feat: add routes, lang, tests, stubs, docs, and docker configurations

tests/Feature/AccessControl/PermissionManagementTest.php

@@ -0,0 +1,116 @@
+<?php
+
+use App\Models\Permission;
+use App\Models\User;
+
+function grantManageAccessRightsForPerms(User $user): void
+{
+    $perm = Permission::firstOrCreate(['name' => 'manage access rights', 'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'view access rights', 'guard_name' => 'web']);
+    $user->givePermissionTo($perm);
+}
+
+test('guest cannot access permissions index', function () {
+    $this->get('/permissions')->assertRedirect('/login');
+});
+
+test('user without permission gets 403', function () {
+    $u = User::factory()->create();
+    $this->actingAs($u)->get('/permissions')->assertForbidden();
+});
+
+test('store creates a permission with web guard', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+
+    $response = $this->actingAs($admin)->postJson('/permissions', [
+        'name' => 'view.reports',
+        'guard_name' => 'web',
+    ]);
+
+    $response->assertOk()->assertJson(['success' => true]);
+    $this->assertDatabaseHas('permissions', [
+        'name' => 'view.reports',
+        'guard_name' => 'web',
+    ]);
+});
+
+test('same name allowed across different guards', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+    Permission::create(['name' => 'shared.perm', 'guard_name' => 'web']);
+
+    $this->actingAs($admin)->postJson('/permissions', [
+        'name' => 'shared.perm',
+        'guard_name' => 'api',
+    ])->assertOk();
+});
+
+test('store rejects duplicate name within same guard', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+    Permission::create(['name' => 'duplicate.perm', 'guard_name' => 'web']);
+
+    $this->actingAs($admin)->postJson('/permissions', [
+        'name' => 'duplicate.perm',
+        'guard_name' => 'web',
+    ])->assertStatus(422);
+});
+
+test('store rejects invalid guard', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+
+    $this->actingAs($admin)->postJson('/permissions', [
+        'name' => 'some.perm',
+        'guard_name' => 'console',
+    ])->assertStatus(422);
+});
+
+test('store rejects illegal characters in name', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+
+    $this->actingAs($admin)->postJson('/permissions', [
+        'name' => 'bad name with space!',
+        'guard_name' => 'web',
+    ])->assertStatus(422);
+});
+
+test('update can rename a permission', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+    $p = Permission::create(['name' => 'old.name', 'guard_name' => 'web']);
+
+    $this->actingAs($admin)->putJson("/permissions/{$p->id}", [
+        'name' => 'new.name',
+        'guard_name' => 'web',
+    ])->assertOk();
+
+    expect($p->fresh()->name)->toBe('new.name');
+});
+
+test('toggleStatus flips is_active', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+    $p = Permission::create(['name' => 'flip.able', 'guard_name' => 'web', 'is_active' => 1]);
+
+    $this->actingAs($admin)
+        ->postJson('/permissions/toggle-status', ['id' => $p->id, 'status' => 'deactivate'])
+        ->assertOk();
+    expect((bool) $p->fresh()->is_active)->toBeFalse();
+
+    $this->actingAs($admin)
+        ->postJson('/permissions/toggle-status', ['id' => $p->id, 'status' => 'activate'])
+        ->assertOk();
+    expect((bool) $p->fresh()->is_active)->toBeTrue();
+});
+
+test('destroy soft deletes permission', function () {
+    $admin = User::factory()->create();
+    grantManageAccessRightsForPerms($admin);
+    $p = Permission::create(['name' => 'to.delete', 'guard_name' => 'web']);
+
+    $this->actingAs($admin)->deleteJson("/permissions/{$p->id}")->assertOk();
+    expect(Permission::withTrashed()->find($p->id)->trashed())->toBeTrue();
+});