28 lines
1.3 KiB
PHP
28 lines
1.3 KiB
PHP
<?php
|
|
|
|
use App\Support\Auth\Capabilities;
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
it('enforces readonly must-allow and must-not capabilities', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$gate = Gate::forUser($user);
|
|
|
|
expect($gate->allows(Capabilities::TENANT_VIEW, $tenant))->toBeTrue();
|
|
expect($gate->allows(Capabilities::PROVIDER_VIEW, $tenant))->toBeTrue();
|
|
expect($gate->allows(Capabilities::AUDIT_VIEW, $tenant))->toBeTrue();
|
|
|
|
expect($gate->allows(Capabilities::TENANT_MEMBERSHIP_MANAGE, $tenant))->toBeFalse();
|
|
|
|
expect($gate->allows(Capabilities::TENANT_SYNC, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::TENANT_INVENTORY_SYNC_RUN, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::TENANT_FINDINGS_ACKNOWLEDGE, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::TENANT_DELETE, $tenant))->toBeFalse();
|
|
|
|
expect($gate->allows(Capabilities::TENANT_BACKUP_SCHEDULES_RUN, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::PROVIDER_RUN, $tenant))->toBeFalse();
|
|
expect($gate->allows(Capabilities::PROVIDER_MANAGE, $tenant))->toBeFalse();
|
|
});
|