Files
breadcrumb-the-shire/tests/Architecture/AuthzUiTemplateContractTest.php
fs c14d42f198 refactor(settings): split security into 4 focused tiles
Extracts user-lifecycle, audit and telemetry from the security subpage
into their own tiles, and renames the slimmed-down security subpage to
account-access for a clearer scope. Each subpage now has at most three
detail cards instead of the eight previously crowded into security.

Hub gains four tiles, sub-action redirects (expire-remember-tokens,
run-user-lifecycle) move to their new sections, architecture tests track
the new section list and i18n adds the new labels in de + en.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 08:50:05 +02:00

108 lines
5.4 KiB
PHP

<?php
namespace MintyPHP\Tests\Architecture;
use PHPUnit\Framework\TestCase;
class AuthzUiTemplateContractTest extends TestCase
{
use ProjectFileAssertionSupport;
public function testAdminTenantTemplatesUseServerCapabilities(): void
{
$indexTemplate = $this->readProjectFile('pages/admin/tenants/index(default).phtml');
$this->assertStringNotContainsString("can('tenants.create')", $indexTemplate);
$this->assertStringContainsString('$canCreateTenants', $indexTemplate);
$createTemplate = $this->readProjectFile('pages/admin/tenants/create(default).phtml');
$this->assertStringNotContainsString("can('custom_fields.manage')", $createTemplate);
$this->assertStringNotContainsString("can('tenants.sso_manage')", $createTemplate);
$this->assertStringContainsString('$canManageCustomFields', $createTemplate);
$this->assertStringContainsString('$canManageSso', $createTemplate);
}
public function testAdminDepartmentsListTemplateUsesServerCapabilities(): void
{
$content = $this->readProjectFile('pages/admin/departments/index(default).phtml');
$this->assertStringNotContainsString("can('departments.create')", $content);
$this->assertStringContainsString('$canCreateDepartments', $content);
}
public function testAdminRoleTemplatesUseServerCapabilities(): void
{
$indexTemplate = $this->readProjectFile('pages/admin/roles/index(default).phtml');
$this->assertStringNotContainsString("can('roles.create')", $indexTemplate);
$this->assertStringContainsString('$canCreateRoles', $indexTemplate);
$editTemplate = $this->readProjectFile('pages/admin/roles/edit(default).phtml');
$this->assertStringNotContainsString("can('roles.update')", $editTemplate);
$this->assertStringNotContainsString("can('roles.delete')", $editTemplate);
$this->assertStringContainsString('$canUpdateRole', $editTemplate);
$this->assertStringContainsString('$canDeleteRole', $editTemplate);
}
public function testAdminPermissionTemplatesUseServerCapabilities(): void
{
$indexTemplate = $this->readProjectFile('pages/admin/permissions/index(default).phtml');
$this->assertStringNotContainsString("can('permissions.create')", $indexTemplate);
$this->assertStringContainsString('$canCreatePermissions', $indexTemplate);
$editTemplate = $this->readProjectFile('pages/admin/permissions/edit(default).phtml');
$this->assertStringNotContainsString("can('permissions.update')", $editTemplate);
$this->assertStringNotContainsString("can('permissions.delete')", $editTemplate);
$this->assertStringContainsString('$canUpdatePermission', $editTemplate);
$this->assertStringContainsString('$canDeletePermission', $editTemplate);
}
public function testAdminSettingsTemplateUsesServerCapabilities(): void
{
// Settings was split into a landing hub + per-section subpages.
// The form-carrying subpages must use the server-side $canUpdateSettings
// capability instead of the legacy can() helper.
foreach (['general', 'account-access', 'user-lifecycle', 'audit', 'telemetry', 'email', 'api', 'sso', 'branding'] as $section) {
$templateContent = $this->readProjectFile("pages/admin/settings/{$section}(default).phtml");
$this->assertStringNotContainsString("can('settings.update')", $templateContent, $section);
$this->assertStringContainsString('$canUpdateSettings', $templateContent, $section);
}
}
public function testAdminUserEditTemplateUsesServerCapabilities(): void
{
$content = $this->readProjectFile('pages/admin/users/edit(default).phtml');
$this->assertStringNotContainsString("can('users.", $content);
$this->assertStringNotContainsString("can('permissions.view')", $content);
$this->assertStringContainsString('$canViewSecurityArtifacts', $content);
}
public function testHardCutTemplatesDoNotUseLegacyCanHelper(): void
{
$templates = [
'templates/partials/app-main-aside.phtml',
'templates/partials/app-main-aside-icon-bar.phtml',
'modules/audit/pages/audit/api-audit/index(default).phtml',
'modules/audit/pages/audit/system-audit/index(default).phtml',
'modules/audit/pages/audit/import-audit/index(default).phtml',
'pages/admin/scheduled-jobs/index(default).phtml',
'pages/admin/stats/index(default).phtml',
'modules/audit/pages/audit/user-lifecycle-audit/index(default).phtml',
'modules/audit/pages/audit/user-lifecycle-audit/view(default).phtml',
'pages/admin/users/index(default).phtml',
'pages/admin/users/create(default).phtml',
'pages/admin/tenants/edit(default).phtml',
'pages/admin/departments/edit(default).phtml',
];
foreach ($templates as $template) {
$content = $this->readProjectFile($template);
$this->assertStringNotContainsString("can('", $content, $template);
}
}
public function testStatsTemplateDefinesAuditTabAndPanel(): void
{
$content = $this->readProjectFile('pages/admin/stats/index(default).phtml');
$this->assertStringContainsString('data-tab="audit"', $content);
$this->assertStringContainsString('data-tab-panel="audit"', $content);
}
}