ahmido
2bf5de4663
Summary Consolidates the “Tenant Operate Hub” work (Spec 085) and the follow-up adjustments from the 086 session merge into a single branch ready to merge into dev. Primary focus: stabilize Ops/Operate Hub UX flows, tighten/align authorization semantics, and make the full Sail test suite green. Key Changes Ops UX / Verification Readonly members can view verification operation runs (reports) while starting verification remains restricted. Normalized failure reason-code handling and aligned UX expectations with the provider reason-code taxonomy. Onboarding wizard UX “Start verification” CTA is hidden while a verification run is active; “Refresh” is shown during in-progress runs. Treats provider_permission_denied as a blocking reason (while keeping legacy compatibility). Test + fixture hardening Standardized use of default provider connection fixtures in tests where sync/restore flows require it. Fixed multiple Filament URL/tenant-context test cases to avoid 404s and reduce tenancy routing brittleness. Policy sync / restore safety Enrollment configuration type collision classification tests now exercise the real sync path (with required provider connection present). Restore edge-case safety tests updated to reflect current provider-connection requirements. Testing vendor/bin/sail artisan test --compact (green) vendor/bin/sail bin pint --dirty (green) Notes Includes merged 086 session work already (no separate PR needed). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@ebc83aaa-d947-4a08-b88e-bd72ac9645f7.fritz.box> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box> Reviewed-on: #103
40 lines
1.2 KiB
PHP
40 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\TenantResource;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
|
|
it('returns 403 for a member without managed-tenant manage capability when accessing edit', function (): void {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user] = createUserWithTenant($tenant, role: 'readonly');
|
|
|
|
$this->actingAs($user)
|
|
->get(TenantResource::getUrl('edit', ['record' => $tenant]))
|
|
->assertForbidden();
|
|
});
|
|
|
|
it('returns 404 for a non-member attempting to access a workspace managed-tenant list', function (): void {
|
|
$workspace = Workspace::factory()->create();
|
|
Tenant::factory()->create(['workspace_id' => $workspace->getKey()]);
|
|
|
|
$user = User::factory()->create();
|
|
|
|
$otherWorkspace = Workspace::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => $otherWorkspace->getKey(),
|
|
'user_id' => $user->getKey(),
|
|
'role' => 'readonly',
|
|
]);
|
|
|
|
$user->forceFill(['last_workspace_id' => $otherWorkspace->getKey()])->save();
|
|
|
|
$this->actingAs($user)
|
|
->get('/admin/w/'.$workspace->slug.'/managed-tenants')
|
|
->assertNotFound();
|
|
});
|