bert.hausmans
996dedc11d
Nine test files under tests/Feature/Artist/ exercising:
ArtistEngagementStateMachineTest 8 tests — terminal blocks, conditional
gates (Option/Contracted), full happy
path, cancel cascade
LaneCascadeServiceTest 5 tests — simple move, cascade-bump,
version mismatch, park, unpark
BumaVatCalculationTest 6 tests — D26 formula coverage:
Organisation/BookingAgency/NotApplicable,
VAT off, breakdown sum, zero fee
DemoteExpiredOptionsTest 4 tests — expired demote, future
untouched, non-Option untouched, run
twice → single option_expired entry
IdempotencyKey60sRedisTest 4 tests — missing header 400, first
cache, replay header, failed not cached
ArtistControllerTest 8 tests — index/create/destroy + cross-
tenant + duplicate detection + restore
StageControllerTest 7 tests — create + uniqueness, destroy
cascade-park, reorder permutation,
replaceDays orphan 409 + force_orphan
ArtistEngagementControllerTest 5 tests — index/create/update/destroy +
422 on invalid status transition
TimetableMoveControllerTest 3 tests — happy path with idempotency
header, missing header → 400, version
mismatch → 409
ArtistPolicyTest 6 tests — role checks, cross-tenant
denial, super_admin bypass, D27 active-
engagement gate
ActivityLogShapeTest 4 tests — performance.moved cascade
props, status_changed vs cancelled,
stage.day_added subject + props,
stage.reordered on Event subject
Bug fixes surfaced by Phase C:
Schema reality: events table uses `start_date`/`end_date` (date), not
`start_at`/`end_at`. Updated WithinEventBounds rule and the two stage_day
resolvers (LaneCascadeService + MoveTimetablePerformanceRequest) to
query the actual columns. ArtistResource.engagements_summary upcoming
filter likewise.
performances table has no organisation_id column (FK-chain via
engagement_id). Removed the org-id filter from the Rule::exists in
MoveTimetablePerformanceRequest; cross-tenant is caught by the policy
in TimetableMoveController.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
106 lines
3.4 KiB
PHP
106 lines
3.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Artist;
|
|
|
|
use App\Enums\Artist\ArtistEngagementStatus;
|
|
use App\Models\Artist;
|
|
use App\Models\ArtistEngagement;
|
|
use App\Models\Event;
|
|
use App\Models\Organisation;
|
|
use App\Models\User;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Tests\TestCase;
|
|
|
|
final class ArtistPolicyTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private Organisation $org;
|
|
|
|
private Organisation $otherOrg;
|
|
|
|
private User $orgAdmin;
|
|
|
|
private User $programManager;
|
|
|
|
private User $crossTenantAdmin;
|
|
|
|
private User $superAdmin;
|
|
|
|
private Artist $artist;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
|
|
$this->org = Organisation::factory()->create();
|
|
$this->otherOrg = Organisation::factory()->create();
|
|
|
|
$this->orgAdmin = User::factory()->create();
|
|
$this->org->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
|
|
|
|
$this->programManager = User::factory()->create();
|
|
$this->org->users()->attach($this->programManager, ['role' => 'program_manager']);
|
|
|
|
$this->crossTenantAdmin = User::factory()->create();
|
|
$this->otherOrg->users()->attach($this->crossTenantAdmin, ['role' => 'org_admin']);
|
|
|
|
$this->superAdmin = User::factory()->create();
|
|
$this->superAdmin->assignRole('super_admin');
|
|
|
|
$this->artist = Artist::factory()->create(['organisation_id' => $this->org->id]);
|
|
}
|
|
|
|
public function test_org_admin_can_create(): void
|
|
{
|
|
$this->assertTrue(Gate::forUser($this->orgAdmin)->allows('create', [Artist::class, $this->org]));
|
|
}
|
|
|
|
public function test_program_manager_can_update(): void
|
|
{
|
|
$this->assertTrue(Gate::forUser($this->programManager)->allows('update', $this->artist));
|
|
}
|
|
|
|
public function test_cross_tenant_admin_denied(): void
|
|
{
|
|
$this->assertFalse(Gate::forUser($this->crossTenantAdmin)->allows('view', $this->artist));
|
|
$this->assertFalse(Gate::forUser($this->crossTenantAdmin)->allows('update', $this->artist));
|
|
$this->assertFalse(Gate::forUser($this->crossTenantAdmin)->allows('delete', $this->artist));
|
|
}
|
|
|
|
public function test_super_admin_bypass(): void
|
|
{
|
|
$this->assertTrue(Gate::forUser($this->superAdmin)->allows('view', $this->artist));
|
|
$this->assertTrue(Gate::forUser($this->superAdmin)->allows('update', $this->artist));
|
|
}
|
|
|
|
public function test_delete_blocked_with_active_engagement(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->org->id]);
|
|
ArtistEngagement::factory()->create([
|
|
'artist_id' => $this->artist->id,
|
|
'event_id' => $event->id,
|
|
'booking_status' => ArtistEngagementStatus::Confirmed,
|
|
]);
|
|
|
|
$this->assertFalse(Gate::forUser($this->orgAdmin)->allows('delete', $this->artist));
|
|
}
|
|
|
|
public function test_delete_allowed_with_only_terminal_engagements(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->org->id]);
|
|
ArtistEngagement::factory()->create([
|
|
'artist_id' => $this->artist->id,
|
|
'event_id' => $event->id,
|
|
'booking_status' => ArtistEngagementStatus::Cancelled,
|
|
]);
|
|
|
|
$this->assertTrue(Gate::forUser($this->orgAdmin)->allows('delete', $this->artist));
|
|
}
|
|
}
|