lotteryLaravel/tests/Feature/AdminAuthorizationAuditCommandTest.php

<?php

use Illuminate\Support\Facades\DB;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

test('admin authorization audit reports missing api resources for protected routes', function (): void {
    DB::table('admin_api_resources')
        ->where('code', 'admin.config.play-versions.index')
        ->delete();

    $this->artisan('lottery:admin-auth-audit')
        ->expectsOutputToContain('Admin authorization audit found')
        ->expectsOutputToContain('[route_coverage]')
        ->assertExitCode(1);
});

test('admin authorization audit passes on the default authorization catalog', function (): void {
    $this->artisan('lottery:admin-auth-audit')
        ->expectsOutputToContain('Admin authorization audit passed.')
        ->assertExitCode(0);
});

test('admin authorization sync can repair registry-backed api resources and pass audit', function (): void {
    DB::table('admin_api_resources')
        ->where('code', 'admin.currencies.destroy')
        ->delete();

    $this->artisan('lottery:admin-auth-audit')
        ->expectsOutputToContain('admin.currencies.destroy')
        ->assertExitCode(1);

    $this->artisan('lottery:admin-auth-sync --audit')
        ->expectsOutputToContain('Admin authorization synced')
        ->expectsOutputToContain('Admin authorization audit passed.')
        ->assertExitCode(0);

    $resourceId = DB::table('admin_api_resources')
        ->where('code', 'admin.currencies.destroy')
        ->value('id');

    expect($resourceId)->not->toBeNull();

    $bindingCount = DB::table('admin_api_resource_bindings')
        ->where('api_resource_id', (int) $resourceId)
        ->count();

    expect($bindingCount)->toBeGreaterThan(0);
});