ahmido
ce0615a9c1
## Summary - move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling - update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location - add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation` - integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404` ## Remaining Rollout Checks - validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout - confirm web, queue, and scheduler processes all start from the expected working directory in staging/production - verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #213
65 lines
2.8 KiB
PHP
65 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\Tenant;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Workspaces\WorkspaceOverviewBuilder;
|
|
|
|
use function Pest\Laravel\mock;
|
|
|
|
it('keeps switch workspace visible while hiding manage workspaces and unauthorized tenant counts for readonly members', function (): void {
|
|
$tenantA = Tenant::factory()->create(['status' => 'active']);
|
|
[$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner', workspaceRole: 'readonly');
|
|
|
|
Tenant::factory()->create([
|
|
'status' => 'active',
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
'name' => 'Inaccessible Tenant',
|
|
]);
|
|
|
|
$workspace = $tenantA->workspace()->firstOrFail();
|
|
|
|
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
|
|
$quickActionKeys = collect($overview['quick_actions'])->pluck('key')->all();
|
|
|
|
expect($overview['accessible_tenant_count'])->toBe(1)
|
|
->and($quickActionKeys)->toContain('switch_workspace')
|
|
->and($quickActionKeys)->not->toContain('manage_workspaces');
|
|
});
|
|
|
|
it('keeps governance attention visible but non-clickable when the tenant membership does not grant drill-through capability', function (): void {
|
|
$tenant = Tenant::factory()->create(['status' => 'active']);
|
|
[$user, $tenant] = createUserWithTenant($tenant, role: 'readonly', workspaceRole: 'readonly');
|
|
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
|
|
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
|
|
|
|
\App\Models\Finding::factory()->for($tenant)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'status' => \App\Models\Finding::STATUS_TRIAGED,
|
|
'due_at' => now()->subDay(),
|
|
]);
|
|
|
|
mock(CapabilityResolver::class, function ($mock) use ($tenant): void {
|
|
$mock->shouldReceive('primeMemberships')->once();
|
|
$mock->shouldReceive('can')
|
|
->andReturnUsing(static function (\App\Models\User $user, Tenant $resolvedTenant, string $capability) use ($tenant): bool {
|
|
expect((int) $resolvedTenant->getKey())->toBe((int) $tenant->getKey());
|
|
|
|
return match ($capability) {
|
|
Capabilities::TENANT_VIEW, Capabilities::TENANT_FINDINGS_VIEW => false,
|
|
default => false,
|
|
};
|
|
});
|
|
});
|
|
|
|
$workspace = $tenant->workspace()->firstOrFail();
|
|
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
|
|
$item = collect($overview['attention_items'])->firstWhere('key', 'tenant_overdue_findings');
|
|
|
|
expect($item['action_disabled'])->toBeTrue()
|
|
->and($item['destination']['kind'])->toBe('tenant_findings')
|
|
->and($item['helper_text'])->not->toBeNull();
|
|
});
|