get(route('admin.local.smoke-login', [ 'email' => $user->email, 'workspace' => $environment->workspace->slug, 'tenant' => $environment->slug, 'redirect' => '/admin/t/'.$environment->slug, ])) ->assertRedirect('/admin/t/'.$environment->slug) ->assertSessionHas('current_workspace_id', (int) $environment->workspace_id); }); it('returns not found when route binding targets an environment outside the requested workspace', function (): void { [$user, $environment] = createUserWithTenant(role: 'owner'); $otherWorkspace = Workspace::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $otherWorkspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'owner', ]); $this->actingAs($user)->withSession([ WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey(), ]); $this ->get(route('admin.provider-connections.legacy-index', ['tenant' => $environment])) ->assertNotFound(); }); it('returns not found when a workspace member lacks managed-environment membership', function (): void { $workspace = Workspace::factory()->create(); $environment = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), ]); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'manager', ]); $this ->get(route('admin.local.smoke-login', [ 'email' => $user->email, 'workspace' => $workspace->slug, 'tenant' => $environment->slug, 'redirect' => '/admin/t/'.$environment->slug, ])) ->assertNotFound(); });