = BackupSchedule::query()->create([ 'tenant_id' => $tenant->id, 'name' => 'Force delete forbidden', 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '01:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, ]); $schedule->delete(); $this->actingAs($user); Filament::setTenant($tenant, true); Livewire::test(ListBackupSchedules::class) ->filterTable(TrashedFilter::class, false) ->assertTableActionDisabled('forceDelete', BackupSchedule::withTrashed()->findOrFail($schedule->id)) ->assertTableActionExists('forceDelete', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), BackupSchedule::withTrashed()->findOrFail($schedule->id)); expect(function () use ($user, $schedule): void { Gate::forUser($user)->authorize('forceDelete', $schedule->fresh()); })->toThrow(AuthorizationException::class); });