TenantAtlas/tests/Feature/Rbac/PolicyVersionMaintenanceAuthorizationTest.php

<?php

use App\Filament\Resources\PolicyVersionResource\Pages\ListPolicyVersions;
use App\Models\OperationRun;
use App\Models\Policy;
use App\Models\PolicyVersion;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;

uses(RefreshDatabase::class);

test('readonly users cannot archive policy versions', function () {
    [$user, $tenant] = createUserWithTenant(role: 'readonly');

    Filament::setTenant($tenant, true);

    $policy = Policy::factory()->create(['tenant_id' => $tenant->id]);

    $version = PolicyVersion::factory()->create([
        'tenant_id' => $tenant->id,
        'policy_id' => $policy->id,
        'version_number' => 1,
    ]);

    Livewire::actingAs($user)
        ->test(ListPolicyVersions::class)
        ->assertTableActionDisabled('archive', $version)
        ->callTableAction('archive', $version);

    expect($version->refresh()->trashed())->toBeFalse();
});

test('readonly users cannot bulk prune policy versions', function () {
    [$user, $tenant] = createUserWithTenant(role: 'readonly');

    Filament::setTenant($tenant, true);

    $policy = Policy::factory()->create(['tenant_id' => $tenant->id]);

    $version = PolicyVersion::factory()->create([
        'tenant_id' => $tenant->id,
        'policy_id' => $policy->id,
        'version_number' => 1,
        'captured_at' => now()->subDays(120),
    ]);

    Livewire::actingAs($user)
        ->test(ListPolicyVersions::class)
        ->callTableBulkAction('bulk_prune_versions', collect([$version]), data: [
            'retention_days' => 90,
        ]);

    expect(OperationRun::query()
        ->where('tenant_id', $tenant->id)
        ->where('type', 'policy_version.prune')
        ->exists())->toBeFalse();

    expect($version->refresh()->trashed())->toBeFalse();
});