artisan('lottery:admin-auth-sync')->assertExitCode(0); }); test('super admin can provision root agent on existing integration site', function (): void { $admin = AdminUser::query()->create([ 'username' => 'line_super', 'name' => 'Line Super', 'email' => null, 'password' => Hash::make('secret-strong'), 'status' => 0, ]); grantSuperAdminRole($admin); $token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; $this->withHeader('Authorization', 'Bearer '.$token) ->postJson('/api/v1/admin/integration-sites', [ 'code' => 'line-alpha', 'name' => 'Line Alpha Site', 'status' => 1, ]) ->assertCreated() ->assertJsonPath('data.code', 'line-alpha'); $response = $this->withHeader('Authorization', 'Bearer '.$token) ->postJson('/api/v1/admin/agent-lines', [ 'site_code' => 'line-alpha', 'code' => 'line-alpha', 'name' => 'Line Alpha', 'username' => 'line_alpha_owner', 'password' => 'secret-strong', 'status' => 1, ]) ->assertCreated() ->assertJsonPath('data.code', 'line-alpha') ->assertJsonPath('data.agent_node.code', 'line-alpha') ->assertJsonPath('data.line_root.site_code', 'line-alpha') ->assertJsonMissingPath('data.secrets'); $siteId = (int) DB::table('admin_sites')->where('code', 'line-alpha')->value('id'); expect($siteId)->toBeGreaterThan(0); $root = DB::table('agent_nodes') ->where('admin_site_id', $siteId) ->where('depth', 0) ->first(); expect($root)->not->toBeNull(); expect((string) $root->code)->toBe('line-alpha'); expect( DB::table('admin_user_agents')->where('agent_node_id', (int) $root->id)->count() )->toBe(1); }); test('agent line provision rejects site that already has root', function (): void { $admin = AdminUser::query()->create([ 'username' => 'line_super2', 'name' => 'Line Super 2', 'email' => null, 'password' => Hash::make('secret-strong'), 'status' => 0, ]); grantSuperAdminRole($admin); $token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; $this->withHeader('Authorization', 'Bearer '.$token) ->postJson('/api/v1/admin/integration-sites', [ 'code' => 'line-beta', 'name' => 'Line Beta Site', ]) ->assertCreated(); $this->withHeader('Authorization', 'Bearer '.$token) ->postJson('/api/v1/admin/agent-lines', [ 'site_code' => 'line-beta', 'code' => 'line-beta', 'name' => 'Line Beta', 'username' => 'line_beta_owner', 'password' => 'secret-strong', ]) ->assertCreated(); $this->withHeader('Authorization', 'Bearer '.$token) ->postJson('/api/v1/admin/agent-lines', [ 'site_code' => 'line-beta', 'code' => 'line-beta-2', 'name' => 'Line Beta 2', 'username' => 'line_beta_owner2', 'password' => 'secret-strong', ]) ->assertStatus(422) ->assertJsonPath('data.errors.site_code.0', 'site_root_exists'); }); test('integration manager with site.manage can create integration site', function (): void { $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id'); $admin = AdminUser::query()->create([ 'username' => 'line_ops', 'name' => 'Ops', 'email' => null, 'password' => Hash::make('secret-strong'), 'status' => 0, ]); $roleId = DB::table('admin_roles')->insertGetId([ 'slug' => 'integration_ops', 'code' => 'integration_ops', 'name' => 'Integration Ops', 'description' => null, 'status' => 1, 'is_system' => false, 'sort_order' => 0, 'created_at' => now(), 'updated_at' => now(), ]); $actionId = DB::table('admin_menu_actions') ->where('permission_code', 'integration.site.manage') ->value('id'); if ($actionId !== null) { DB::table('admin_role_menu_actions')->insert([ 'role_id' => $roleId, 'menu_action_id' => (int) $actionId, ]); } DB::table('admin_user_site_roles')->insert([ 'admin_user_id' => $admin->id, 'site_id' => $siteId, 'role_id' => $roleId, 'granted_at' => now(), ]); $token = $admin->createToken('test', ['*'], now()->addDay())->plainTextToken; $this->withHeader('Authorization', 'Bearer '.$token) ->postJson('/api/v1/admin/integration-sites', [ 'code' => 'ops-site', 'name' => 'Ops Site', ]) ->assertCreated() ->assertJsonPath('data.code', 'ops-site'); });