cms/tests/Feature/Auth/RBACPermissionTest.php

<?php

namespace Tests\Feature\Auth;

use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
use App\Models\User;
use App\Models\Role;
use Database\Seeders\RoleSeeder;

class RBACPermissionTest extends TestCase
{
    use RefreshDatabase;

    protected function setUp(): void
    {
        parent::setUp();
        $this->seed(\Database\Seeders\PermissionSeeder::class);
        $this->seed(\Database\Seeders\RoleSeeder::class);
    }

    public function test_admin_can_access_dashboard(): void
    {
        $user = User::factory()->create();
        $user->roles()->attach(Role::where('slug', 'admin')->first());

        $response = $this->actingAs($user)->get('/loom');

        $response->assertStatus(200);
        $response->assertSee('data-component="Dashboard"', false);
    }

    public function test_editor_can_access_dashboard(): void
    {
        $user = User::factory()->create();
        $user->roles()->attach(Role::where('slug', 'editor')->first());

        // Editor needs at least one of the permissions in the dashboard group
        // To access '/', they need to pass at least one 'can:X' from the group middleware.
        // The dashboard group in web.php has: can:view-themes,can:view-pages,can:view-media...

        $response = $this->actingAs($user)->get('/loom');

        $response->assertStatus(200);
    }

    public function test_regular_user_cannot_access_dashboard(): void
    {
        $user = User::factory()->create();
        $user->roles()->attach(Role::where('slug', 'user')->first());

        $response = $this->actingAs($user)->get('/loom');

        $response->assertStatus(403);
    }

    public function test_guest_is_redirected_to_login(): void
    {
        $response = $this->get('/loom');

        $response->assertRedirect('/loom/login');
    }

    public function test_protected_role_cannot_be_deleted(): void
    {
        $role = Role::where('slug', 'admin')->first();

        $this->expectException(\Exception::class);
        $this->expectExceptionMessage("The protected 'Admin' role cannot be deleted.");

        $role->delete();
    }

    public function test_protected_user_cannot_be_deleted(): void
    {
        $user = User::factory()->create(['is_protected' => true, 'email' => 'primary@admin.com']);

        $this->expectException(\Exception::class);
        $this->expectExceptionMessage("The protected user 'primary@admin.com' cannot be deleted.");

        $user->delete();
    }
}
feat(cms): initialize Laravel project structure and core CMS files - Added standard Laravel directory structure and configuration. - Included Svelte and Tailwind configuration for the admin interface. - Added core PHPUnit and testing scripts. 2026-04-13 17:48:06 +00:00			`<?php`

			`namespace Tests\Feature\Auth;`

			`use Illuminate\Foundation\Testing\RefreshDatabase;`
			`use Tests\TestCase;`
			`use App\Models\User;`
			`use App\Models\Role;`
			`use Database\Seeders\RoleSeeder;`

			`class RBACPermissionTest extends TestCase`
			`{`
			`use RefreshDatabase;`

			`protected function setUp(): void`
			`{`
			`parent::setUp();`
			`$this->seed(\Database\Seeders\PermissionSeeder::class);`
			`$this->seed(\Database\Seeders\RoleSeeder::class);`
			`}`

			`public function test_admin_can_access_dashboard(): void`
			`{`
			`$user = User::factory()->create();`
			`$user->roles()->attach(Role::where('slug', 'admin')->first());`

			`$response = $this->actingAs($user)->get('/loom');`

			`$response->assertStatus(200);`
			`$response->assertSee('data-component="Dashboard"', false);`
			`}`

			`public function test_editor_can_access_dashboard(): void`
			`{`
			`$user = User::factory()->create();`
			`$user->roles()->attach(Role::where('slug', 'editor')->first());`

			`// Editor needs at least one of the permissions in the dashboard group`
			`// To access '/', they need to pass at least one 'can:X' from the group middleware.`
			`// The dashboard group in web.php has: can:view-themes,can:view-pages,can:view-media...`

			`$response = $this->actingAs($user)->get('/loom');`

			`$response->assertStatus(200);`
			`}`

			`public function test_regular_user_cannot_access_dashboard(): void`
			`{`
			`$user = User::factory()->create();`
			`$user->roles()->attach(Role::where('slug', 'user')->first());`

			`$response = $this->actingAs($user)->get('/loom');`

			`$response->assertStatus(403);`
			`}`

			`public function test_guest_is_redirected_to_login(): void`
			`{`
			`$response = $this->get('/loom');`

			`$response->assertRedirect('/loom/login');`
			`}`

			`public function test_protected_role_cannot_be_deleted(): void`
			`{`
			`$role = Role::where('slug', 'admin')->first();`

			`$this->expectException(\Exception::class);`
			`$this->expectExceptionMessage("The protected 'Admin' role cannot be deleted.");`

			`$role->delete();`
			`}`

			`public function test_protected_user_cannot_be_deleted(): void`
			`{`
			`$user = User::factory()->create(['is_protected' => true, 'email' => 'primary@admin.com']);`

			`$this->expectException(\Exception::class);`
			`$this->expectExceptionMessage("The protected user 'primary@admin.com' cannot be deleted.");`

			`$user->delete();`
			`}`
			`}`