ahmido
361e301f67
Ordering + limit-only Test für created_at DESC in DependencyExtractionFeatureTest.php UI Test für masked Identifier (ID: 123456…) + Guest-Access blocked in InventoryItemDependenciesTest.php Quickstart ergänzt um manuellen <2s Check in quickstart.md pr-gate Checkbox-Format normalisiert (kein leading space) in pr-gate.md Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #49
44 lines
1.4 KiB
PHP
44 lines
1.4 KiB
PHP
<?php
|
|
|
|
use App\Models\InventoryItem;
|
|
use App\Models\InventoryLink;
|
|
use App\Models\Tenant;
|
|
use App\Services\Inventory\DependencyQueryService;
|
|
use Illuminate\Support\Str;
|
|
|
|
it('does not leak edges across tenants in service queries', function () {
|
|
$tenantA = Tenant::factory()->create();
|
|
$tenantB = Tenant::factory()->create();
|
|
|
|
/** @var InventoryItem $itemA */
|
|
$itemA = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenantA->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
// Edge for tenant A
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenantA->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $itemA->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => (string) Str::uuid(),
|
|
'relationship_type' => 'assigned_to',
|
|
]);
|
|
|
|
// Edge for tenant B with same source/target ids but different tenant
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenantB->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $itemA->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => (string) Str::uuid(),
|
|
'relationship_type' => 'assigned_to',
|
|
]);
|
|
|
|
$svc = app(DependencyQueryService::class);
|
|
$outboundA = $svc->getOutboundEdges($itemA);
|
|
|
|
expect($outboundA->count())->toBe(1);
|
|
});
|