TenantAtlas/apps/platform/tests/Feature/Rbac/WorkspaceMembershipsRelationManagerUiEnforcementTest.php

<?php

declare(strict_types=1);

use App\Filament\Resources\Workspaces\Pages\EditWorkspace;
use App\Filament\Resources\Workspaces\RelationManagers\WorkspaceMembershipsRelationManager;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use Filament\Actions\Action;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;

uses(RefreshDatabase::class);

describe('Workspace memberships relation manager UI enforcement', function () {
    it('shows membership actions as enabled for owner members', function () {
        $workspace = Workspace::factory()->create();
        $user = User::factory()->create();

        WorkspaceMembership::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'user_id' => (int) $user->getKey(),
            'role' => 'owner',
        ]);

        $this->actingAs($user);

        $otherUser = User::factory()->create();
        WorkspaceMembership::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'user_id' => (int) $otherUser->getKey(),
            'role' => 'readonly',
        ]);

        Livewire::test(WorkspaceMembershipsRelationManager::class, [
            'ownerRecord' => $workspace,
            'pageClass' => EditWorkspace::class,
        ])
            ->assertTableActionVisible('add_member')
            ->assertTableActionEnabled('add_member')
            ->assertTableActionVisible('change_role')
            ->assertTableActionEnabled('change_role')
            ->assertTableActionVisible('remove')
            ->assertTableActionEnabled('remove');
    });

    it('shows membership actions as visible but disabled for readonly members', function () {
        $workspace = Workspace::factory()->create();
        $user = User::factory()->create();

        WorkspaceMembership::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'user_id' => (int) $user->getKey(),
            'role' => 'readonly',
        ]);

        $this->actingAs($user);

        Livewire::test(WorkspaceMembershipsRelationManager::class, [
            'ownerRecord' => $workspace,
            'pageClass' => EditWorkspace::class,
        ])
            ->assertTableActionVisible('add_member')
            ->assertTableActionDisabled('add_member')
            ->assertTableActionExists('add_member', function (Action $action): bool {
                return $action->getTooltip() === 'You do not have permission to manage workspace memberships.';
            })
            ->assertTableActionVisible('change_role')
            ->assertTableActionDisabled('change_role')
            ->assertTableActionExists('change_role', function (Action $action): bool {
                return $action->getTooltip() === 'You do not have permission to manage workspace memberships.';
            })
            ->assertTableActionVisible('remove')
            ->assertTableActionDisabled('remove')
            ->assertTableActionExists('remove', function (Action $action): bool {
                return $action->getTooltip() === 'You do not have permission to manage workspace memberships.';
            });
    });
});