ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
065-tenant-rbac-v1
TenantAtlas/tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

45 lines
1.3 KiB
PHP
Raw Permalink Blame History

<?php
use App\Models\Tenant;
use App\Models\User;
use Filament\PanelRegistry;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('only returns membership tenants for normal users', function () {
$user = User::factory()->create();
$allowed = Tenant::factory()->create(['name' => 'Allowed']);
$blocked = Tenant::factory()->create(['name' => 'Blocked']);
$user->tenants()->syncWithoutDetaching([
$allowed->getKey() => ['role' => 'readonly'],
]);
/** @var \Filament\Panel $panel */
$panel = app(PanelRegistry::class)->get('admin');
$tenants = $user->getTenants($panel);
expect($tenants)->toHaveCount(1);
expect($tenants->first()?->getKey())->toBe($allowed->getKey());
expect($tenants->first()?->name)->toBe('Allowed');
expect($tenants->contains(fn (Tenant $tenant) => $tenant->getKey() === $blocked->getKey()))->toBeFalse();
});
it('returns all active tenants for platform superadmins', function () {
$user = User::factory()->create();
$a = Tenant::factory()->create(['name' => 'A']);
$b = Tenant::factory()->create(['name' => 'B']);
/** @var \Filament\Panel $panel */
$panel = app(PanelRegistry::class)->get('admin');
$tenants = $user->getTenants($panel);
expect($tenants)->toHaveCount(0);
});
Reference in New Issue View Git Blame Copy Permalink