41 lines
1.2 KiB
PHP
41 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\PlatformUser;
|
|
use App\Models\User;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use Filament\PanelRegistry;
|
|
|
|
it('keeps platform users scoped to the system panel contract', function (): void {
|
|
$platformUser = PlatformUser::factory()->make([
|
|
'capabilities' => [PlatformCapabilities::ACCESS_SYSTEM_PANEL],
|
|
]);
|
|
|
|
expect($platformUser->canAccessPanel(app(PanelRegistry::class)->get('system')))->toBeTrue()
|
|
->and($platformUser->canAccessPanel(app(PanelRegistry::class)->get('admin')))->toBeFalse();
|
|
});
|
|
|
|
it('denies ordinary workspace users on system panel routes as not found', function (): void {
|
|
[$user] = createUserWithTenant(role: 'owner');
|
|
|
|
$this->actingAs($user)
|
|
->get('/system')
|
|
->assertNotFound();
|
|
|
|
$this->actingAs($user)
|
|
->get('/system/directory/workspaces')
|
|
->assertNotFound();
|
|
});
|
|
|
|
it('keeps missing system capability as forbidden for platform users', function (): void {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get('/system')
|
|
->assertForbidden();
|
|
});
|