051db1842d
Spec 107: Workspace Chooser v1 (Enterprise) + In-App Switch Entry Point ## Core changes - Refactor EnsureWorkspaceSelected middleware: 7-step algorithm with auto-resume (single membership + last_workspace_id), stale session detection, ?choose=1 forced chooser, workspace-optional path bypass - Create WorkspaceRedirectResolver for DRY tenant-count branching (0→managed-tenants, 1→tenant-dashboard, >1→choose-tenant) - Add WorkspaceAutoSelected + WorkspaceSelected audit enum cases - Rewrite ChooseWorkspace page: role badges, tenant counts, wire:click selection, audit logging, WorkspaceRedirectResolver - Add 'Switch workspace' user menu item in AdminPanelProvider - Rewrite SwitchWorkspaceController with audit + resolver - Replace inline tenant branching in routes/web.php with resolver ## New test files (6) - WorkspaceRedirectResolverTest (5 tests Spec 107: Workspace Chooser v1 (Enterprise) + In-App Switch Entry Point ## Core changes - Refactor EnsureWorkspaceSelected middleware: 7-step algorithmst ## Core changes - Refactor EnsureWorkspaceSelected middleware: 7-stepes - Refactor Ensng auto-resume (single membership + last_workspace_id), stale sessioid detection, ?choose=1 forced chooser, w (security invariant preserve- Create WorkspaceRedirectResolver for DRY tenant-count branching (0→managed-tenants, 1→tenant-dashboapped (8163 assertions)
67 lines
2.4 KiB
PHP
67 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
|
|
it('redirects legacy tenant-scoped provider connection routes for entitled members', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$connection = ProviderConnection::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'provider' => 'microsoft',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->get('/admin/tenants/'.$tenant->external_id.'/provider-connections')
|
|
->assertStatus(302)
|
|
->assertRedirect('/admin/provider-connections?tenant_id='.$tenant->external_id);
|
|
|
|
$this->actingAs($user)
|
|
->get('/admin/tenants/'.$tenant->external_id.'/provider-connections/create')
|
|
->assertStatus(302)
|
|
->assertRedirect('/admin/provider-connections/create?tenant_id='.$tenant->external_id);
|
|
|
|
$this->actingAs($user)
|
|
->get('/admin/tenants/'.$tenant->external_id.'/provider-connections/'.$connection->getKey().'/edit')
|
|
->assertStatus(302)
|
|
->assertRedirect('/admin/provider-connections/'.$connection->getKey().'/edit?tenant_id='.$tenant->external_id);
|
|
});
|
|
|
|
it('redirects non-workspace-members on legacy routes', function (): void {
|
|
$user = User::factory()->create();
|
|
$tenant = Tenant::factory()->create();
|
|
|
|
$this->actingAs($user)
|
|
->get('/admin/tenants/'.$tenant->external_id.'/provider-connections')
|
|
->assertRedirect();
|
|
});
|
|
|
|
it('returns 404 without location header for non-tenant members on legacy routes', function (): void {
|
|
$tenantA = Tenant::factory()->create();
|
|
$tenantB = Tenant::factory()->create([
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
]);
|
|
|
|
[$user] = createUserWithTenant(tenant: $tenantA, role: 'owner');
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
|
|
->get('/admin/tenants/'.$tenantB->external_id.'/provider-connections')
|
|
->assertNotFound()
|
|
->assertHeaderMissing('Location');
|
|
});
|
|
|
|
it('keeps /admin/t/{tenant}/provider-connections as not found and not redirected', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$this->actingAs($user)
|
|
->get('/admin/t/'.$tenant->external_id.'/provider-connections')
|
|
->assertNotFound()
|
|
->assertHeaderMissing('Location');
|
|
});
|