actingAs($user)->withSession([ WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id, ]); $this ->get(route('admin.provider-connections.legacy-index', ['tenant' => $environment])) ->assertRedirect('/admin/provider-connections?managed_environment_id='.$environment->slug); }); it('hides managed-environment routes from workspace members without environment membership', function (): void { $workspace = Workspace::factory()->create(); $environment = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), ]); $user = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'manager', ]); $this->actingAs($user)->withSession([ WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(), ]); $this ->get(route('admin.provider-connections.legacy-index', ['tenant' => $environment])) ->assertNotFound(); }); it('hides managed-environment routes when the current workspace differs', function (): void { [$user, $environment] = createUserWithTenant(role: 'owner'); $otherWorkspace = Workspace::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $otherWorkspace->getKey(), 'user_id' => (int) $user->getKey(), 'role' => 'owner', ]); $this->actingAs($user)->withSession([ WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey(), ]); $this ->get(route('admin.provider-connections.legacy-index', ['tenant' => $environment])) ->assertNotFound(); });