TenantAtlas/apps/platform/tests/Feature/System/Spec195/SystemDirectoryResidualSurfaceTest.php

<?php

declare(strict_types=1);

use App\Models\OperationRun;
use App\Models\PlatformUser;
use App\Models\ProviderConnection;
use App\Models\ManagedEnvironment;
use App\Models\Workspace;
use App\Support\Auth\PlatformCapabilities;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderVerificationStatus;
use App\Support\System\SystemDirectoryLinks;
use App\Support\System\SystemOperationRunLinks;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('requires directory-view capability on residual system directory detail pages', function (): void {
    $workspace = Workspace::factory()->create();
    $tenant = ManagedEnvironment::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
    ]);

    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
        ],
        'is_active' => true,
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get(SystemDirectoryLinks::tenantDetail($tenant))
        ->assertForbidden();

    $this->actingAs($platformUser, 'platform')
        ->get(SystemDirectoryLinks::workspaceDetail($workspace))
        ->assertForbidden();
});

it('keeps the residual system tenant detail page read-mostly and contextual', function (): void {
    $workspace = Workspace::factory()->create(['name' => 'Residual Directory Workspace']);
    $tenant = ManagedEnvironment::factory()->active()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'name' => 'Residual Directory ManagedEnvironment',
    ]);

    ProviderConnection::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'managed_environment_id' => (int) $tenant->getKey(),
        'provider' => 'microsoft',
        'display_name' => 'Residual Default Connection',
        'is_default' => true,
        'is_enabled' => true,
        'consent_status' => ProviderConsentStatus::Granted->value,
        'verification_status' => ProviderVerificationStatus::Healthy->value,
    ]);

    $run = OperationRun::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'managed_environment_id' => (int) $tenant->getKey(),
    ]);

    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::DIRECTORY_VIEW,
        ],
        'is_active' => true,
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get(SystemDirectoryLinks::tenantDetail($tenant))
        ->assertSuccessful()
        ->assertSee('Residual Directory ManagedEnvironment')
        ->assertSee('Residual Directory Workspace')
        ->assertSee('Connectivity signals')
        ->assertSee('Residual Default Connection')
        ->assertSee('Open in tenant admin')
        ->assertSee('Requires tenant admin membership.')
        ->assertSee(SystemDirectoryLinks::adminTenant($tenant), false)
        ->assertSee('Open operations runs')
        ->assertSee(SystemOperationRunLinks::index(), false)
        ->assertSee(SystemOperationRunLinks::view($run), false)
        ->assertDontSee('Enter break-glass mode')
        ->assertDontSee('Emergency: Assign Owner');
});

it('keeps the residual system workspace detail page read-mostly and link-driven', function (): void {
    $workspace = Workspace::factory()->create(['name' => 'Residual Workspace Detail']);
    $tenant = ManagedEnvironment::factory()->active()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'name' => 'Workspace Detail ManagedEnvironment',
    ]);

    $run = OperationRun::factory()->create([
        'workspace_id' => (int) $workspace->getKey(),
        'managed_environment_id' => (int) $tenant->getKey(),
    ]);

    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::DIRECTORY_VIEW,
        ],
        'is_active' => true,
    ]);

    $response = $this->actingAs($platformUser, 'platform')
        ->get(SystemDirectoryLinks::workspaceDetail($workspace))
        ->assertSuccessful()
        ->assertSee('Residual Workspace Detail')
        ->assertSee('Tenants summary')
        ->assertSee('Workspace Detail ManagedEnvironment')
        ->assertSee(SystemDirectoryLinks::tenantDetail($tenant), false)
        ->assertSee('Open in /admin')
        ->assertSee(SystemDirectoryLinks::adminWorkspace($workspace), false)
        ->assertSee('Open operations runs')
        ->assertSee(SystemOperationRunLinks::index(), false)
        ->assertSee(SystemOperationRunLinks::view($run), false)
        ->assertDontSee('Enter break-glass mode')
        ->assertDontSee('Emergency: Assign Owner');

    $html = $response->getContent();

    expect($html)->toContain('wire:name="Filament\\Livewire\\DatabaseNotifications"');
    expect($html)->not->toContain('__lazyLoad');
});