create(); $this->actingAs($user); Filament::setTenant($tenantA, true); $sync = app(InventorySyncService::class); $allTypes = $sync->defaultSelectionPayload()['policy_types']; Livewire::test(ListInventoryItems::class) ->callAction('run_inventory_sync', data: ['tenant_id' => $tenantB->getKey(), 'policy_types' => $allTypes]) ->assertSuccessful(); Queue::assertNothingPushed(); expect(OperationRun::query()->where('tenant_id', $tenantB->id)->where('type', 'inventory_sync')->exists())->toBeFalse(); expect(OperationRun::query()->where('tenant_id', $tenantB->id)->exists())->toBeFalse(); }); it('prevents run creation when a readonly member tries to start inventory sync', function () { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'readonly'); $this->actingAs($user); Filament::setTenant($tenant, true); $sync = app(InventorySyncService::class); $allTypes = $sync->defaultSelectionPayload()['policy_types']; Livewire::test(ListInventoryItems::class) ->assertActionVisible('run_inventory_sync') ->assertActionDisabled('run_inventory_sync') ->callAction('run_inventory_sync', data: ['tenant_id' => $tenant->getKey(), 'policy_types' => $allTypes]); Queue::assertNothingPushed(); expect(OperationRun::query()->where('tenant_id', $tenant->id)->where('type', 'inventory_sync')->exists())->toBeFalse(); expect(OperationRun::query()->where('tenant_id', $tenant->id)->exists())->toBeFalse(); }); it('prevents run creation when a readonly member tries to start directory group sync', function () { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'readonly'); $this->actingAs($user); Filament::setTenant($tenant, true); Livewire::test(ListEntraGroups::class) ->assertActionVisible('sync_groups') ->assertActionDisabled('sync_groups') ->callAction('sync_groups'); Queue::assertNotPushed(EntraGroupSyncJob::class); expect(OperationRun::query()->where('tenant_id', $tenant->id)->exists())->toBeFalse(); }); it('prevents run creation when a readonly member tries to run a backup schedule now', function () { Queue::fake([RunBackupScheduleJob::class]); [$user, $tenant] = createUserWithTenant(role: 'readonly'); $this->actingAs($user); Filament::setTenant($tenant, true); $schedule = BackupSchedule::query()->create([ 'tenant_id' => $tenant->id, 'name' => 'Nightly', 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '01:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, ]); Livewire::test(ListBackupSchedules::class) ->assertTableActionVisible('runNow', $schedule) ->assertTableActionDisabled('runNow', $schedule) ->callTableAction('runNow', $schedule); Queue::assertNothingPushed(); expect(OperationRun::query()->where('tenant_id', $tenant->id)->exists())->toBeFalse(); }); it('prevents run creation when a readonly member tries to retry a backup schedule', function () { Queue::fake([RunBackupScheduleJob::class]); [$user, $tenant] = createUserWithTenant(role: 'readonly'); $this->actingAs($user); Filament::setTenant($tenant, true); $schedule = BackupSchedule::query()->create([ 'tenant_id' => $tenant->id, 'name' => 'Nightly', 'is_enabled' => true, 'timezone' => 'UTC', 'frequency' => 'daily', 'time_of_day' => '01:00:00', 'days_of_week' => null, 'policy_types' => ['deviceConfiguration'], 'include_foundations' => true, 'retention_keep_last' => 30, ]); Livewire::test(ListBackupSchedules::class) ->assertTableActionVisible('retry', $schedule) ->assertTableActionDisabled('retry', $schedule) ->callTableAction('retry', $schedule); Queue::assertNothingPushed(); expect(OperationRun::query()->where('tenant_id', $tenant->id)->exists())->toBeFalse(); });