ahmido
be314c577f
## Summary - rebuild the public Tenantial homepage around an evidence-first Microsoft tenant governance narrative - replace the old hero visual with a new static dashboard preview and add dedicated Trust Bar and Feature Pillars sections - update the shared public shell, navigation, footer, dark design tokens, assets, and homepage content to match the new brand direction - align website smoke coverage and Spec 400 artifacts with the rebuilt homepage ## Testing - not run in this pass - updated website smoke specs under apps/website/tests/smoke ## Note - `website-dev` was pushed to `origin` so the requested PR base exists remotely - the remote `website-dev` branch is an ancestor of `origin/dev`, so this PR may also show upstream `dev` history relative to that base Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #387
159 lines
4.8 KiB
PHP
159 lines
4.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\OperationRun;
|
|
use App\Models\PlatformUser;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use App\Support\System\SystemDirectoryLinks;
|
|
use App\Support\System\SystemOperationRunLinks;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('returns 404 when a tenant session accesses system panel routes', function (string $url) {
|
|
$user = User::factory()->create();
|
|
|
|
$this->actingAs($user)->get($url)->assertNotFound();
|
|
})->with([
|
|
'/system/login',
|
|
'/system',
|
|
'/system/ops/runbooks',
|
|
'/system/ops/runs',
|
|
]);
|
|
|
|
it('returns 403 when a platform user lacks the required capability on system pages', function (string $url) {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get($url)
|
|
->assertForbidden();
|
|
})->with([
|
|
'/system',
|
|
'/system/ops/runbooks',
|
|
'/system/ops/runs',
|
|
]);
|
|
|
|
it('returns 404 when a tenant session accesses a system operation detail route', function () {
|
|
$user = User::factory()->create();
|
|
$run = OperationRun::factory()->create();
|
|
|
|
$this->actingAs($user)
|
|
->get(SystemOperationRunLinks::view($run))
|
|
->assertNotFound();
|
|
});
|
|
|
|
it('returns 403 when a platform user lacks operations capability on system operation detail', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create();
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get(SystemOperationRunLinks::view($run))
|
|
->assertForbidden();
|
|
});
|
|
|
|
it('returns 200 on system operation detail when a platform user has operations capability', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::OPERATIONS_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create();
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get(SystemOperationRunLinks::view($run))
|
|
->assertSuccessful();
|
|
});
|
|
|
|
it('returns 200 when a platform user has the required capability', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get('/system')
|
|
->assertSuccessful();
|
|
});
|
|
|
|
it('returns 403 on runbooks when a platform user lacks the runbooks view capability even with system access', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::OPS_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get('/system/ops/runbooks')
|
|
->assertForbidden();
|
|
});
|
|
|
|
it('returns 200 on runbooks when a platform user has the required runbooks capability set', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::OPS_VIEW,
|
|
PlatformCapabilities::RUNBOOKS_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get('/system/ops/runbooks')
|
|
->assertSuccessful();
|
|
});
|
|
|
|
it('keeps system workspace detail route semantics separate from commercial business-state blocks', function (): void {
|
|
$workspace = Workspace::factory()->create();
|
|
|
|
$this->actingAs(User::factory()->create())
|
|
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
|
->assertNotFound();
|
|
|
|
auth()->guard('web')->logout();
|
|
|
|
$platformWithoutDirectoryView = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformWithoutDirectoryView, 'platform')
|
|
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
|
->assertForbidden();
|
|
|
|
$directoryViewer = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::DIRECTORY_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($directoryViewer, 'platform')
|
|
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
|
->assertSuccessful()
|
|
->assertSee('Commercial lifecycle')
|
|
->assertDontSee('Change commercial state');
|
|
});
|