0]); $this->team = Team::factory()->create(); $this->admin = User::factory()->create(); $this->admin->teams()->attach($this->team, ['role' => 'admin']); $this->member = User::factory()->create(); $this->member->teams()->attach($this->team, ['role' => 'member']); $keyId = DB::table('private_keys')->insertGetId([ 'uuid' => (string) Str::uuid(), 'name' => 'Test Key', 'private_key' => 'test-key', 'team_id' => $this->team->id, 'created_at' => now(), 'updated_at' => now(), ]); $this->server = Server::factory()->create([ 'team_id' => $this->team->id, 'private_key_id' => $keyId, ]); StandaloneDocker::withoutEvents(function () { $this->destination = StandaloneDocker::firstOrCreate( ['server_id' => $this->server->id, 'network' => 'coolify'], ['uuid' => (string) Str::uuid(), 'name' => 'test-docker'] ); }); $this->project = Project::create([ 'uuid' => (string) Str::uuid(), 'name' => 'Test Project', 'team_id' => $this->team->id, ]); $this->environment = $this->project->environments()->first(); $this->application = Application::factory()->create([ 'uuid' => (string) Str::uuid(), 'name' => 'Test App', 'environment_id' => $this->environment->id, 'destination_id' => $this->destination->id, 'destination_type' => $this->destination->getMorphClass(), 'status' => 'running', ]); $this->database = StandalonePostgresql::create([ 'uuid' => (string) Str::uuid(), 'name' => 'Test DB', 'postgres_user' => 'postgres', 'postgres_password' => 'password', 'postgres_db' => 'testdb', 'image' => 'postgres:15', 'status' => 'running', 'environment_id' => $this->environment->id, 'destination_id' => $this->destination->id, 'destination_type' => $this->destination->getMorphClass(), ]); $this->service = Service::create([ 'uuid' => (string) Str::uuid(), 'name' => 'Test Service', 'environment_id' => $this->environment->id, 'destination_id' => $this->destination->id, 'destination_type' => $this->destination->getMorphClass(), 'docker_compose_raw' => 'version: "3"', ]); }); // --- Danger Zone: Application --- test('admin can delete application', function () { expect($this->admin->can('delete', $this->application))->toBeTrue(); }); test('member cannot delete application via danger zone', function () { $this->actingAs($this->member); session(['currentTeam' => $this->team]); Livewire::test(Danger::class, ['resource' => $this->application]) ->call('delete', 'password') ->assertDispatched('error'); }); // --- Danger Zone: Database --- test('admin can delete database', function () { expect($this->admin->can('delete', $this->database))->toBeTrue(); }); test('member cannot delete database via danger zone', function () { $this->actingAs($this->member); session(['currentTeam' => $this->team]); Livewire::test(Danger::class, ['resource' => $this->database]) ->call('delete', 'password') ->assertDispatched('error'); }); // --- Danger Zone: Service --- test('admin can delete service', function () { expect($this->admin->can('delete', $this->service))->toBeTrue(); }); test('member cannot delete service via danger zone', function () { $this->actingAs($this->member); session(['currentTeam' => $this->team]); Livewire::test(Danger::class, ['resource' => $this->service]) ->call('delete', 'password') ->assertDispatched('error'); }); // --- Tags: Application --- test('member cannot add tag to application', function () { $this->actingAs($this->member); session(['currentTeam' => $this->team]); Livewire::test(Tags::class, ['resource' => $this->application]) ->set('newTags', 'test-tag') ->call('submit') ->assertDispatched('error'); }); test('admin can add tag to application', function () { expect($this->admin->can('update', $this->application))->toBeTrue(); }); // --- Webhooks: Application --- test('member cannot update application webhooks', function () { $this->actingAs($this->member); session(['currentTeam' => $this->team]); Livewire::test(Webhooks::class, ['resource' => $this->application]) ->call('submit') ->assertDispatched('error'); }); test('admin can update application webhooks', function () { expect($this->admin->can('update', $this->application))->toBeTrue(); }); // --- Resource Limits (policy checks, mount requires full resource data) --- test('member cannot update application resource limits', function () { expect($this->member->can('update', $this->application))->toBeFalse(); }); test('admin can update application resource limits', function () { expect($this->admin->can('update', $this->application))->toBeTrue(); }); test('member cannot update database resource limits', function () { expect($this->member->can('update', $this->database))->toBeFalse(); }); test('member cannot update service resource limits', function () { expect($this->member->can('update', $this->service))->toBeFalse(); }); // --- Environment Variables (Policy checks) --- test('admin can manage application environment variables', function () { expect($this->admin->can('manageEnvironment', $this->application))->toBeTrue(); }); test('member cannot manage application environment variables', function () { expect($this->member->can('manageEnvironment', $this->application))->toBeFalse(); }); test('admin can manage database environment variables', function () { expect($this->admin->can('manageEnvironment', $this->database))->toBeTrue(); }); test('member cannot manage database environment variables', function () { expect($this->member->can('manageEnvironment', $this->database))->toBeFalse(); }); test('admin can manage service environment variables', function () { expect($this->admin->can('manageEnvironment', $this->service))->toBeTrue(); }); test('member cannot manage service environment variables', function () { expect($this->member->can('manageEnvironment', $this->service))->toBeFalse(); }); // --- Project Policy --- test('admin can update project', function () { expect($this->admin->can('update', $this->project))->toBeTrue(); }); test('member cannot update project', function () { expect($this->member->can('update', $this->project))->toBeFalse(); }); test('admin can delete project', function () { expect($this->admin->can('delete', $this->project))->toBeTrue(); }); test('member cannot delete project', function () { expect($this->member->can('delete', $this->project))->toBeFalse(); }); // --- Environment Policy --- test('admin can delete environment', function () { expect($this->admin->can('delete', $this->environment))->toBeTrue(); }); test('member cannot delete environment', function () { expect($this->member->can('delete', $this->environment))->toBeFalse(); }); // --- Team Policy --- test('admin can update team', function () { $this->actingAs($this->admin); session(['currentTeam' => $this->team]); expect(auth()->user()->can('update', $this->team))->toBeTrue(); }); test('member cannot update team', function () { $this->actingAs($this->member); session(['currentTeam' => $this->team]); expect(auth()->user()->can('update', $this->team))->toBeFalse(); });