feat: complete Epic 1 — team management & permission system
- Story 1.1: Permission enum, config, AuthorizesPermissions & HasWorkspaceScope traits, member→worker migration - Story 1.2: Team page with member list, invitation system with queued email - Story 1.3: Role assignment (Manager/Worker) and member removal with activity logging - Story 1.4: Owner-only permission toggle matrix for Managers (manage team, view logs, configure portal) - Story 1.5: Role-based access enforcement — Workers see only assigned declarations/clients, sidebar scoping - Story 1.6: Workspace switcher dropdown for multi-workspace users with session-based switching - 83 new/modified files, 182 tests passing with zero regressions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
153
tests/Feature/Team/TeamMemberRemovalTest.php
Normal file
153
tests/Feature/Team/TeamMemberRemovalTest.php
Normal file
@@ -0,0 +1,153 @@
|
||||
<?php
|
||||
|
||||
use App\Enums\Permission;
|
||||
use App\Enums\WorkspaceUserRole;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceUser;
|
||||
use Spatie\Activitylog\Models\Activity;
|
||||
|
||||
function setupRemovalTestUser(string $role, array $permissions = []): array
|
||||
{
|
||||
$user = User::factory()->create();
|
||||
$workspace = Workspace::factory()->create();
|
||||
$workspace->users()->attach($user->id, [
|
||||
'role' => $role,
|
||||
'permissions' => $permissions,
|
||||
]);
|
||||
session(['current_workspace_id' => $workspace->id]);
|
||||
|
||||
return [$user, $workspace];
|
||||
}
|
||||
|
||||
function createRemovalTestMember(Workspace $workspace, string $role, array $permissions = []): User
|
||||
{
|
||||
$member = User::factory()->create();
|
||||
$workspace->users()->attach($member->id, [
|
||||
'role' => $role,
|
||||
'permissions' => $permissions,
|
||||
]);
|
||||
|
||||
return $member;
|
||||
}
|
||||
|
||||
function getRemovalPivotId(Workspace $workspace, User $user): int
|
||||
{
|
||||
return WorkspaceUser::where('workspace_id', $workspace->id)
|
||||
->where('user_id', $user->id)
|
||||
->firstOrFail()
|
||||
->id;
|
||||
}
|
||||
|
||||
// ── Owner can remove a member ──────────────────────────────
|
||||
|
||||
test('owner can remove a member', function () {
|
||||
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
|
||||
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
|
||||
$pivotId = getRemovalPivotId($workspace, $worker);
|
||||
|
||||
$response = $this->actingAs($owner)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$response->assertRedirect();
|
||||
$response->assertSessionHas('success', 'Membre retiré');
|
||||
|
||||
// Pivot row should be deleted
|
||||
expect(WorkspaceUser::find($pivotId))->toBeNull();
|
||||
});
|
||||
|
||||
// ── Owner cannot remove themselves ─────────────────────────
|
||||
|
||||
test('owner cannot remove themselves', function () {
|
||||
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
|
||||
$pivotId = getRemovalPivotId($workspace, $owner);
|
||||
|
||||
$response = $this->actingAs($owner)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$response->assertNotFound();
|
||||
});
|
||||
|
||||
// ── Manager with can_manage_team can remove worker ─────────
|
||||
|
||||
test('manager with can_manage_team can remove worker', function () {
|
||||
[$manager, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Manager, [
|
||||
Permission::CanManageTeam => true,
|
||||
]);
|
||||
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
|
||||
$pivotId = getRemovalPivotId($workspace, $worker);
|
||||
|
||||
$response = $this->actingAs($manager)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$response->assertRedirect();
|
||||
$response->assertSessionHas('success', 'Membre retiré');
|
||||
});
|
||||
|
||||
// ── Manager with can_manage_team cannot remove owner ───────
|
||||
|
||||
test('manager with can_manage_team cannot remove owner', function () {
|
||||
[$manager, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Manager, [
|
||||
Permission::CanManageTeam => true,
|
||||
]);
|
||||
$owner = createRemovalTestMember($workspace, WorkspaceUserRole::Owner);
|
||||
$pivotId = getRemovalPivotId($workspace, $owner);
|
||||
|
||||
$response = $this->actingAs($manager)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$response->assertNotFound();
|
||||
});
|
||||
|
||||
// ── Manager without can_manage_team gets 404 ───────────────
|
||||
|
||||
test('manager without can_manage_team gets 404 on remove', function () {
|
||||
[$manager, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Manager, [
|
||||
Permission::CanManageTeam => false,
|
||||
]);
|
||||
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
|
||||
$pivotId = getRemovalPivotId($workspace, $worker);
|
||||
|
||||
$response = $this->actingAs($manager)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$response->assertNotFound();
|
||||
});
|
||||
|
||||
// ── Worker gets 404 on remove attempt ──────────────────────
|
||||
|
||||
test('worker gets 404 on remove attempt', function () {
|
||||
[$worker, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Worker);
|
||||
$otherWorker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
|
||||
$pivotId = getRemovalPivotId($workspace, $otherWorker);
|
||||
|
||||
$response = $this->actingAs($worker)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$response->assertNotFound();
|
||||
});
|
||||
|
||||
// ── Member removal is logged ───────────────────────────────
|
||||
|
||||
test('member removal is logged in activity log', function () {
|
||||
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
|
||||
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
|
||||
$pivotId = getRemovalPivotId($workspace, $worker);
|
||||
|
||||
$this->actingAs($owner)->delete(route('team.remove', $pivotId));
|
||||
|
||||
$log = Activity::latest('id')->first();
|
||||
expect($log->description)->toBe('member_removed')
|
||||
->and($log->properties['target_user'])->toBe($worker->name)
|
||||
->and($log->properties['target_email'])->toBe($worker->email)
|
||||
->and($log->properties['role'])->toBe('worker');
|
||||
});
|
||||
|
||||
// ── Removed user account still exists ──────────────────────
|
||||
|
||||
test('removed user account still exists after removal', function () {
|
||||
[$owner, $workspace] = setupRemovalTestUser(WorkspaceUserRole::Owner);
|
||||
$worker = createRemovalTestMember($workspace, WorkspaceUserRole::Worker);
|
||||
$pivotId = getRemovalPivotId($workspace, $worker);
|
||||
|
||||
$this->actingAs($owner)->delete(route('team.remove', $pivotId));
|
||||
|
||||
// User record still exists
|
||||
expect(User::find($worker->id))->not->toBeNull();
|
||||
// But pivot row is deleted
|
||||
expect(WorkspaceUser::find($pivotId))->toBeNull();
|
||||
});
|
||||
Reference in New Issue
Block a user