seed(RoleSeeder::class); } public function test_dashboard_requires_authentication(): void { $this->get('/dashboard')->assertRedirect('/login'); } public function test_staff_sees_only_own_requests(): void { $staff = User::factory()->create(); $staff->assignRole('staff'); $otherUser = User::factory()->create(); $otherUser->assignRole('staff'); TravelRequest::factory()->create(['user_id' => $staff->id]); TravelRequest::factory()->create(['user_id' => $otherUser->id]); $response = $this->actingAs($staff)->get('/dashboard'); $response->assertStatus(200); } public function test_approver_can_see_all_requests(): void { $approver = User::factory()->create(); $approver->assignRole('travel_approver'); $staff1 = User::factory()->create(); $staff1->assignRole('staff'); $staff2 = User::factory()->create(); $staff2->assignRole('staff'); TravelRequest::factory()->create(['user_id' => $staff1->id]); TravelRequest::factory()->create(['user_id' => $staff2->id]); $response = $this->actingAs($approver)->get('/dashboard'); $response->assertStatus(200); } }