64 lines
1.8 KiB
PHP
64 lines
1.8 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\OperationRunResource;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Tenant;
|
|
|
|
it('scopes Monitoring → Operations list to the active tenant', function () {
|
|
$tenantA = Tenant::factory()->create();
|
|
$tenantB = Tenant::factory()->create();
|
|
|
|
[$user] = createUserWithTenant($tenantA, role: 'owner');
|
|
|
|
$user->tenants()->syncWithoutDetaching([
|
|
$tenantB->getKey() => ['role' => 'owner'],
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => $tenantA->getKey(),
|
|
'type' => 'policy.sync',
|
|
'status' => 'queued',
|
|
'outcome' => 'pending',
|
|
'initiator_name' => 'TenantA',
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => $tenantB->getKey(),
|
|
'type' => 'inventory.sync',
|
|
'status' => 'queued',
|
|
'outcome' => 'pending',
|
|
'initiator_name' => 'TenantB',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->get(OperationRunResource::getUrl('index', tenant: $tenantA))
|
|
->assertOk()
|
|
->assertSee('Policy sync')
|
|
->assertSee('TenantA')
|
|
->assertDontSee('Inventory sync')
|
|
->assertDontSee('TenantB');
|
|
});
|
|
|
|
it('prevents cross-tenant access to Monitoring → Operations detail', function () {
|
|
$tenantA = Tenant::factory()->create();
|
|
$tenantB = Tenant::factory()->create();
|
|
|
|
[$user] = createUserWithTenant($tenantA, role: 'owner');
|
|
|
|
$user->tenants()->syncWithoutDetaching([
|
|
$tenantB->getKey() => ['role' => 'owner'],
|
|
]);
|
|
|
|
$runB = OperationRun::factory()->create([
|
|
'tenant_id' => $tenantB->getKey(),
|
|
'type' => 'inventory.sync',
|
|
'status' => 'queued',
|
|
'outcome' => 'pending',
|
|
'initiator_name' => 'TenantB',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->get(OperationRunResource::getUrl('view', ['record' => $runB], tenant: $tenantA))
|
|
->assertNotFound();
|
|
});
|