ahmido
eceeee9c5c
## Summary - retire the remaining tenant-scoped provider-connection legacy routes and update canonical verification and link behavior - complete the provider target-scope fallback cleanup so neutral shared scope data falls back to the managed environment when the raw connection tenant identifier is blank - stop mirroring workspace roles into managed-environment scope persistence and cut the targeted admin-panel test helpers over to the post-cutover context path - add and update the Spec 287 artifact package and targeted regression coverage for route retirement, provider-core neutralization, workspace-first RBAC, and helper cutover ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ProviderConnections/TenantlessListRouteTest.php tests/Feature/ProviderConnections/TenantlessListScopingTest.php tests/Feature/Auth/WorkspaceFirstManagedEnvironmentAccessTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` ## Notes - Filament remains on Livewire v4 and provider registration stays unchanged in `apps/platform/bootstrap/providers.php`. - No new asset registration or deployment-step changes are included in this slice. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #346
67 lines
2.1 KiB
PHP
67 lines
2.1 KiB
PHP
<?php
|
|
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('does not serve retired legacy provider routes for entitled members', function (): void {
|
|
[$user, $environment] = createUserWithTenant(role: 'owner', workspaceRole: 'manager');
|
|
|
|
$this->actingAs($user)->withSession([
|
|
WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id,
|
|
]);
|
|
|
|
$this
|
|
->get('/admin/tenants/'.$environment->slug.'/provider-connections')
|
|
->assertNotFound()
|
|
->assertHeaderMissing('Location');
|
|
});
|
|
|
|
it('hides managed-environment routes from workspace members without environment membership', function (): void {
|
|
$workspace = Workspace::factory()->create();
|
|
$environment = ManagedEnvironment::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
]);
|
|
$user = User::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'user_id' => (int) $user->getKey(),
|
|
'role' => 'manager',
|
|
]);
|
|
|
|
$this->actingAs($user)->withSession([
|
|
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
|
]);
|
|
|
|
$this
|
|
->get('/admin/tenants/'.$environment->slug.'/provider-connections')
|
|
->assertNotFound()
|
|
->assertHeaderMissing('Location');
|
|
});
|
|
|
|
it('hides managed-environment routes when the current workspace differs', function (): void {
|
|
[$user, $environment] = createUserWithTenant(role: 'owner');
|
|
$otherWorkspace = Workspace::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $otherWorkspace->getKey(),
|
|
'user_id' => (int) $user->getKey(),
|
|
'role' => 'owner',
|
|
]);
|
|
|
|
$this->actingAs($user)->withSession([
|
|
WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey(),
|
|
]);
|
|
|
|
$this
|
|
->get('/admin/tenants/'.$environment->slug.'/provider-connections')
|
|
->assertNotFound()
|
|
->assertHeaderMissing('Location');
|
|
});
|