Saad Ibn-Ezzoubayr
c89d1879bf
- Story 1.1: Permission enum, config, AuthorizesPermissions & HasWorkspaceScope traits, member→worker migration - Story 1.2: Team page with member list, invitation system with queued email - Story 1.3: Role assignment (Manager/Worker) and member removal with activity logging - Story 1.4: Owner-only permission toggle matrix for Managers (manage team, view logs, configure portal) - Story 1.5: Role-based access enforcement — Workers see only assigned declarations/clients, sidebar scoping - Story 1.6: Workspace switcher dropdown for multi-workspace users with session-based switching - 83 new/modified files, 182 tests passing with zero regressions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
124 lines
4.2 KiB
PHP
124 lines
4.2 KiB
PHP
<?php
|
|
|
|
use App\Enums\WorkspaceUserRole;
|
|
use App\Models\Client;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use Spatie\Activitylog\Models\Activity;
|
|
|
|
function setupSwitchTestUser(string $role, int $workspaceCount = 2): array
|
|
{
|
|
$user = User::factory()->create();
|
|
$workspaces = [];
|
|
|
|
for ($i = 0; $i < $workspaceCount; $i++) {
|
|
$workspace = Workspace::factory()->create();
|
|
$workspace->users()->attach($user->id, [
|
|
'role' => $role,
|
|
'permissions' => [],
|
|
]);
|
|
$workspaces[] = $workspace;
|
|
}
|
|
|
|
return [$user, $workspaces];
|
|
}
|
|
|
|
test('owner with multiple workspaces can switch workspace', function () {
|
|
[$user, $workspaces] = setupSwitchTestUser(WorkspaceUserRole::Owner);
|
|
|
|
$response = $this->actingAs($user)
|
|
->withSession(['current_workspace_id' => $workspaces[0]->id])
|
|
->post(route('workspace.switch'), [
|
|
'workspace_id' => $workspaces[1]->id,
|
|
]);
|
|
|
|
$response->assertRedirect(route('dashboard'));
|
|
|
|
expect(session('current_workspace_id'))->toBe($workspaces[1]->id);
|
|
});
|
|
|
|
test('workspace switching logs activity with previous and new workspace ids', function () {
|
|
[$user, $workspaces] = setupSwitchTestUser(WorkspaceUserRole::Owner);
|
|
|
|
$this->actingAs($user)
|
|
->withSession(['current_workspace_id' => $workspaces[0]->id])
|
|
->post(route('workspace.switch'), [
|
|
'workspace_id' => $workspaces[1]->id,
|
|
]);
|
|
|
|
$log = Activity::latest('id')->first();
|
|
|
|
expect($log->description)->toBe('Switched workspace')
|
|
->and($log->causer_id)->toBe($user->id)
|
|
->and($log->properties['previous_workspace_id'])->toBe($workspaces[0]->id)
|
|
->and($log->properties['new_workspace_id'])->toBe($workspaces[1]->id);
|
|
});
|
|
|
|
test('user cannot switch to a workspace they do not belong to', function () {
|
|
[$user, $workspaces] = setupSwitchTestUser(WorkspaceUserRole::Worker, 1);
|
|
$otherWorkspace = Workspace::factory()->create();
|
|
|
|
$response = $this->actingAs($user)
|
|
->withSession(['current_workspace_id' => $workspaces[0]->id])
|
|
->post(route('workspace.switch'), [
|
|
'workspace_id' => $otherWorkspace->id,
|
|
]);
|
|
|
|
$response->assertRedirect(route('dashboard'));
|
|
|
|
expect(session('current_workspace_id'))->toBe($workspaces[0]->id)
|
|
->and(Activity::where('description', 'Switched workspace')->count())->toBe(0);
|
|
});
|
|
|
|
test('switching updates auth shared props on next page load', function () {
|
|
[$user, $workspaces] = setupSwitchTestUser(WorkspaceUserRole::Owner);
|
|
|
|
$this->actingAs($user)
|
|
->withSession(['current_workspace_id' => $workspaces[0]->id])
|
|
->post(route('workspace.switch'), [
|
|
'workspace_id' => $workspaces[1]->id,
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->get(route('dashboard'));
|
|
|
|
$response->assertInertia(fn ($page) => $page
|
|
->where('auth.currentWorkspace.id', $workspaces[1]->id)
|
|
->where('auth.workspaceRole', 'owner')
|
|
->has('auth.workspaceSwitchUrl')
|
|
);
|
|
});
|
|
|
|
test('user with single workspace can post switch with same workspace id without error', function () {
|
|
[$user, $workspaces] = setupSwitchTestUser(WorkspaceUserRole::Worker, 1);
|
|
|
|
$response = $this->actingAs($user)
|
|
->withSession(['current_workspace_id' => $workspaces[0]->id])
|
|
->post(route('workspace.switch'), [
|
|
'workspace_id' => $workspaces[0]->id,
|
|
]);
|
|
|
|
$response->assertRedirect(route('dashboard'));
|
|
|
|
expect(session('current_workspace_id'))->toBe($workspaces[0]->id);
|
|
});
|
|
|
|
test('cross-workspace isolation: after switching, data queries return only new workspace data', function () {
|
|
[$user, $workspaces] = setupSwitchTestUser(WorkspaceUserRole::Owner);
|
|
|
|
$clientA = Client::factory()->create(['workspace_id' => $workspaces[0]->id]);
|
|
$clientB = Client::factory()->create(['workspace_id' => $workspaces[1]->id]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession(['current_workspace_id' => $workspaces[0]->id])
|
|
->post(route('workspace.switch'), [
|
|
'workspace_id' => $workspaces[1]->id,
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->get(route('clients.index'));
|
|
|
|
$response->assertInertia(fn ($page) => $page
|
|
->has('clients.data', 1)
|
|
->where('clients.data.0.id', $clientB->id)
|
|
);
|
|
});
|