ahmido
0cf612826f
Feature branch PR for Spec 114. This branch contains the merged agent session work (see merge commit on branch). Tests - `vendor/bin/sail artisan test --compact tests/Feature/System/Spec114/` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #139
51 lines
1.5 KiB
PHP
51 lines
1.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\PlatformUser;
|
|
use App\Models\User;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Str;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('returns 404 for tenant-guard access to representative /system urls', function (string $url) {
|
|
$tenantUser = User::factory()->create();
|
|
|
|
$this->actingAs($tenantUser)->get($url)->assertNotFound();
|
|
})->with([
|
|
'/system/login',
|
|
'/system',
|
|
'/system/ops/runbooks',
|
|
'/system/ops/runs',
|
|
]);
|
|
|
|
it('returns 403 for platform users missing required system page capabilities', function (string $url, array $capabilities) {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => $capabilities,
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get($url)
|
|
->assertForbidden();
|
|
})->with([
|
|
['/system', []],
|
|
['/system/ops/runbooks', [PlatformCapabilities::ACCESS_SYSTEM_PANEL]],
|
|
['/system/ops/runs', [PlatformCapabilities::ACCESS_SYSTEM_PANEL]],
|
|
]);
|
|
|
|
it('uses a distinct session cookie name for /system versus /admin', function () {
|
|
$systemCookieName = Str::slug((string) config('app.name', 'laravel')).'-system-session';
|
|
$adminCookieName = (string) config('session.cookie');
|
|
|
|
expect($systemCookieName)->not->toBe($adminCookieName);
|
|
|
|
$this->get('/system/login')
|
|
->assertSuccessful()
|
|
->assertCookie($systemCookieName);
|
|
|
|
$this->get('/admin/login')->assertSuccessful();
|
|
});
|