TenantAtlas/apps/platform/tests/Feature/Filament/WorkspaceOnlySurfaceTenantIndependenceTest.php

<?php

declare(strict_types=1);

use App\Filament\Resources\AlertRuleResource;
use App\Filament\Resources\BaselineProfileResource;
use App\Filament\Resources\TenantResource;
use App\Models\AlertRule;
use App\Models\BaselineProfile;
use App\Models\ManagedEnvironment;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('keeps workspace-only admin surfaces accessible without canonical tenant context', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    AlertRule::factory()->create([
        'workspace_id' => (int) $tenant->workspace_id,
        'name' => 'Workspace alert rule',
    ]);

    BaselineProfile::factory()->active()->create([
        'workspace_id' => (int) $tenant->workspace_id,
        'name' => 'Workspace baseline',
    ]);

    $this->actingAs($user);
    Filament::setTenant(null, true);

    $session = [
        WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
    ];

    $this->withSession($session)
        ->get(AlertRuleResource::getUrl(panel: 'admin'))
        ->assertOk()
        ->assertSee('Workspace alert rule');

    $this->withSession($session)
        ->get(BaselineProfileResource::getUrl(panel: 'admin'))
        ->assertOk()
        ->assertSee('Workspace baseline');

    $this->withSession($session)
        ->get(TenantResource::getUrl(panel: 'admin'))
        ->assertOk()
        ->assertSee($tenant->name);
});

it('keeps workspace-only admin surfaces independent from remembered tenant changes', function (): void {
    $tenantA = ManagedEnvironment::factory()->create([
        'name' => 'Phoenicon',
        'environment' => 'dev',
    ]);
    [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');

    $tenantB = ManagedEnvironment::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
        'name' => 'YPTW2',
        'environment' => 'dev',
    ]);

    createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');

    AlertRule::factory()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
        'name' => 'Workspace-wide alert rule',
    ]);

    BaselineProfile::factory()->active()->create([
        'workspace_id' => (int) $tenantA->workspace_id,
        'name' => 'Workspace-wide baseline',
    ]);

    $this->actingAs($user);
    Filament::setTenant(null, true);

    $workspaceId = (int) $tenantA->workspace_id;

    foreach ([$tenantA, $tenantB] as $rememberedTenant) {
        $session = [
            WorkspaceContext::SESSION_KEY => $workspaceId,
            WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
                (string) $workspaceId => (int) $rememberedTenant->getKey(),
            ],
        ];

        $this->withSession($session)
            ->get(AlertRuleResource::getUrl(panel: 'admin'))
            ->assertOk()
            ->assertSee('Workspace-wide alert rule');

        $this->withSession($session)
            ->get(BaselineProfileResource::getUrl(panel: 'admin'))
            ->assertOk()
            ->assertSee('Workspace-wide baseline');

        $this->withSession($session)
            ->get(TenantResource::getUrl(panel: 'admin'))
            ->assertOk()
            ->assertSee('Phoenicon')
            ->assertSee('YPTW2');
    }
});