'Admin User', 'email' => 'admin@company.com', 'role' => 'admin', ]); $user = User::create([ 'name' => 'Standard User', 'email' => 'user@sentientgeeks.com', 'role' => 'user', ]); // Unauthenticated user is redirected to login $this->get('/admin/dashboard') ->assertRedirect(route('login')); // Admin can access admin dashboard $this->actingAs($admin) ->get('/admin/dashboard') ->assertStatus(200); // Standard user gets allowed standard user access to dashboard (our middleware handles this) $this->actingAs($user) ->get('/admin/dashboard') ->assertRedirect(route('dashboard')); } /** * Test blocked users are forced to logout and redirected. */ public function test_blocked_user_cannot_access_dashboard_and_gets_logged_out(): void { $user = User::create([ 'name' => 'Standard User', 'email' => 'user@sentientgeeks.com', 'role' => 'user', 'is_blocked' => true, ]); // Attempting to access dashboard logs them out and redirects $this->actingAs($user) ->get('/dashboard') ->assertRedirect(route('login')); $this->assertFalse(auth()->check()); } /** * Test restricted services are hidden from specific users via deny overrides. */ public function test_restricted_service_is_not_displayed_to_the_restricted_user(): void { $user = User::create([ 'name' => 'Standard User', 'email' => 'user@sentientgeeks.com', 'role' => 'user', ]); $app1 = App::create([ 'name' => 'Outlook', 'url' => 'https://outlook.office.com', 'color' => '#0078d4', 'tag' => 'Microsoft 365' ]); $app2 = App::create([ 'name' => 'Keka HR', 'url' => 'https://sentientgeeks.keka.com', 'color' => '#f27059', 'tag' => 'HR Portal' ]); // Create a role and associate both apps $role = Role::create(['name' => 'Employee']); $role->apps()->sync([$app1->id, $app2->id]); // Assign role to user $user->roles()->sync([$role->id]); // Restrict user from Keka HR using override UserAppOverride::create([ 'user_id' => $user->id, 'app_id' => $app2->id, 'type' => 'deny', ]); $response = $this->actingAs($user) ->get('/dashboard'); $response->assertStatus(200); $response->assertSee('Outlook'); $response->assertDontSee('Keka HR'); } /** * Test additional services are displayed to specific users via allow overrides. */ public function test_additional_service_is_displayed_to_the_user(): void { $user = User::create([ 'name' => 'Standard User', 'email' => 'user@sentientgeeks.com', 'role' => 'user', ]); $app1 = App::create([ 'name' => 'Outlook', 'url' => 'https://outlook.office.com', 'color' => '#0078d4', 'tag' => 'Microsoft 365' ]); $app2 = App::create([ 'name' => 'Keka HR', 'url' => 'https://sentientgeeks.keka.com', 'color' => '#f27059', 'tag' => 'HR Portal' ]); // Create a role that only has Outlook $role = Role::create(['name' => 'Intern']); $role->apps()->sync([$app1->id]); // Assign role to user $user->roles()->sync([$role->id]); // Add Keka HR as extra service using override UserAppOverride::create([ 'user_id' => $user->id, 'app_id' => $app2->id, 'type' => 'allow', ]); $response = $this->actingAs($user) ->get('/dashboard'); $response->assertStatus(200); $response->assertSee('Outlook'); $response->assertSee('Keka HR'); } }