ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d1bdd7a382
TenantAtlas/tests/Feature/Filament/ProviderConnectionsUiEnforcementTest.php
ahmido fb4de17c63 feat(spec-089): provider connections tenantless UI (#107) 
Implements Spec 089: moves Provider Connections to canonical tenantless route under `/admin/provider-connections`, enforces 404/403 semantics (workspace/tenant membership vs capability), adds tenant transparency (tenant column + filter + deep links), adds legacy redirects for old tenant-scoped URLs without leaking Location for 404 cases, and adds regression test coverage (RBAC semantics, filters, UI enforcement tooltips, Microsoft-only MVP scope, navigation placement).

Notes:
- Filament v5 / Livewire v4 compatible.
- Global search remains disabled for Provider Connections.
- Destructive/manage actions require confirmation and are policy-gated.

Tests:
- `vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #107
2026-02-12 16:35:13 +00:00

85 lines
3.1 KiB
PHP
Raw Blame History

<?php
use App\Filament\Resources\ProviderConnectionResource;
use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
use App\Filament\Resources\ProviderConnectionResource\Pages\ViewProviderConnection;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Support\Auth\UiTooltips;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function (): void {
Http::preventStrayRequests();
});
test('unauthorized tenant filter yields an empty list without leaking metadata', function () {
$tenant = Tenant::factory()->create();
$otherTenant = Tenant::factory()->create();
[$user] = createUserWithTenant($otherTenant, role: 'owner');
ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'display_name' => 'Unauthorized Tenant Connection',
]);
$this->actingAs($user)
->get(ProviderConnectionResource::getUrl('index', tenant: $tenant))
->assertOk()
->assertDontSee('Unauthorized Tenant Connection');
});
test('members without capability see provider connection actions disabled with standard tooltip', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'readonly');
$connection = ProviderConnection::factory()->create([
'tenant_id' => $tenant->getKey(),
'status' => 'needs_consent',
]);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
Livewire::actingAs($user)
->test(ListProviderConnections::class)
->assertTableActionVisible('check_connection', $connection)
->assertTableActionDisabled('check_connection', $connection)
->assertTableActionExists('check_connection', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $connection);
Livewire::actingAs($user)
->test(ViewProviderConnection::class, ['record' => $connection->getKey()])
->assertActionVisible('edit')
->assertActionDisabled('edit')
->assertActionExists('edit', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission());
});
test('members with capability can see provider connection actions enabled', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'owner');
$connection = ProviderConnection::factory()->create([
'tenant_id' => $tenant->getKey(),
'status' => 'needs_consent',
]);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
Livewire::actingAs($user)
->test(ListProviderConnections::class)
->assertTableActionVisible('check_connection', $connection)
->assertTableActionEnabled('check_connection', $connection);
Livewire::actingAs($user)
->test(ViewProviderConnection::class, ['record' => $connection->getKey()])
->assertActionVisible('edit')
->assertActionEnabled('edit');
});
Reference in New Issue View Git Blame Copy Permalink