create(); $tenantA = ManagedEnvironment::factory()->active()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Tenant A', ]); $tenantB = ManagedEnvironment::factory()->active()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Tenant B', ]); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'readonly', ]); session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); /** @var \Filament\Panel $panel */ $panel = app(PanelRegistry::class)->get('admin'); $tenants = $user->getTenants($panel); expect($user->canAccessTenant($tenantA))->toBeTrue() ->and($user->canAccessTenant($tenantB))->toBeTrue() ->and($tenants->pluck('name')->all())->toEqual(['Tenant A', 'Tenant B']); }); it('narrows tenant selection and clears stale remembered environment context', function (): void { $workspace = Workspace::factory()->create(); $allowedTenant = ManagedEnvironment::factory()->active()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Allowed Tenant', ]); $deniedTenant = ManagedEnvironment::factory()->active()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Denied Tenant', ]); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'operator', ]); session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey()); ManagedEnvironmentMembership::query()->create([ 'managed_environment_id' => (int) $allowedTenant->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'operator', 'source' => 'manual', ]); app(CapabilityResolver::class)->clearCache(); app(ManagedEnvironmentAccessScopeResolver::class)->clearCache(); app(WorkspaceContext::class)->rememberLastTenantId((int) $workspace->getKey(), (int) $deniedTenant->getKey()); /** @var \Filament\Panel $panel */ $panel = app(PanelRegistry::class)->get('admin'); $defaultTenant = $user->getDefaultTenant($panel); $tenants = $user->getTenants($panel); expect($defaultTenant?->getKey())->toBe($allowedTenant->getKey()) ->and(app(WorkspaceContext::class)->lastTenantId())->toBeNull() ->and($tenants)->toHaveCount(1) ->and($tenants->first()?->getKey())->toBe($allowedTenant->getKey()); });