153 lines
5.2 KiB
PHP
153 lines
5.2 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\PolicyResource\Pages\ListPolicies;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Support\Facades\Queue;
|
|
use Livewire\Livewire;
|
|
|
|
/**
|
|
* Tests for US2: Non-members cannot infer tenant resources
|
|
*
|
|
* These tests verify that UiEnforcement correctly handles:
|
|
* - Non-members → action hidden in UI (prevents discovery)
|
|
* - Non-members → action blocked from execution (no side effects)
|
|
* - Membership revoked mid-session → still enforces protection
|
|
*
|
|
* Note on 404 behavior:
|
|
* In Filament v5, hidden actions are treated as disabled and return 200 (no execution)
|
|
* rather than 404. This is because Filament's action system doesn't support custom
|
|
* HTTP status codes for blocked actions. The security guarantee is:
|
|
* - Non-members cannot discover actions (hidden in UI)
|
|
* - Non-members cannot execute actions (blocked by Filament's isHidden check)
|
|
* - No side effects occur (jobs not pushed, data not modified)
|
|
*
|
|
* True 404 enforcement happens at the page/routing level via tenant middleware.
|
|
*/
|
|
describe('US2: Non-member sees action hidden in UI', function () {
|
|
beforeEach(function () {
|
|
Queue::fake();
|
|
});
|
|
|
|
it('hides sync action for users who are not members of the tenant', function () {
|
|
// Create user without membership to the tenant
|
|
$user = User::factory()->create();
|
|
$tenant = Tenant::factory()->create();
|
|
// No membership created
|
|
|
|
$this->actingAs($user);
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(ListPolicies::class)
|
|
->assertActionHidden('sync');
|
|
|
|
Queue::assertNothingPushed();
|
|
});
|
|
|
|
it('hides sync action for authenticated users accessing wrong tenant', function () {
|
|
// User is member of tenantA but accessing tenantB
|
|
[$user, $tenantA] = createUserWithTenant(role: 'owner');
|
|
$tenantB = Tenant::factory()->create();
|
|
// User has no membership to tenantB
|
|
|
|
$this->actingAs($user);
|
|
$tenantB->makeCurrent();
|
|
Filament::setTenant($tenantB, true);
|
|
|
|
Livewire::test(ListPolicies::class)
|
|
->assertActionHidden('sync');
|
|
|
|
Queue::assertNothingPushed();
|
|
});
|
|
});
|
|
|
|
describe('US2: Non-member action execution is blocked', function () {
|
|
beforeEach(function () {
|
|
Queue::fake();
|
|
});
|
|
|
|
it('blocks action execution for non-members (no side effects)', function () {
|
|
$user = User::factory()->create();
|
|
$tenant = Tenant::factory()->create();
|
|
// No membership
|
|
|
|
$this->actingAs($user);
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
// Hidden actions are treated as disabled by Filament
|
|
// The action call returns 200 but no execution occurs
|
|
Livewire::test(ListPolicies::class)
|
|
->mountAction('sync')
|
|
->callMountedAction()
|
|
->assertSuccessful();
|
|
|
|
// Verify no side effects
|
|
Queue::assertNothingPushed();
|
|
expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->count())->toBe(0);
|
|
});
|
|
});
|
|
|
|
describe('US2: Membership revoked mid-session still enforces protection', function () {
|
|
beforeEach(function () {
|
|
Queue::fake();
|
|
});
|
|
|
|
it('blocks action execution when membership is revoked between page load and action click', function () {
|
|
bindFailHardGraphClient();
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
// Start the test - action should be visible for member
|
|
$component = Livewire::test(ListPolicies::class)
|
|
->assertActionVisible('sync')
|
|
->assertActionEnabled('sync');
|
|
|
|
// Simulate membership revocation mid-session
|
|
$user->tenants()->detach($tenant->getKey());
|
|
|
|
// Clear capability cache to ensure fresh check
|
|
app(\App\Services\Auth\CapabilityResolver::class)->clearCache();
|
|
|
|
// Now try to execute - action is now hidden (via fresh isVisible evaluation)
|
|
// Filament blocks execution (returns 200 but no side effects)
|
|
$component
|
|
->mountAction('sync')
|
|
->callMountedAction()
|
|
->assertSuccessful();
|
|
|
|
// Verify no side effects
|
|
Queue::assertNothingPushed();
|
|
expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->count())->toBe(0);
|
|
});
|
|
|
|
it('hides action in UI after membership revocation on re-render', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
// Initial state - action visible
|
|
Livewire::test(ListPolicies::class)
|
|
->assertActionVisible('sync');
|
|
|
|
// Revoke membership
|
|
$user->tenants()->detach($tenant->getKey());
|
|
app(\App\Services\Auth\CapabilityResolver::class)->clearCache();
|
|
|
|
// New component instance (simulates page refresh)
|
|
Livewire::test(ListPolicies::class)
|
|
->assertActionHidden('sync');
|
|
|
|
Queue::assertNothingPushed();
|
|
});
|
|
});
|