team = Team::factory()->create(); $this->user = User::factory()->create(); $this->team->members()->attach($this->user->id, ['role' => 'owner']); session(['currentTeam' => $this->team]); }); describe('POST /api/v1/projects', function () { test('read-only token cannot create a project', function () { $token = $this->user->createToken('read-only', ['read']); $response = $this->withHeaders([ 'Authorization' => 'Bearer '.$token->plainTextToken, 'Content-Type' => 'application/json', ])->postJson('/api/v1/projects', [ 'name' => 'Test Project', ]); $response->assertStatus(403); }); test('write token can create a project', function () { $token = $this->user->createToken('write-token', ['write']); $response = $this->withHeaders([ 'Authorization' => 'Bearer '.$token->plainTextToken, 'Content-Type' => 'application/json', ])->postJson('/api/v1/projects', [ 'name' => 'Test Project', ]); $response->assertStatus(201); $response->assertJsonStructure(['uuid']); }); test('root token can create a project', function () { $token = $this->user->createToken('root-token', ['root']); $response = $this->withHeaders([ 'Authorization' => 'Bearer '.$token->plainTextToken, 'Content-Type' => 'application/json', ])->postJson('/api/v1/projects', [ 'name' => 'Test Project', ]); $response->assertStatus(201); $response->assertJsonStructure(['uuid']); }); }); describe('POST /api/v1/servers', function () { test('read-only token cannot create a server', function () { $token = $this->user->createToken('read-only', ['read']); $response = $this->withHeaders([ 'Authorization' => 'Bearer '.$token->plainTextToken, 'Content-Type' => 'application/json', ])->postJson('/api/v1/servers', [ 'name' => 'Test Server', 'ip' => '1.2.3.4', 'private_key_uuid' => 'fake-uuid', ]); $response->assertStatus(403); }); }); describe('GET /api/v1/servers/{uuid}/validate', function () { test('read-only token cannot trigger server validation', function () { $token = $this->user->createToken('read-only', ['read']); $response = $this->withHeaders([ 'Authorization' => 'Bearer '.$token->plainTextToken, ])->getJson('/api/v1/servers/fake-uuid/validate'); $response->assertStatus(403); }); }); describe('POST /api/v1/cloud-tokens/{uuid}/validate', function () { test('read-only token cannot validate cloud provider token', function () { $token = $this->user->createToken('read-only', ['read']); $response = $this->withHeaders([ 'Authorization' => 'Bearer '.$token->plainTextToken, 'Content-Type' => 'application/json', ])->postJson('/api/v1/cloud-tokens/fake-uuid/validate'); $response->assertStatus(403); }); });