33 lines
993 B
PHP
33 lines
993 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\User;
|
|
use App\Policies\ProviderConnectionPolicy;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Auth\Access\Response;
|
|
|
|
it('ScopeHardening does not derive workspace authority from Filament tenant in ProviderConnectionPolicy', function (): void {
|
|
$environment = ManagedEnvironment::factory()->active()->create([
|
|
'external_id' => 'spec339-scopehardening-policy-env',
|
|
]);
|
|
|
|
[$user, $environment] = createUserWithTenant(tenant: $environment, role: 'owner');
|
|
|
|
expect($user)->toBeInstanceOf(User::class);
|
|
|
|
session()->forget(WorkspaceContext::SESSION_KEY);
|
|
|
|
Filament::setTenant($environment, true);
|
|
|
|
/** @var ProviderConnectionPolicy $policy */
|
|
$policy = app(ProviderConnectionPolicy::class);
|
|
|
|
$result = $policy->viewAny($user);
|
|
|
|
expect($result)->toBeInstanceOf(Response::class);
|
|
expect($result->denied())->toBeTrue();
|
|
});
|