106 lines
2.8 KiB
PHP
106 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use App\Models\User;
|
|
use App\Models\App;
|
|
use App\Models\AppRestriction;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Tests\TestCase;
|
|
|
|
class SecurityAndAdminTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
/**
|
|
* Test admin role middleware restrictions.
|
|
*/
|
|
public function test_admin_can_access_admin_dashboard_but_not_standard_users(): void
|
|
{
|
|
$admin = User::create([
|
|
'name' => 'Admin User',
|
|
'email' => 'admin@company.com',
|
|
'role' => 'admin',
|
|
]);
|
|
|
|
$user = User::create([
|
|
'name' => 'Standard User',
|
|
'email' => 'user@sentientgeeks.com',
|
|
'role' => 'user',
|
|
]);
|
|
|
|
// Unauthenticated user is redirected to login
|
|
$this->get('/admin/dashboard')
|
|
->assertRedirect(route('login'));
|
|
|
|
// Admin can access admin dashboard
|
|
$this->actingAs($admin)
|
|
->get('/admin/dashboard')
|
|
->assertStatus(200);
|
|
|
|
// Standard user gets redirected to user dashboard
|
|
$this->actingAs($user)
|
|
->get('/admin/dashboard')
|
|
->assertRedirect(route('dashboard'));
|
|
}
|
|
|
|
/**
|
|
* Test blocked users are forced to logout and redirected.
|
|
*/
|
|
public function test_blocked_user_cannot_access_dashboard_and_gets_logged_out(): void
|
|
{
|
|
$user = User::create([
|
|
'name' => 'Standard User',
|
|
'email' => 'user@sentientgeeks.com',
|
|
'role' => 'user',
|
|
'is_blocked' => true,
|
|
]);
|
|
|
|
// Attempting to access dashboard logs them out and redirects
|
|
$this->actingAs($user)
|
|
->get('/dashboard')
|
|
->assertRedirect(route('login'));
|
|
|
|
$this->assertFalse(auth()->check());
|
|
}
|
|
|
|
/**
|
|
* Test restricted services are hidden from specific users.
|
|
*/
|
|
public function test_restricted_service_is_not_displayed_to_the_restricted_user(): void
|
|
{
|
|
$user = User::create([
|
|
'name' => 'Standard User',
|
|
'email' => 'user@sentientgeeks.com',
|
|
'role' => 'user',
|
|
]);
|
|
|
|
$app1 = App::create([
|
|
'name' => 'Outlook',
|
|
'url' => 'https://outlook.office.com',
|
|
'color' => '#0078d4',
|
|
'tag' => 'Microsoft 365'
|
|
]);
|
|
|
|
$app2 = App::create([
|
|
'name' => 'Keka HR',
|
|
'url' => 'https://sentientgeeks.keka.com',
|
|
'color' => '#f27059',
|
|
'tag' => 'HR Portal'
|
|
]);
|
|
|
|
// Restrict user from Keka HR
|
|
AppRestriction::create([
|
|
'email' => $user->email,
|
|
'app_id' => $app2->id,
|
|
]);
|
|
|
|
$response = $this->actingAs($user)
|
|
->get('/dashboard');
|
|
|
|
$response->assertStatus(200);
|
|
$response->assertSee('Outlook');
|
|
$response->assertDontSee('Keka HR');
|
|
}
|
|
}
|