actingAs($user); Filament::setTenant(null, true); $this->withSession([ WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id, ])->get(EntraGroupResource::getUrl(panel: 'admin')) ->assertNotFound(); }); it('scopes the admin group list to the remembered tenant context', function (): void { $tenantA = Tenant::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = Tenant::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $groupA = EntraGroup::factory()->for($tenantA)->create([ 'display_name' => 'Remembered tenant group', ]); EntraGroup::factory()->for($tenantB)->create([ 'display_name' => 'Other tenant group', ]); $this->actingAs($user); Filament::setTenant(null, true); $this->withSession([ WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id, WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [ (string) $tenantA->workspace_id => (int) $tenantA->getKey(), ], ])->get(EntraGroupResource::getUrl(panel: 'admin')) ->assertOk() ->assertSee((string) $groupA->display_name) ->assertDontSee('Other tenant group'); }); it('returns not found for admin direct group detail outside the canonical tenant scope', function (): void { $tenantA = Tenant::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = Tenant::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $groupA = EntraGroup::factory()->for($tenantA)->create(); $groupB = EntraGroup::factory()->for($tenantB)->create(); $this->actingAs($user); Filament::setTenant(null, true); $session = [ WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id, WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [ (string) $tenantA->workspace_id => (int) $tenantA->getKey(), ], ]; $this->withSession($session) ->get(EntraGroupResource::getUrl('view', ['record' => $groupA], panel: 'admin')) ->assertOk(); $this->withSession($session) ->get(EntraGroupResource::getUrl('view', ['record' => $groupB], panel: 'admin')) ->assertNotFound(); }); it('keeps persisted admin group search inside the remembered canonical tenant after tenant changes', function (): void { $tenantA = Tenant::factory()->create(); [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner'); $tenantB = Tenant::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner'); $groupA = EntraGroup::factory()->for($tenantA)->create([ 'display_name' => 'Shared Search Group', ]); $groupB = EntraGroup::factory()->for($tenantB)->create([ 'display_name' => 'Shared Search Group', ]); $this->actingAs($user); Filament::setCurrentPanel('admin'); Filament::setTenant(null, true); Filament::bootCurrentPanel(); session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id); session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [ (string) $tenantA->workspace_id => (int) $tenantA->getKey(), ]); Livewire::actingAs($user)->test(ListEntraGroups::class) ->searchTable('Shared Search') ->assertCanSeeTableRecords([$groupA]) ->assertCanNotSeeTableRecords([$groupB]); session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [ (string) $tenantA->workspace_id => (int) $tenantB->getKey(), ]); Livewire::actingAs($user)->test(ListEntraGroups::class) ->assertSet('tableSearch', 'Shared Search') ->assertCanSeeTableRecords([$groupB]) ->assertCanNotSeeTableRecords([$groupA]); });