Files
breadcrumb-the-shire/tests/Architecture/AuthzAdminSettingsContractTest.php
fs c14d42f198 refactor(settings): split security into 4 focused tiles
Extracts user-lifecycle, audit and telemetry from the security subpage
into their own tiles, and renames the slimmed-down security subpage to
account-access for a clearer scope. Each subpage now has at most three
detail cards instead of the eight previously crowded into security.

Hub gains four tiles, sub-action redirects (expire-remember-tokens,
run-user-lifecycle) move to their new sections, architecture tests track
the new section list and i18n adds the new labels in de + en.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 08:50:05 +02:00

63 lines
3.8 KiB
PHP

<?php
namespace MintyPHP\Tests\Architecture;
use PHPUnit\Framework\TestCase;
class AuthzAdminSettingsContractTest extends TestCase
{
use ProjectFileAssertionSupport;
public function testAdminSettingsActionsUseCentralPolicies(): void
{
// Landing hub: VIEW only (no POST handler).
$indexContent = $this->readProjectFile('pages/admin/settings/index().php');
$this->assertStringContainsString('AuthorizationService::class', $indexContent);
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $indexContent);
// Subpages that expose a settings form: VIEW + UPDATE.
foreach (['general', 'account-access', 'user-lifecycle', 'audit', 'telemetry', 'email', 'api', 'sso'] as $section) {
$content = $this->readProjectFile("pages/admin/settings/{$section}().php");
$this->assertStringContainsString('AuthorizationService::class', $content, $section);
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $content, $section);
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $content, $section);
}
// Branding landing: VIEW only (uploads post to separate action files).
$brandingIndex = $this->readProjectFile('pages/admin/settings/branding().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $brandingIndex);
$logoUpload = $this->readProjectFile('pages/admin/settings/logo().php');
$this->assertStringContainsString('AuthorizationService::class', $logoUpload);
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $logoUpload);
$logoDelete = $this->readProjectFile('pages/admin/settings/logo-delete().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $logoDelete);
$faviconUpload = $this->readProjectFile('pages/admin/settings/favicon().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $faviconUpload);
$faviconDelete = $this->readProjectFile('pages/admin/settings/favicon-delete().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $faviconDelete);
$revokeApiTokens = $this->readProjectFile('pages/admin/settings/revoke-api-tokens().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE', $revokeApiTokens);
$expireRememberTokens = $this->readProjectFile('pages/admin/settings/expire-remember-tokens().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE', $expireRememberTokens);
$runUserLifecycle = $this->readProjectFile('pages/admin/settings/run-user-lifecycle().php');
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN', $runUserLifecycle);
}
public function testScheduledJobEditUsesAbilityChecksAndNoPermissionHelper(): void
{
$content = $this->readProjectFile('pages/admin/scheduled-jobs/edit($id).php');
$this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW', $content);
$this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_MANAGE', $content);
$this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW', $content);
$this->assertStringNotContainsString("can('jobs.manage')", $content);
$this->assertStringNotContainsString("can('jobs.run_now')", $content);
}
}