feat(team-member): Complete Team Member Management capability

Implement full CRUD operations for team members with TDD approach: Backend: - TeamMemberController with REST API endpoints - TeamMemberService for business logic extraction - TeamMemberPolicy for authorization (superuser/manager access) - 14 tests passing (8 API, 6 unit tests) Frontend: - Team member list with search and status filter - Create/Edit modal with form validation - Delete confirmation with constraint checking - Currency formatting for hourly rates - Real API integration with teamMemberService Tests: - E2E tests fixed with seed data helper - All 157 tests passing (backend + frontend + E2E) Closes #22
2026-02-18 22:01:57 -05:00
parent 249e0ade8e
commit 3173d4250c
18 changed files with 1588 additions and 1100 deletions
--- a/backend/tests/Unit/Policies/TeamMemberPolicyTest.php
+++ b/backend/tests/Unit/Policies/TeamMemberPolicyTest.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+use App\Models\User;
+use App\Models\TeamMember;
+use App\Models\Role;
+use Illuminate\Support\Facades\Gate;
+
+class TeamMemberPolicyTest extends TestCase
+{
+    use RefreshDatabase;
+
+    // 2.1.18 Unit test: TeamMemberPolicy authorization
+    public function test_team_member_policy_authorization()
+    {
+        $superuser = User::factory()->create(['role' => 'superuser']);
+        $manager = User::factory()->create(['role' => 'manager']);
+        $developer = User::factory()->create(['role' => 'developer']);
+        $teamMember = TeamMember::factory()->create();
+
+        // Superuser can perform all actions
+        $this->actingAs($superuser);
+        $this->assertTrue(Gate::allows('viewAny', TeamMember::class));
+        $this->assertTrue(Gate::allows('view', $teamMember));
+        $this->assertTrue(Gate::allows('create', TeamMember::class));
+        $this->assertTrue(Gate::allows('update', $teamMember));
+        $this->assertTrue(Gate::allows('delete', $teamMember));
+
+        // Manager can perform all actions
+        $this->actingAs($manager);
+        $this->assertTrue(Gate::allows('viewAny', TeamMember::class));
+        $this->assertTrue(Gate::allows('view', $teamMember));
+        $this->assertTrue(Gate::allows('create', TeamMember::class));
+        $this->assertTrue(Gate::allows('update', $teamMember));
+        $this->assertTrue(Gate::allows('delete', $teamMember));
+
+        // Developer can only view
+        $this->actingAs($developer);
+        $this->assertTrue(Gate::allows('viewAny', TeamMember::class));
+        $this->assertTrue(Gate::allows('view', $teamMember));
+    }
+}