ahmido
292d555eac
## Summary - consolidate internal platform naming from `Tenant` to `Environment` / `ManagedEnvironment` across models, controllers, services, and Filament resources - rename environment-scoped UI surfaces such as dashboards, chooser flows, navigation, and related widgets to match the updated environment-first domain language - align middleware, onboarding/review lifecycle services, jobs, and route/context controllers with the new environment-scoped architecture ## Validation - not rerun as part of this commit/push/PR request ## Notes - branch is 1 commit ahead of `platform-dev` - main commit: `refactor: consolidate internal tenant model naming` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #355
90 lines
3.4 KiB
PHP
90 lines
3.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes;
|
|
use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers\ManagedEnvironmentMembershipsRelationManager;
|
|
use App\Models\ManagedEnvironmentMembership;
|
|
use App\Models\User;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Services\Auth\ManagedEnvironmentMembershipManager;
|
|
use Livewire\Livewire;
|
|
|
|
it('allows an owner to add and remove explicit environment access scopes', function (): void {
|
|
[$owner, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$member = User::factory()->create(['name' => 'Member User']);
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'user_id' => (int) $member->getKey(),
|
|
'role' => 'readonly',
|
|
]);
|
|
|
|
Livewire::actingAs($owner)
|
|
->test(ManagedEnvironmentMembershipsRelationManager::class, [
|
|
'ownerRecord' => $tenant,
|
|
'pageClass' => ManageEnvironmentAccessScopes::class,
|
|
])
|
|
->callTableAction('add_member', null, [
|
|
'user_id' => $member->getKey(),
|
|
'role' => 'owner',
|
|
]);
|
|
|
|
$membership = ManagedEnvironmentMembership::query()
|
|
->where('managed_environment_id', $tenant->getKey())
|
|
->where('user_id', $member->getKey())
|
|
->first();
|
|
|
|
expect($membership)->not->toBeNull();
|
|
expect($membership?->role)->toBe('readonly');
|
|
|
|
Livewire::actingAs($owner)
|
|
->test(ManagedEnvironmentMembershipsRelationManager::class, [
|
|
'ownerRecord' => $tenant,
|
|
'pageClass' => ManageEnvironmentAccessScopes::class,
|
|
])
|
|
->callTableAction('remove', $membership);
|
|
|
|
expect(ManagedEnvironmentMembership::query()->whereKey($membership?->getKey())->exists())->toBeFalse();
|
|
});
|
|
|
|
it('hides scope management actions from readonly workspace members', function (): void {
|
|
[$readonly, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$member = User::factory()->create();
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'user_id' => (int) $member->getKey(),
|
|
'role' => 'readonly',
|
|
]);
|
|
|
|
$membership = ManagedEnvironmentMembership::query()->create([
|
|
'managed_environment_id' => (int) $tenant->getKey(),
|
|
'user_id' => (int) $member->getKey(),
|
|
'role' => 'readonly',
|
|
'source' => 'manual',
|
|
]);
|
|
|
|
Livewire::actingAs($readonly)
|
|
->test(ManagedEnvironmentMembershipsRelationManager::class, [
|
|
'ownerRecord' => $tenant,
|
|
'pageClass' => ManageEnvironmentAccessScopes::class,
|
|
])
|
|
->assertTableActionVisible('add_member')
|
|
->assertTableActionDisabled('add_member')
|
|
->assertTableActionVisible('remove', $membership)
|
|
->assertTableActionDisabled('remove', $membership);
|
|
});
|
|
|
|
it('rejects role changes on explicit environment access scopes', function (): void {
|
|
[$owner, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$membership = ManagedEnvironmentMembership::query()
|
|
->where('managed_environment_id', $tenant->getKey())
|
|
->where('user_id', $owner->getKey())
|
|
->firstOrFail();
|
|
|
|
expect(fn () => app(ManagedEnvironmentMembershipManager::class)->changeRole($tenant, $owner, $membership, 'manager'))
|
|
->toThrow(DomainException::class, 'Managed-environment access scopes do not manage roles. Change the workspace role instead.');
|
|
});
|