soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
71604c6e414c1da421780462d32c67b71ce68c28
fotospiel-app/tests/Unit/TenantMemberPermissionsTest.php
Codex Agent 7aa0a4c847
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details
Enforce tenant member permissions
2026-01-16 13:33:36 +01:00

96 lines
2.9 KiB
PHP
Raw Blame History

<?php
namespace Tests\Unit;
use App\Models\Event;
use App\Models\EventMember;
use App\Models\Tenant;
use App\Models\User;
use App\Support\TenantMemberPermissions;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Http\Exceptions\HttpResponseException;
use Illuminate\Http\Request;
use Tests\TestCase;
class TenantMemberPermissionsTest extends TestCase
{
use RefreshDatabase;
public function test_resolves_permissions_for_member(): void
{
$tenant = Tenant::factory()->create();
$event = Event::factory()->for($tenant)->create();
$user = User::factory()->create([
'tenant_id' => $tenant->id,
'role' => 'member',
]);
EventMember::factory()->create([
'tenant_id' => $tenant->id,
'event_id' => $event->id,
'user_id' => $user->id,
'email' => $user->email,
'status' => 'active',
'permissions' => ['photos:moderate', 'tasks:manage'],
]);
$request = Request::create('/');
$request->setUserResolver(fn () => $user);
$permissions = TenantMemberPermissions::resolveEventPermissions($request, $event);
$this->assertContains('photos:moderate', $permissions);
$this->assertContains('tasks:manage', $permissions);
}
public function test_allows_wildcard_permissions(): void
{
$tenant = Tenant::factory()->create();
$event = Event::factory()->for($tenant)->create();
$user = User::factory()->create([
'tenant_id' => $tenant->id,
'role' => 'member',
]);
EventMember::factory()->create([
'tenant_id' => $tenant->id,
'event_id' => $event->id,
'user_id' => $user->id,
'email' => $user->email,
'status' => 'active',
'permissions' => ['photos:*'],
]);
$request = Request::create('/');
$request->setUserResolver(fn () => $user);
$this->assertTrue(TenantMemberPermissions::allowsEventPermission($request, $event, 'photos:moderate'));
}
public function test_denies_missing_permissions(): void
{
$tenant = Tenant::factory()->create();
$event = Event::factory()->for($tenant)->create();
$user = User::factory()->create([
'tenant_id' => $tenant->id,
'role' => 'member',
]);
EventMember::factory()->create([
'tenant_id' => $tenant->id,
'event_id' => $event->id,
'user_id' => $user->id,
'email' => $user->email,
'status' => 'active',
'permissions' => ['tasks:manage'],
]);
$request = Request::create('/');
$request->setUserResolver(fn () => $user);
$this->expectException(HttpResponseException::class);
TenantMemberPermissions::ensureEventPermission($request, $event, 'photos:moderate');
}
}
Reference in New Issue View Git Blame Copy Permalink