ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
797728a243
TenantAtlas/tests/Feature/ProviderConnections/AuthorizationSemanticsTest.php
Ahmed Darrazi 051db1842d feat(107): implement Workspace Chooser v1 — all 40 tasks complete 
Spec 107: Workspace Chooser v1 (Enterprise) + In-App Switch Entry Point

## Core changes
- Refactor EnsureWorkspaceSelected middleware: 7-step algorithm with
  auto-resume (single membership + last_workspace_id), stale session
  detection, ?choose=1 forced chooser, workspace-optional path bypass
- Create WorkspaceRedirectResolver for DRY tenant-count branching
  (0→managed-tenants, 1→tenant-dashboard, >1→choose-tenant)
- Add WorkspaceAutoSelected + WorkspaceSelected audit enum cases
- Rewrite ChooseWorkspace page: role badges, tenant counts,
  wire:click selection, audit logging, WorkspaceRedirectResolver
- Add 'Switch workspace' user menu item in AdminPanelProvider
- Rewrite SwitchWorkspaceController with audit + resolver
- Replace inline tenant branching in routes/web.php with resolver

## New test files (6)
- WorkspaceRedirectResolverTest (5 tests
Spec 107: Workspace Chooser v1 (Enterprise) + In-App Switch Entry Point

## Core changes
- Refactor EnsureWorkspaceSelected middleware: 7-step algorithmst
## Core changes
- Refactor EnsureWorkspaceSelected middleware: 7-stepes - Refactor Ensng  auto-resume (single membership + last_workspace_id), stale sessioid  detection, ?choose=1 forced chooser, w (security invariant preserve- Create WorkspaceRedirectResolver for DRY tenant-count branching

  (0→managed-tenants, 1→tenant-dashboapped (8163 assertions)
2026-02-22 17:19:19 +01:00

31 lines
973 B
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\User;
it('enforces 404 for non-members and 403 for missing manage capability on mutations', function (): void {
$tenant = Tenant::factory()->create();
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'provider' => 'microsoft',
]);
// Non-member outsider is redirected by workspace middleware (no workspace membership).
$outsider = User::factory()->create();
$this->actingAs($outsider)
->get('/admin/provider-connections/'.$connection->getKey().'/edit')
->assertRedirect();
[$readonly] = createUserWithTenant(tenant: $tenant, role: 'readonly');
$this->actingAs($readonly)
->get('/admin/provider-connections/create?tenant_id='.(string) $tenant->external_id)
->assertForbidden();
});
Reference in New Issue View Git Blame Copy Permalink