artisan('lottery:agent-roles-sync')->assertExitCode(0); }); test('agent profile switches strip create player and child manage from effective permissions', function (): void { $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id'); $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id'); $child = AgentNode::query()->create([ 'admin_site_id' => $siteId, 'parent_id' => $rootId, 'path' => '/', 'depth' => 1, 'code' => 'cap-child', 'name' => 'Cap Child', 'status' => 1, ]); $child->path = "/{$rootId}/{$child->id}/"; $child->save(); AgentProfile::query()->create([ 'agent_node_id' => $child->id, 'total_share_rate' => 10, 'credit_limit' => 0, 'allocated_credit' => 0, 'used_credit' => 0, 'rebate_limit' => 0, 'default_player_rebate' => 0, 'settlement_cycle' => 'weekly', 'can_grant_extra_rebate' => false, 'can_create_child_agent' => false, 'can_create_player' => false, ]); $admin = AdminUser::query()->create([ 'username' => 'cap_child_agent', 'name' => 'Cap Child Agent', 'email' => null, 'password' => Hash::make('secret-strong'), 'status' => 0, ]); DB::table('admin_user_agents')->insert([ 'admin_user_id' => $admin->id, 'agent_node_id' => $child->id, 'is_primary' => true, 'granted_at' => now(), ]); $admin->syncPrimaryPlatformAgentRole($child->id); $fresh = $admin->fresh(); $profile = AdminAuthProfile::fromAdmin($fresh); $perms = $profile['permissions']; expect($perms)->toContain('prd.agent.view') ->not->toContain('prd.agent.manage') ->not->toContain('prd.users.manage'); expect($fresh->hasPermissionCode('agent.node.manage'))->toBeFalse(); expect($fresh->hasPermissionCode('service.players.manage'))->toBeFalse(); expect($profile['agent']['can_create_child_agent'])->toBeFalse(); expect($profile['agent']['can_create_player'])->toBeFalse(); }); test('agent profile switches on grant create capabilities even when platform agent role omits manage', function (): void { $siteId = (int) DB::table('admin_sites')->where('is_default', true)->value('id'); $rootId = (int) DB::table('agent_nodes')->where('admin_site_id', $siteId)->where('depth', 0)->value('id'); $child = AgentNode::query()->create([ 'admin_site_id' => $siteId, 'parent_id' => $rootId, 'path' => '/', 'depth' => 1, 'code' => 'cap-child-on', 'name' => 'Cap Child On', 'status' => 1, ]); $child->path = "/{$rootId}/{$child->id}/"; $child->save(); AgentProfile::query()->create([ 'agent_node_id' => $child->id, 'total_share_rate' => 10, 'credit_limit' => 0, 'allocated_credit' => 0, 'used_credit' => 0, 'rebate_limit' => 0, 'default_player_rebate' => 0, 'settlement_cycle' => 'weekly', 'can_grant_extra_rebate' => false, 'can_create_child_agent' => true, 'can_create_player' => true, ]); $admin = AdminUser::query()->create([ 'username' => 'cap_child_on_agent', 'name' => 'Cap Child On Agent', 'email' => null, 'password' => Hash::make('secret-strong'), 'status' => 0, ]); DB::table('admin_user_agents')->insert([ 'admin_user_id' => $admin->id, 'agent_node_id' => $child->id, 'is_primary' => true, 'granted_at' => now(), ]); $admin->syncPrimaryPlatformAgentRole($child->id); $fresh = $admin->fresh(); expect($fresh->hasPermissionCode('agent.node.manage'))->toBeTrue(); expect($fresh->hasPermissionCode('service.players.manage'))->toBeTrue(); expect($fresh->adminPermissionSlugs())->toContain('prd.agent.manage') ->and($fresh->adminPermissionSlugs())->toContain('prd.users.manage'); });