85 lines
3.0 KiB
PHP
85 lines
3.0 KiB
PHP
<?php
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Rbac\TenantAccessContext;
|
|
use App\Support\Rbac\UiEnforcement;
|
|
use App\Support\Rbac\UiTooltips;
|
|
|
|
describe('TenantAccessContext', function () {
|
|
it('correctly identifies non-member as deny-as-not-found', function () {
|
|
$context = new TenantAccessContext(
|
|
user: User::factory()->make(),
|
|
tenant: Tenant::factory()->make(),
|
|
isMember: false,
|
|
hasCapability: false,
|
|
);
|
|
|
|
expect($context->shouldDenyAsNotFound())->toBeTrue();
|
|
expect($context->shouldDenyAsForbidden())->toBeFalse();
|
|
expect($context->isAuthorized())->toBeFalse();
|
|
});
|
|
|
|
it('correctly identifies member without capability as forbidden', function () {
|
|
$context = new TenantAccessContext(
|
|
user: User::factory()->make(),
|
|
tenant: Tenant::factory()->make(),
|
|
isMember: true,
|
|
hasCapability: false,
|
|
);
|
|
|
|
expect($context->shouldDenyAsNotFound())->toBeFalse();
|
|
expect($context->shouldDenyAsForbidden())->toBeTrue();
|
|
expect($context->isAuthorized())->toBeFalse();
|
|
});
|
|
|
|
it('correctly identifies authorized member', function () {
|
|
$context = new TenantAccessContext(
|
|
user: User::factory()->make(),
|
|
tenant: Tenant::factory()->make(),
|
|
isMember: true,
|
|
hasCapability: true,
|
|
);
|
|
|
|
expect($context->shouldDenyAsNotFound())->toBeFalse();
|
|
expect($context->shouldDenyAsForbidden())->toBeFalse();
|
|
expect($context->isAuthorized())->toBeTrue();
|
|
});
|
|
});
|
|
|
|
describe('UiTooltips', function () {
|
|
it('has non-empty insufficient permission message', function () {
|
|
expect(UiTooltips::INSUFFICIENT_PERMISSION)->toBeString();
|
|
expect(UiTooltips::INSUFFICIENT_PERMISSION)->not->toBeEmpty();
|
|
});
|
|
|
|
it('has non-empty destructive confirmation messages', function () {
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_TITLE)->toBeString();
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_TITLE)->not->toBeEmpty();
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_DESCRIPTION)->toBeString();
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_DESCRIPTION)->not->toBeEmpty();
|
|
});
|
|
});
|
|
|
|
describe('UiEnforcement', function () {
|
|
it('throws when unknown capability is passed', function () {
|
|
$action = \Filament\Actions\Action::make('test')
|
|
->action(fn () => null);
|
|
|
|
expect(fn () => UiEnforcement::forAction($action)
|
|
->requireCapability('unknown.capability')
|
|
)->toThrow(\InvalidArgumentException::class, 'Unknown capability');
|
|
});
|
|
|
|
it('accepts known capabilities from registry', function () {
|
|
$action = \Filament\Actions\Action::make('test')
|
|
->action(fn () => null);
|
|
|
|
$enforcement = UiEnforcement::forAction($action)
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE);
|
|
|
|
expect($enforcement)->toBeInstanceOf(UiEnforcement::class);
|
|
});
|
|
});
|