ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
107-workspace-chooser
TenantAtlas/tests/Feature/BackupScheduling/BackupScheduleLifecycleAuthorizationTest.php
ahmido 1c098441aa feat(spec-091): BackupSchedule lifecycle + create-CTA placement rule (#109) 
Implements Spec 091 “BackupSchedule Retention & Lifecycle (Archive/Restore/Force Delete)”.

- BackupSchedule lifecycle:
  - Archive (soft delete) with confirmation; restores via Restore action; Force delete with confirmation and strict gating.
  - Force delete blocked when historical runs exist.
  - Archived schedules never dispatch/execute (dispatcher + job guard).
  - Audit events emitted for archive/restore/force delete.
  - RBAC UX semantics preserved (non-member hidden/404; member w/o capability disabled + server-side 403).

- Filament UX contract update:
  - Create CTA placement rule across create-enabled list pages:
    - Empty list: only large centered empty-state Create CTA.
    - Non-empty list: only header Create action.
  - Tests added/updated to enforce the rule.

Verification:
- `vendor/bin/sail bin pint --dirty`
- Focused tests: BackupScheduling + RBAC enforcement + EmptyState CTAs + Create CTA placement

Notes:
- Filament v5 / Livewire v4 compliant.
- Manual quickstart verification in `specs/091-backupschedule-retention-lifecycle/quickstart.md` remains to be checked (T031).

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #109
2026-02-14 13:46:06 +00:00

93 lines
3.7 KiB
PHP
Raw Permalink Blame History

<?php
use App\Filament\Resources\BackupScheduleResource;
use App\Filament\Resources\BackupScheduleResource\Pages\ListBackupSchedules;
use App\Models\BackupSchedule;
use App\Models\Tenant;
use App\Support\Auth\UiTooltips;
use Filament\Actions\Action;
use Filament\Facades\Filament;
use Filament\Tables\Filters\TrashedFilter;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Support\Facades\Gate;
use Livewire\Livewire;
it('returns 404 for non-members trying to access schedule lifecycle pages', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant(role: 'owner');
$this->actingAs($user)
->get(BackupScheduleResource::getUrl('index', tenant: $tenant))
->assertNotFound();
});
it('treats members without manage capability as forbidden for archive and restore', function () {
[$user, $tenant] = createUserWithTenant(role: 'readonly');
$schedule = BackupSchedule::query()->create([
'tenant_id' => $tenant->id,
'name' => 'Lifecycle auth readonly',
'is_enabled' => true,
'timezone' => 'UTC',
'frequency' => 'daily',
'time_of_day' => '01:00:00',
'days_of_week' => null,
'policy_types' => ['deviceConfiguration'],
'include_foundations' => true,
'retention_keep_last' => 30,
]);
$this->actingAs($user);
Filament::setTenant($tenant, true);
Livewire::test(ListBackupSchedules::class)
->assertTableActionDisabled('archive', $schedule)
->assertTableActionExists('archive', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $schedule)
->callTableAction('archive', $schedule);
expect(function () use ($user, $schedule): void {
Gate::forUser($user)->authorize('delete', $schedule);
})->toThrow(AuthorizationException::class);
$schedule->delete();
Livewire::test(ListBackupSchedules::class)
->filterTable(TrashedFilter::class, false)
->assertTableActionDisabled('restore', BackupSchedule::withTrashed()->findOrFail($schedule->id))
->assertTableActionExists('restore', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), BackupSchedule::withTrashed()->findOrFail($schedule->id));
expect(function () use ($user, $schedule): void {
Gate::forUser($user)->authorize('restore', $schedule->fresh());
})->toThrow(AuthorizationException::class);
});
it('treats members without tenant delete capability as forbidden for force delete', function () {
[$user, $tenant] = createUserWithTenant(role: 'manager');
$schedule = BackupSchedule::query()->create([
'tenant_id' => $tenant->id,
'name' => 'Force delete forbidden',
'is_enabled' => true,
'timezone' => 'UTC',
'frequency' => 'daily',
'time_of_day' => '01:00:00',
'days_of_week' => null,
'policy_types' => ['deviceConfiguration'],
'include_foundations' => true,
'retention_keep_last' => 30,
]);
$schedule->delete();
$this->actingAs($user);
Filament::setTenant($tenant, true);
Livewire::test(ListBackupSchedules::class)
->filterTable(TrashedFilter::class, false)
->assertTableActionDisabled('forceDelete', BackupSchedule::withTrashed()->findOrFail($schedule->id))
->assertTableActionExists('forceDelete', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), BackupSchedule::withTrashed()->findOrFail($schedule->id));
expect(function () use ($user, $schedule): void {
Gate::forUser($user)->authorize('forceDelete', $schedule->fresh());
})->toThrow(AuthorizationException::class);
});
Reference in New Issue View Git Blame Copy Permalink