sls/tests/Feature/SecurityAndAdminTest.php
2026-06-23 15:46:07 +05:30

106 lines
2.8 KiB
PHP

<?php
namespace Tests\Feature;
use App\Models\User;
use App\Models\App;
use App\Models\AppRestriction;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class SecurityAndAdminTest extends TestCase
{
use RefreshDatabase;
/**
* Test admin role middleware restrictions.
*/
public function test_admin_can_access_admin_dashboard_but_not_standard_users(): void
{
$admin = User::create([
'name' => 'Admin User',
'email' => 'admin@company.com',
'role' => 'admin',
]);
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
]);
// Unauthenticated user is redirected to login
$this->get('/admin/dashboard')
->assertRedirect(route('login'));
// Admin can access admin dashboard
$this->actingAs($admin)
->get('/admin/dashboard')
->assertStatus(200);
// Standard user gets redirected to user dashboard
$this->actingAs($user)
->get('/admin/dashboard')
->assertRedirect(route('dashboard'));
}
/**
* Test blocked users are forced to logout and redirected.
*/
public function test_blocked_user_cannot_access_dashboard_and_gets_logged_out(): void
{
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
'is_blocked' => true,
]);
// Attempting to access dashboard logs them out and redirects
$this->actingAs($user)
->get('/dashboard')
->assertRedirect(route('login'));
$this->assertFalse(auth()->check());
}
/**
* Test restricted services are hidden from specific users.
*/
public function test_restricted_service_is_not_displayed_to_the_restricted_user(): void
{
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
]);
$app1 = App::create([
'name' => 'Outlook',
'url' => 'https://outlook.office.com',
'color' => '#0078d4',
'tag' => 'Microsoft 365'
]);
$app2 = App::create([
'name' => 'Keka HR',
'url' => 'https://sentientgeeks.keka.com',
'color' => '#f27059',
'tag' => 'HR Portal'
]);
// Restrict user from Keka HR
AppRestriction::create([
'email' => $user->email,
'app_id' => $app2->id,
]);
$response = $this->actingAs($user)
->get('/dashboard');
$response->assertStatus(200);
$response->assertSee('Outlook');
$response->assertDontSee('Keka HR');
}
}