34 lines
928 B
PHP
34 lines
928 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Pages\TenantDashboard;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Tenant;
|
|
|
|
it('does not leak data across tenants on the dashboard', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$otherTenant = Tenant::factory()->create();
|
|
|
|
Finding::factory()->create([
|
|
'tenant_id' => $otherTenant->getKey(),
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'subject_external_id' => 'other-tenant-finding',
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => $otherTenant->getKey(),
|
|
'type' => 'inventory.sync',
|
|
'status' => 'running',
|
|
'outcome' => 'pending',
|
|
'initiator_name' => 'System',
|
|
]);
|
|
|
|
$this->actingAs($user);
|
|
|
|
$this->get(TenantDashboard::getUrl(tenant: $tenant))
|
|
->assertOk()
|
|
->assertDontSee('other-tenant-finding');
|
|
});
|