143 lines
4.6 KiB
PHP
143 lines
4.6 KiB
PHP
<?php
|
|
|
|
use App\Filament\Pages\ChooseTenant;
|
|
use App\Filament\Pages\TenantDashboard;
|
|
use App\Filament\Resources\TenantResource\Pages\ListTenants;
|
|
use App\Models\Tenant;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
test('readonly users may switch current tenant via ChooseTenant', function () {
|
|
[$user, $tenantA] = createUserWithTenant(role: 'readonly');
|
|
|
|
$tenantB = Tenant::factory()->create([
|
|
'status' => 'active',
|
|
'is_current' => false,
|
|
]);
|
|
|
|
$user->tenants()->syncWithoutDetaching([
|
|
$tenantB->getKey() => ['role' => 'readonly'],
|
|
]);
|
|
|
|
$tenantB->makeCurrent();
|
|
|
|
expect($tenantA->fresh()->is_current)->toBeFalse();
|
|
expect($tenantB->fresh()->is_current)->toBeTrue();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ChooseTenant::class)
|
|
->call('selectTenant', $tenantA->getKey())
|
|
->assertRedirect(TenantDashboard::getUrl(tenant: $tenantA));
|
|
});
|
|
|
|
test('users cannot switch to a tenant they are not a member of', function () {
|
|
[$user] = createUserWithTenant(role: 'readonly');
|
|
|
|
$tenant = Tenant::factory()->create([
|
|
'status' => 'active',
|
|
]);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ChooseTenant::class)
|
|
->call('selectTenant', $tenant->getKey())
|
|
->assertStatus(404);
|
|
});
|
|
|
|
test('readonly users cannot deactivate tenants (archive)', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_DELETE, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('archive', $tenant)
|
|
->callTableAction('archive', $tenant);
|
|
|
|
expect($tenant->fresh()->trashed())->toBeFalse();
|
|
});
|
|
|
|
test('readonly users cannot force delete tenants', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$tenant->delete();
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_DELETE, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('forceDelete', $tenant)
|
|
->callTableAction('forceDelete', $tenant);
|
|
|
|
expect(Tenant::withTrashed()->find($tenant->getKey()))->not->toBeNull();
|
|
});
|
|
|
|
test('readonly users cannot verify tenant configuration', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('verify', $tenant)
|
|
->callTableAction('verify', $tenant);
|
|
});
|
|
|
|
test('readonly users cannot setup intune rbac', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('setup_rbac', $tenant);
|
|
});
|
|
|
|
test('readonly users cannot edit tenants', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('edit', $tenant);
|
|
});
|
|
|
|
test('readonly users cannot open admin consent', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(\App\Filament\Resources\TenantResource::adminConsentUrl($tenant))->not->toBeNull();
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('admin_consent', $tenant);
|
|
});
|
|
|
|
test('readonly users cannot start tenant sync from tenant menu', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_SYNC, $tenant))->toBeFalse();
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionDisabled('syncTenant', $tenant);
|
|
});
|