sls/tests/Feature/SecurityAndAdminTest.php
2026-06-24 14:21:01 +05:30

162 lines
4.5 KiB
PHP

<?php
namespace Tests\Feature;
use App\Models\User;
use App\Models\App;
use App\Models\Role;
use App\Models\UserAppOverride;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class SecurityAndAdminTest extends TestCase
{
use RefreshDatabase;
/**
* Test admin role middleware restrictions.
*/
public function test_admin_can_access_admin_dashboard_but_not_standard_users(): void
{
$admin = User::create([
'name' => 'Admin User',
'email' => 'admin@company.com',
'role' => 'admin',
]);
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
]);
// Unauthenticated user is redirected to login
$this->get('/admin/dashboard')
->assertRedirect(route('login'));
// Admin can access admin dashboard
$this->actingAs($admin)
->get('/admin/dashboard')
->assertStatus(200);
// Standard user gets allowed standard user access to dashboard (our middleware handles this)
$this->actingAs($user)
->get('/admin/dashboard')
->assertRedirect(route('dashboard'));
}
/**
* Test blocked users are forced to logout and redirected.
*/
public function test_blocked_user_cannot_access_dashboard_and_gets_logged_out(): void
{
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
'is_blocked' => true,
]);
// Attempting to access dashboard logs them out and redirects
$this->actingAs($user)
->get('/dashboard')
->assertRedirect(route('login'));
$this->assertFalse(auth()->check());
}
/**
* Test restricted services are hidden from specific users via deny overrides.
*/
public function test_restricted_service_is_not_displayed_to_the_restricted_user(): void
{
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
]);
$app1 = App::create([
'name' => 'Outlook',
'url' => 'https://outlook.office.com',
'color' => '#0078d4',
'tag' => 'Microsoft 365'
]);
$app2 = App::create([
'name' => 'Keka HR',
'url' => 'https://sentientgeeks.keka.com',
'color' => '#f27059',
'tag' => 'HR Portal'
]);
// Create a role and associate both apps
$role = Role::create(['name' => 'Employee']);
$role->apps()->sync([$app1->id, $app2->id]);
// Assign role to user
$user->roles()->sync([$role->id]);
// Restrict user from Keka HR using override
UserAppOverride::create([
'user_id' => $user->id,
'app_id' => $app2->id,
'type' => 'deny',
]);
$response = $this->actingAs($user)
->get('/dashboard');
$response->assertStatus(200);
$response->assertSee('Outlook');
$response->assertDontSee('Keka HR');
}
/**
* Test additional services are displayed to specific users via allow overrides.
*/
public function test_additional_service_is_displayed_to_the_user(): void
{
$user = User::create([
'name' => 'Standard User',
'email' => 'user@sentientgeeks.com',
'role' => 'user',
]);
$app1 = App::create([
'name' => 'Outlook',
'url' => 'https://outlook.office.com',
'color' => '#0078d4',
'tag' => 'Microsoft 365'
]);
$app2 = App::create([
'name' => 'Keka HR',
'url' => 'https://sentientgeeks.keka.com',
'color' => '#f27059',
'tag' => 'HR Portal'
]);
// Create a role that only has Outlook
$role = Role::create(['name' => 'Intern']);
$role->apps()->sync([$app1->id]);
// Assign role to user
$user->roles()->sync([$role->id]);
// Add Keka HR as extra service using override
UserAppOverride::create([
'user_id' => $user->id,
'app_id' => $app2->id,
'type' => 'allow',
]);
$response = $this->actingAs($user)
->get('/dashboard');
$response->assertStatus(200);
$response->assertSee('Outlook');
$response->assertSee('Keka HR');
}
}