ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
68ff50d460
TenantAtlas/apps/platform/tests/Feature/Spec085/OperationsIndexHeaderTest.php
ahmido e0c2cdb1f4 feat: enforce workspace and environment scope contract (Spec 338) (#409) 
## Summary
- enforce the canonical workspace/environment scope contract for workspace hubs and environment-owned surfaces
- replace first-party Operations deep links that leaked Filament `tableFilters[...]` internals with stable product-level query behavior
- add the sidebar scope indicator and split environment-page navigation into explicit `Workspace-wide` and `Workspace admin` groups
- remove redundant tenantless `All environments` scope badges from workspace-wide pages while preserving explicit environment filter affordances
- include the Spec 338 artifacts, guard tests, and browser smoke coverage for the new contract

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Navigation/Spec338EnvironmentSidebarSeparationTest.php tests/Feature/Navigation/Spec338OperationRunLinksQueryContractTest.php tests/Feature/Navigation/Spec338SidebarScopeIndicatorTest.php tests/Feature/Filament/PanelNavigationSegregationTest.php`
- `cd apps/platform && ./vendor/bin/sail php vendor/bin/pest tests/Browser/Spec338ScopeContractSmokeTest.php --compact`

## Notes
- Livewire v4 compliance unchanged
- Filament provider registration remains in `bootstrap/providers.php`
- no destructive action behavior changed
- no migrations, env var changes, or new Filament asset registration

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #409
2026-05-31 01:36:08 +00:00

120 lines
4.7 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ManagedEnvironment;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;
uses(RefreshDatabase::class);
beforeEach(function (): void {
Http::preventStrayRequests();
});
it('keeps the workspace operations route tenantless without a generic all-environments badge', function (): void {
$tenant = ManagedEnvironment::factory()->create();
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner');
Filament::setTenant($tenant, true);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.operations.index', ['workspace' => $tenant->workspace]))
->assertOk()
->assertSee(__('localization.shell.choose_environment'))
->assertDontSee(__('localization.shell.all_environments'))
->assertDontSee(__('localization.shell.no_environment_selected'))
->assertDontSee(__('localization.shell.environment_scope').': '.$tenant->name)
->assertDontSee('Back to '.$tenant->name)
->assertDontSee(__('localization.shell.show_all_environments'));
});
it('treats stale tenant context as workspace-wide without tenant identity hints', function (): void {
$entitledTenant = ManagedEnvironment::factory()->create();
[$user, $entitledTenant] = createUserWithTenant($entitledTenant, role: 'owner', workspaceRole: 'readonly');
$staleTenant = ManagedEnvironment::factory()->create([
'workspace_id' => (int) $entitledTenant->workspace_id,
]);
Filament::setTenant($staleTenant, true);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $entitledTenant->workspace_id])
->get(route('admin.operations.index', ['workspace' => $entitledTenant->workspace]))
->assertOk()
->assertDontSee(__('localization.shell.all_environments'))
->assertDontSee('Back to '.$staleTenant->name)
->assertDontSee($staleTenant->name)
->assertDontSee(__('localization.shell.show_all_environments'));
});
it('clears filament tenant context and last-tenant session state via clear-environment-context endpoint', function (): void {
$tenant = ManagedEnvironment::factory()->create();
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner');
$workspaceId = (int) $tenant->workspace_id;
$lastEnvironmentIds = [
(string) $workspaceId => (int) $tenant->getKey(),
];
Filament::setTenant($tenant, true);
$this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => $workspaceId,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => $lastEnvironmentIds,
])
->from('/admin/alerts')
->post('/admin/clear-environment-context')
->assertRedirect('/admin/alerts');
expect(Filament::getTenant())->toBeNull();
expect(session()->get(WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY, []))
->not->toHaveKey((string) $workspaceId);
$this->withSession([
WorkspaceContext::SESSION_KEY => $workspaceId,
])
->get(route('admin.operations.index', ['workspace' => $tenant->workspace]))
->assertOk()
->assertDontSee(__('localization.shell.all_environments'))
->assertDontSee(__('localization.shell.environment_scope').': '.$tenant->name);
});
it('clears remembered environment scope even when the stored environment is no longer operable', function (): void {
$activeEnvironment = ManagedEnvironment::factory()->create();
[$user, $activeEnvironment] = createUserWithTenant($activeEnvironment, role: 'owner');
$onboardingTenant = ManagedEnvironment::factory()->onboarding()->create([
'workspace_id' => (int) $activeEnvironment->workspace_id,
]);
createUserWithTenant(
tenant: $onboardingTenant,
user: $user,
role: 'owner',
workspaceRole: 'owner',
ensureDefaultMicrosoftProviderConnection: false,
);
$workspaceId = (int) $activeEnvironment->workspace_id;
$this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => $workspaceId,
WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [
(string) $workspaceId => (int) $onboardingTenant->getKey(),
],
])
->from(route('admin.operations.index', ['workspace' => $activeEnvironment->workspace]))
->post('/admin/clear-environment-context')
->assertRedirect(route('admin.operations.index', ['workspace' => $activeEnvironment->workspace]));
expect(session()->get(WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY, []))
->not->toHaveKey((string) $workspaceId);
});
Reference in New Issue View Git Blame Copy Permalink