ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
1be262a756
TenantAtlas/tests/Feature/Filament/Alerts/AlertDestinationAccessTest.php
ahmido 3ed275cef3 feat(alerts): Monitoring cluster + v1 resources (spec 099) (#121) 
Implements spec `099-alerts-v1-teams-email`.

- Monitoring navigation: Alerts as a cluster under Monitoring; default landing is Alert deliveries.
- Tenant panel: Alerts points to `/admin/alerts` and the cluster navigation is hidden in tenant panel.
- Guard compliance: removes direct `Gate::` usage from Alert resources so `NoAdHocFilamentAuthPatternsTest` passes.

Verification:
- Full suite: `1348 passed, 7 skipped` (EXIT=0).

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #121
2026-02-18 15:20:43 +00:00

61 lines
2.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\AlertDestinationResource;
use App\Models\AlertDestination;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Services\Auth\WorkspaceCapabilityResolver;
it('returns 404 when a workspace member tries to edit a destination from another workspace', function (): void {
[$user] = createUserWithTenant(role: 'owner');
$otherWorkspace = Workspace::factory()->create();
$destination = AlertDestination::factory()->create([
'workspace_id' => (int) $otherWorkspace->getKey(),
]);
$workspaceId = (int) session()->get(\App\Support\Workspaces\WorkspaceContext::SESSION_KEY);
expect($workspaceId)->not->toBe(0);
$this->actingAs($user)
->get(AlertDestinationResource::getUrl('edit', ['record' => $destination], panel: 'admin'))
->assertNotFound();
});
it('returns 403 for members missing alerts view capability', function (): void {
$workspace = Workspace::factory()->create();
$user = User::factory()->create();
WorkspaceMembership::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'readonly',
]);
$resolver = \Mockery::mock(WorkspaceCapabilityResolver::class);
$resolver->shouldReceive('isMember')->andReturnTrue();
$resolver->shouldReceive('can')->andReturnFalse();
app()->instance(WorkspaceCapabilityResolver::class, $resolver);
session()->put(\App\Support\Workspaces\WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
$this->actingAs($user)
->get(AlertDestinationResource::getUrl(panel: 'admin'))
->assertForbidden();
});
it('allows members with alerts view but forbids create for members without alerts manage', function (): void {
[$user] = createUserWithTenant(role: 'readonly');
$this->actingAs($user)
->get(AlertDestinationResource::getUrl(panel: 'admin'))
->assertOk();
$this->actingAs($user)
->get(AlertDestinationResource::getUrl('create', panel: 'admin'))
->assertForbidden();
});
Reference in New Issue View Git Blame Copy Permalink