ibnezzoubayr/L-Ami-Fiduciaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c89d1879bf66c36fcc6943f4c7f511ed0ff6e3d0
L-Ami-Fiduciaire/tests/Feature/Team/TeamMemberRemovalTest.php

154 lines
5.6 KiB
PHP
Raw Normal View History

feat: complete Epic 1 — team management & permission system - Story 1.1: Permission enum, config, AuthorizesPermissions & HasWorkspaceScope traits, member→worker migration - Story 1.2: Team page with member list, invitation system with queued email - Story 1.3: Role assignment (Manager/Worker) and member removal with activity logging - Story 1.4: Owner-only permission toggle matrix for Managers (manage team, view logs, configure portal) - Story 1.5: Role-based access enforcement — Workers see only assigned declarations/clients, sidebar scoping - Story 1.6: Workspace switcher dropdown for multi-workspace users with session-based switching - 83 new/modified files, 182 tests passing with zero regressions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-18 00:12:50 +00:00
<?php
use App\Enums\Permission;
use App\Enums\WorkspaceUserRole;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceUser;
use Spatie\Activitylog\Models\Activity;
function setupRemovalTestUser(string $role, array $permissions = []): array
{
$user = User::factory()->create();
$workspace = Workspace::factory()->create();
$workspace->users()->attach($user->id, [
'role' => $role,
'permissions' => $permissions,
]);
session(['current_workspace_id' => $workspace->id]);
return [$user, $workspace];
}
function createRemovalTestMember(Workspace $workspace, string $role, array $permissions = []): User
{
$member = User::factory()->create();
$workspace->users()->attach($member->id, [
'role' => $role,
'permissions' => $permissions,
]);
return $member;
}
function getRemovalPivotId(Workspace $workspace, User $user): int
{
return WorkspaceUser::where('workspace_id', $workspace->id)
->where('user_id', $user->id)
->firstOrFail()
->id;
}
// ── Owner can remove a member ──────────────────────────────
test('owner can remove a member', function () {
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
$pivotId = getRemovalPivotId($workspace, $worker);
$response = $this->actingAs($owner)->delete(route('team.remove', $pivotId));
$response->assertRedirect();
$response->assertSessionHas('success', 'Membre retiré');
// Pivot row should be deleted
expect(WorkspaceUser::find($pivotId))->toBeNull();
});
// ── Owner cannot remove themselves ─────────────────────────
test('owner cannot remove themselves', function () {
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
$pivotId = getRemovalPivotId($workspace, $owner);
$response = $this->actingAs($owner)->delete(route('team.remove', $pivotId));
$response->assertNotFound();
});
// ── Manager with can_manage_team can remove worker ─────────
test('manager with can_manage_team can remove worker', function () {
[$manager, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Manager, [
Permission::CanManageTeam => true,
]);
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
$pivotId = getRemovalPivotId($workspace, $worker);
$response = $this->actingAs($manager)->delete(route('team.remove', $pivotId));
$response->assertRedirect();
$response->assertSessionHas('success', 'Membre retiré');
});
// ── Manager with can_manage_team cannot remove owner ───────
test('manager with can_manage_team cannot remove owner', function () {
[$manager, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Manager, [
Permission::CanManageTeam => true,
]);
$owner = createRemovalTestMember($workspace, WorkspaceUserRole::Owner);
$pivotId = getRemovalPivotId($workspace, $owner);
$response = $this->actingAs($manager)->delete(route('team.remove', $pivotId));
$response->assertNotFound();
});
// ── Manager without can_manage_team gets 404 ───────────────
test('manager without can_manage_team gets 404 on remove', function () {
[$manager, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Manager, [
Permission::CanManageTeam => false,
]);
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
$pivotId = getRemovalPivotId($workspace, $worker);
$response = $this->actingAs($manager)->delete(route('team.remove', $pivotId));
$response->assertNotFound();
});
// ── Worker gets 404 on remove attempt ──────────────────────
test('worker gets 404 on remove attempt', function () {
[$worker, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Worker);
$otherWorker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
$pivotId = getRemovalPivotId($workspace, $otherWorker);
$response = $this->actingAs($worker)->delete(route('team.remove', $pivotId));
$response->assertNotFound();
});
// ── Member removal is logged ───────────────────────────────
test('member removal is logged in activity log', function () {
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
$pivotId = getRemovalPivotId($workspace, $worker);
$this->actingAs($owner)->delete(route('team.remove', $pivotId));
$log = Activity::latest('id')->first();
expect($log->description)->toBe('member_removed')
->and($log->properties['target_user'])->toBe($worker->name)
->and($log->properties['target_email'])->toBe($worker->email)
->and($log->properties['role'])->toBe('worker');
});
// ── Removed user account still exists ──────────────────────
test('removed user account still exists after removal', function () {
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
$pivotId = getRemovalPivotId($workspace, $worker);
$this->actingAs($owner)->delete(route('team.remove', $pivotId));
// User record still exists
expect(User::find($worker->id))->not->toBeNull();
// But pivot row is deleted
expect(WorkspaceUser::find($pivotId))->toBeNull();
});
Reference in New Issue Copy Permalink