ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
358-operationrun-queue-truth-foundation
TenantAtlas/apps/platform/tests/Feature/ProviderConnections/MvpProviderScopeTest.php
ahmido fcb03d2aee feat: harden provider connection authority resolution (339) (#410) 
## Summary
- harden Provider Connection authority so workspace scope comes only from explicit workspace context and record ownership
- require explicit `environment_id` for Provider Connection create flows and remove remembered-environment or Filament-tenant fallback authority
- keep legacy query aliases such as `tenant`, `tenant_id`, and `managed_environment_id` inert for Provider Connection access
- add targeted Spec 339 feature coverage for create authority, workspace authority, and wrong-workspace / legacy-query denial behavior
- include Spec 339 artifacts (`spec.md`, `plan.md`, `tasks.md`) for the hardening slice

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening`

## Notes
- no new uncommitted workspace changes were present to commit in this turn; the branch already contained the feature commits
- Livewire v4 compliance unchanged
- Filament provider registration remains in `bootstrap/providers.php`
- no migrations, new assets, or route-family restructures

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #410
2026-05-31 11:59:41 +00:00

48 lines
1.8 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\ProviderConnectionResource\Pages\CreateProviderConnection;
use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
use App\Models\ProviderConnection;
use Filament\Facades\Filament;
use Livewire\Livewire;
it('keeps provider scope microsoft-only in the create flow and list filter options', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$component = Livewire::withQueryParams([
'environment_id' => (int) $tenant->getKey(),
])->test(CreateProviderConnection::class);
$component
->fillForm([
'display_name' => 'MVP Scope Connection',
'entra_tenant_id' => (string) fake()->uuid(),
'is_default' => true,
])
->call('create')
->assertHasNoFormErrors();
$created = ProviderConnection::query()
->where('managed_environment_id', (int) $tenant->getKey())
->where('display_name', 'MVP Scope Connection')
->first();
expect($created)->not->toBeNull();
expect($created?->provider)->toBe('microsoft');
expect($created?->is_enabled)->toBeTrue();
expect($created?->consent_status?->value ?? $created?->consent_status)->toBe('required');
expect($created?->verification_status?->value ?? $created?->verification_status)->toBe('unknown');
$listComponent = Livewire::test(ListProviderConnections::class);
$providerFilter = $listComponent->instance()->getTable()->getFilters()['provider'] ?? null;
expect($providerFilter)->not->toBeNull();
expect($providerFilter?->getOptions())->toBe(['microsoft' => 'Microsoft']);
});
Reference in New Issue View Git Blame Copy Permalink