ibnezzoubayr/L-Ami-Fiduciaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
l-ami-fiduciaire-v1.0.0
L-Ami-Fiduciaire/tests/Unit/PermissionCheckTest.php

93 lines
2.9 KiB
PHP
Raw Permalink Normal View History

feat: complete Epic 1 — team management & permission system - Story 1.1: Permission enum, config, AuthorizesPermissions & HasWorkspaceScope traits, member→worker migration - Story 1.2: Team page with member list, invitation system with queued email - Story 1.3: Role assignment (Manager/Worker) and member removal with activity logging - Story 1.4: Owner-only permission toggle matrix for Managers (manage team, view logs, configure portal) - Story 1.5: Role-based access enforcement — Workers see only assigned declarations/clients, sidebar scoping - Story 1.6: Workspace switcher dropdown for multi-workspace users with session-based switching - 83 new/modified files, 182 tests passing with zero regressions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:12:50 +00:00
<?php
use App\Concerns\AuthorizesPermissions;
use App\Enums\Permission;
use App\Enums\WorkspaceUserRole;
use App\Models\User;
use App\Models\Workspace;
uses(Tests\TestCase::class, Illuminate\Foundation\Testing\RefreshDatabase::class);
// Create a testable class that uses the trait
function createPermissionChecker(): object
{
return new class
{
use AuthorizesPermissions;
public function check(string $permission): void
{
$this->authorizePermission($permission);
}
};
}
function setupWorkspaceUser(string $role, array $permissions = []): array
{
$user = User::factory()->create();
$workspace = Workspace::factory()->create();
$workspace->users()->attach($user->id, [
'role' => $role,
'permissions' => $permissions,
]);
session(['current_workspace_id' => $workspace->id]);
return [$user, $workspace];
}
test('owner always passes permission check', function () {
[$user] = setupWorkspaceUser(WorkspaceUserRole::Owner);
$this->actingAs($user);
$checker = createPermissionChecker();
$checker->check(Permission::CanManageTeam);
expect(true)->toBeTrue(); // No exception thrown
});
test('worker always fails permission check with 404', function () {
[$user] = setupWorkspaceUser(WorkspaceUserRole::Worker);
$this->actingAs($user);
$checker = createPermissionChecker();
$checker->check(Permission::CanManageTeam);
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);
test('manager with granted permission passes', function () {
[$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, [
Permission::CanViewActivityLogs => true,
]);
$this->actingAs($user);
$checker = createPermissionChecker();
$checker->check(Permission::CanViewActivityLogs);
expect(true)->toBeTrue(); // No exception thrown
});
test('manager with denied permission fails with 404', function () {
[$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, [
Permission::CanManageTeam => false,
]);
$this->actingAs($user);
$checker = createPermissionChecker();
$checker->check(Permission::CanManageTeam);
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);
test('manager with unknown permission key defaults to false and fails with 404', function () {
[$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, []);
$this->actingAs($user);
$checker = createPermissionChecker();
$checker->check('some_unknown_permission');
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);
test('manager with empty permissions fails with 404', function () {
[$user] = setupWorkspaceUser(WorkspaceUserRole::Manager, []);
$this->actingAs($user);
$checker = createPermissionChecker();
$checker->check(Permission::CanConfigurePortal);
})->throws(Symfony\Component\HttpKernel\Exception\NotFoundHttpException::class);
Reference in New Issue Copy Permalink