readProjectFile('pages/admin/settings/index().php'); $this->assertStringContainsString('AuthorizationService::class', $indexContent); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $indexContent); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $indexContent); $logoUpload = $this->readProjectFile('pages/admin/settings/logo().php'); $this->assertStringContainsString('AuthorizationService::class', $logoUpload); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $logoUpload); $logoDelete = $this->readProjectFile('pages/admin/settings/logo-delete().php'); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $logoDelete); $faviconUpload = $this->readProjectFile('pages/admin/settings/favicon().php'); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $faviconUpload); $faviconDelete = $this->readProjectFile('pages/admin/settings/favicon-delete().php'); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $faviconDelete); $revokeApiTokens = $this->readProjectFile('pages/admin/settings/revoke-api-tokens().php'); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE', $revokeApiTokens); $expireRememberTokens = $this->readProjectFile('pages/admin/settings/expire-remember-tokens().php'); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE', $expireRememberTokens); $runUserLifecycle = $this->readProjectFile('pages/admin/settings/run-user-lifecycle().php'); $this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN', $runUserLifecycle); } public function testScheduledJobEditUsesAbilityChecksAndNoPermissionHelper(): void { $content = $this->readProjectFile('pages/admin/scheduled-jobs/edit($id).php'); $this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW', $content); $this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_MANAGE', $content); $this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW', $content); $this->assertStringNotContainsString("can('jobs.manage')", $content); $this->assertStringNotContainsString("can('jobs.run_now')", $content); } }