ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2fa468bdc7
TenantAtlas/apps/platform/tests/Feature/Auth/WorkspaceFirstManagedEnvironmentAccessTest.php
ahmido b159dacd36 feat: clean up legacy tenant environment context (#372) 
## Summary
- remove legacy tenant-scoped routing and middleware paths in favor of the current environment/workspace context flow
- update Filament pages and resources to use the cleaned-up admin surface and environment filter context
- add the related spec 317 artifacts and targeted tests for environment filter state and legacy context cleanup

## Testing
- not run as part of this commit/push/PR workflow

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #372
2026-05-16 18:25:36 +00:00

90 lines
3.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ManagedEnvironment;
use App\Models\ManagedEnvironmentMembership;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Services\Auth\CapabilityResolver;
use App\Services\Auth\ManagedEnvironmentAccessScopeResolver;
use App\Support\Auth\Capabilities;
use App\Support\Workspaces\WorkspaceContext;
use Filament\PanelRegistry;
it('allows workspace members to access active environments without environment scope rows', function (): void {
$workspace = Workspace::factory()->create();
$tenantA = ManagedEnvironment::factory()->active()->create([
'workspace_id' => (int) $workspace->getKey(),
'name' => 'Tenant A',
]);
$tenantB = ManagedEnvironment::factory()->active()->create([
'workspace_id' => (int) $workspace->getKey(),
'name' => 'Tenant B',
]);
$user = User::factory()->create();
WorkspaceMembership::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'readonly',
]);
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
/** @var \Filament\Panel $panel */
$panel = app(PanelRegistry::class)->get('admin');
$tenants = $user->getTenants($panel);
expect($user->canAccessTenant($tenantA))->toBeTrue()
->and($user->canAccessTenant($tenantB))->toBeTrue()
->and($tenants->pluck('name')->all())->toEqual(['Tenant A', 'Tenant B']);
});
it('narrows tenant selection and clears stale remembered environment context', function (): void {
$workspace = Workspace::factory()->create();
$allowedTenant = ManagedEnvironment::factory()->active()->create([
'workspace_id' => (int) $workspace->getKey(),
'name' => 'Allowed Tenant',
]);
$deniedTenant = ManagedEnvironment::factory()->active()->create([
'workspace_id' => (int) $workspace->getKey(),
'name' => 'Denied Tenant',
]);
$user = User::factory()->create();
WorkspaceMembership::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'manager',
]);
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
ManagedEnvironmentMembership::query()->create([
'managed_environment_id' => (int) $allowedTenant->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'readonly',
'source' => 'manual',
]);
app(CapabilityResolver::class)->clearCache();
app(ManagedEnvironmentAccessScopeResolver::class)->clearCache();
app(WorkspaceContext::class)->rememberLastEnvironmentId((int) $workspace->getKey(), (int) $deniedTenant->getKey());
/** @var \Filament\Panel $panel */
$panel = app(PanelRegistry::class)->get('admin');
$allowedDecision = app(ManagedEnvironmentAccessScopeResolver::class)->decision($user, $allowedTenant, Capabilities::WORKSPACE_SETTINGS_VIEW);
$defaultTenant = $user->getDefaultTenant($panel);
$tenants = $user->getTenants($panel);
expect($defaultTenant?->getKey())->toBe($allowedTenant->getKey())
->and($allowedDecision->workspaceRole)->toBe('manager')
->and($allowedDecision->capabilityAllowed)->toBeTrue()
->and(app(WorkspaceContext::class)->lastEnvironmentId())->toBeNull()
->and($tenants)->toHaveCount(1)
->and($tenants->first()?->getKey())->toBe($allowedTenant->getKey());
});
Reference in New Issue View Git Blame Copy Permalink