43 lines
1.4 KiB
PHP
43 lines
1.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Services\Auth\WorkspaceRoleCapabilityMap;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Auth\WorkspaceRole;
|
|
|
|
it('has deterministic workspace role capability mappings (golden)', function () {
|
|
expect(WorkspaceRoleCapabilityMap::getCapabilities(WorkspaceRole::Owner))->toEqual([
|
|
Capabilities::WORKSPACE_VIEW,
|
|
Capabilities::WORKSPACE_MANAGE,
|
|
Capabilities::WORKSPACE_ARCHIVE,
|
|
Capabilities::WORKSPACE_MEMBERSHIP_VIEW,
|
|
Capabilities::WORKSPACE_MEMBERSHIP_MANAGE,
|
|
]);
|
|
|
|
expect(WorkspaceRoleCapabilityMap::getCapabilities(WorkspaceRole::Manager))->toEqual([
|
|
Capabilities::WORKSPACE_VIEW,
|
|
Capabilities::WORKSPACE_MEMBERSHIP_VIEW,
|
|
Capabilities::WORKSPACE_MEMBERSHIP_MANAGE,
|
|
]);
|
|
|
|
expect(WorkspaceRoleCapabilityMap::getCapabilities(WorkspaceRole::Operator))->toEqual([
|
|
Capabilities::WORKSPACE_VIEW,
|
|
Capabilities::WORKSPACE_MEMBERSHIP_VIEW,
|
|
]);
|
|
|
|
expect(WorkspaceRoleCapabilityMap::getCapabilities(WorkspaceRole::Readonly))->toEqual([
|
|
Capabilities::WORKSPACE_VIEW,
|
|
]);
|
|
});
|
|
|
|
it('does not grant unknown capabilities via workspace role map', function () {
|
|
$allCapabilities = Capabilities::all();
|
|
|
|
foreach (WorkspaceRole::cases() as $role) {
|
|
foreach (WorkspaceRoleCapabilityMap::getCapabilities($role) as $capability) {
|
|
expect($allCapabilities)->toContain($capability);
|
|
}
|
|
}
|
|
});
|