TenantAtlas/tests/Feature/Spec085/DenyAsNotFoundSemanticsTest.php

<?php

declare(strict_types=1);

use App\Filament\Pages\TenantDashboard;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;

uses(RefreshDatabase::class);

beforeEach(function (): void {
    Http::preventStrayRequests();
});

it('returns 404 for non-workspace-members on central operations index', function (): void {
    $user = User::factory()->create();

    session()->forget(WorkspaceContext::SESSION_KEY);

    $this->actingAs($user)
        ->get('/admin/operations')
        ->assertNotFound();
});

it('returns 404 for non-workspace-members on central operation run detail', function (): void {
    $workspace = Workspace::factory()->create();
    $user = User::factory()->create();

    session()->forget(WorkspaceContext::SESSION_KEY);

    $run = OperationRun::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'tenant_id' => null,
        'type' => 'provider.connection.check',
        'status' => OperationRunStatus::Queued->value,
        'outcome' => OperationRunOutcome::Pending->value,
    ]);

    $this->actingAs($user)
        ->get("/admin/operations/{$run->getKey()}")
        ->assertNotFound();
});

it('returns 404 for non-entitled users on tenant dashboard direct access', function (): void {
    $tenantA = Tenant::factory()->create();
    [$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner');

    $tenantB = Tenant::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
    ]);

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
        ->get(TenantDashboard::getUrl(panel: 'tenant', tenant: $tenantB))
        ->assertNotFound();
});