browser()->timeout(20_000); it('smokes workspace role management plus scoped environment drilldown', function (): void { $workspace = Workspace::factory()->create([ 'name' => 'Spec 285 Workspace', ]); $allowedTenant = ManagedEnvironment::factory()->active()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Spec 285 Allowed', 'slug' => 'spec-285-allowed', ]); $deniedTenant = ManagedEnvironment::factory()->active()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Spec 285 Denied', 'slug' => 'spec-285-denied', ]); $owner = User::factory()->create(); $member = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $owner->getKey(), 'role' => 'owner', ]); $memberMembership = WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $member->getKey(), 'role' => 'readonly', ]); app(WorkspaceMembershipManager::class)->changeRole($workspace, $owner, $memberMembership, 'operator'); app(TenantMembershipManager::class)->grantScope($allowedTenant, $owner, $member, source: 'manual'); Finding::factory()->for($allowedTenant)->create([ 'workspace_id' => (int) $workspace->getKey(), 'severity' => Finding::SEVERITY_HIGH, ]); $this->actingAs($member)->withSession([ WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(), ]); session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); visit(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace])) ->waitForText('Spec 285 Allowed') ->assertSee('Spec 285 Allowed') ->assertDontSee('Spec 285 Denied') ->assertNoJavaScriptErrors() ->assertNoConsoleLogs(); visit(FindingResource::getUrl('index', tenant: $allowedTenant, panel: 'admin')) ->waitForText('Findings') ->assertScript("window.location.pathname.includes('/admin/workspaces/{$workspace->getRouteKey()}/environments/{$allowedTenant->getRouteKey()}/findings')", true) ->assertNoJavaScriptErrors() ->assertNoConsoleLogs(); });