ahmido
90bfe1516e
Implements Spec 090 (Action Surface Contract Compliance & RBAC Hardening). Highlights: - Adds/updates action surface declarations and shrinks baseline exemptions. - Standardizes Filament action grouping/order and empty-state CTAs. - Enforces RBAC UX semantics (non-member -> 404, member w/o capability -> disabled + tooltip, server-side 403). - Adds audit logging for successful side-effect actions. - Fixes Provider Connections list context so header create + row actions resolve tenant correctly. Tests (focused): - vendor/bin/sail artisan test --compact tests/Feature/090/ - vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php - vendor/bin/sail bin pint --dirty Livewire/Filament: - Filament v5 + Livewire v4 compliant. - No panel provider registration changes (Laravel 11+ registration remains in bootstrap/providers.php). Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #108
52 lines
1.6 KiB
PHP
52 lines
1.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Tests\TestCase;
|
|
|
|
final class RbacSemanticsTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_spec090_returns_404_for_non_members_trying_to_edit_a_workspace(): void
|
|
{
|
|
$workspaceA = Workspace::factory()->create();
|
|
$workspaceB = Workspace::factory()->create();
|
|
|
|
$user = User::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $workspaceA->getKey(),
|
|
'user_id' => (int) $user->getKey(),
|
|
'role' => 'owner',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceA->getKey()])
|
|
->get('/admin/workspaces/'.(int) $workspaceB->getKey().'/edit')
|
|
->assertNotFound();
|
|
}
|
|
|
|
public function test_spec090_returns_403_for_workspace_members_missing_workspace_manage_on_workspace_edit(): void
|
|
{
|
|
$workspace = Workspace::factory()->create();
|
|
$user = User::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'user_id' => (int) $user->getKey(),
|
|
'role' => 'manager',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
|
->get('/admin/workspaces/'.(int) $workspace->getKey().'/edit')
|
|
->assertForbidden();
|
|
}
|
|
}
|