create([ 'role' => UserRole::ADMIN, ]); $moderator = User::factory()->create([ 'role' => UserRole::MODERATOR, ]); $user = User::factory()->create([ 'role' => UserRole::USER, ]); expect(Gate::forUser($admin)->allows('viewHorizon'))->toBeTrue() ->and(Gate::forUser($admin)->allows('viewApiDocs'))->toBeTrue() ->and(Gate::forUser($moderator)->allows('viewHorizon'))->toBeFalse() ->and(Gate::forUser($moderator)->allows('viewApiDocs'))->toBeFalse() ->and(Gate::forUser($user)->allows('viewHorizon'))->toBeFalse() ->and(Gate::forUser($user)->allows('viewApiDocs'))->toBeFalse() ->and(Gate::allows('viewHorizon'))->toBeFalse() ->and(Gate::allows('viewApiDocs'))->toBeFalse(); }); it('protects the horizon dashboard outside local environments', function (): void { $admin = User::factory()->create([ 'role' => UserRole::ADMIN, ]); $moderator = User::factory()->create([ 'role' => UserRole::MODERATOR, ]); $this->get('/horizon')->assertForbidden(); $this->actingAs($moderator) ->get('/horizon') ->assertForbidden(); $this->actingAs($admin) ->get('/horizon') ->assertSuccessful(); }); it('protects the scramble documentation outside local environments', function (): void { $user = User::factory()->create([ 'role' => UserRole::USER, ]); $this->get('/docs/api')->assertForbidden(); $this->actingAs($user) ->get('/docs/api') ->assertForbidden(); });