Admin API Feature Tests

Feature tests for Admin API endpoints (/api/admin/v1/*). These endpoints require FIRM_ADMIN or platform admin roles.

Firms — `tests/Feature/Admin/FirmsTest.php`

GET /admin/firms
  ✓ platform admin sees all firms
  ✓ returns 403 for FIRM_ADMIN role (firm-scoped, not platform-level)
  ✓ returns 401 for unauthenticated request
  ✓ paginates results

POST /admin/firms
  ✓ platform admin creates a new firm with valid data
  ✓ creates the initial FIRM_ADMIN user assignment
  ✓ returns 422 for duplicate slug
  ✓ returns 422 for missing name
  ✓ returns 403 for non-platform-admin

GET /admin/firms/{firmId}
  ✓ platform admin returns firm details
  ✓ FIRM_ADMIN can view their own firm
  ✓ FIRM_ADMIN returns 403 for a different firm
  ✓ returns 404 for non-existent firm

Users — `tests/Feature/Admin/UsersTest.php`

POST /admin/users
  ✓ FIRM_ADMIN provisions user + profile + role assignment
  ✓ sends invitation email to new user
  ✓ returns 409 on duplicate email within same firm
  ✓ returns 422 for missing firm_id
  ✓ returns 422 for invalid role code
  ✓ returns 403 for non-admin role

GET /admin/users
  ✓ FIRM_ADMIN lists all profiles in their firm
  ✓ filters by role
  ✓ filters by is_active
  ✓ returns 403 for LAWYER role
  ✓ does not return profiles from a different firm

POST /admin/users/{userId}/credentials
  ✓ adds a lawyer license credential
  ✓ returns 422 for missing bar_number
  ✓ returns 422 for duplicate bar_number in same jurisdiction
  ✓ returns 403 for non-admin

DELETE /admin/users/{userId}/credentials/{credentialId}
  ✓ removes credential
  ✓ returns 404 for credential in a different firm
  ✓ returns 403 for non-admin

GET /admin/users/{userId}/credentials
  ✓ lists all credentials for user
  ✓ returns 403 for non-admin

Access Grants — `tests/Feature/Admin/AccessGrantsTest.php`

GET /admin/access-grants
  ✓ FIRM_ADMIN searches grants with resource_type filter
  ✓ filters by user_id
  ✓ filters by resource_type and resource_id
  ✓ returns 403 for non-admin

POST /admin/access-grants
  ✓ creates a resource-level VIEW grant
  ✓ creates a resource-level EDIT grant for a subresource
  ✓ returns 422 for invalid resource_type (not in RESOURCE_TYPES table)
  ✓ returns 422 for invalid access_level
  ✓ returns 403 for non-admin
  ✓ grant is scoped to current firm

DELETE /admin/access-grants/{grantId}
  ✓ revokes an existing grant
  ✓ returns 404 for grant in a different firm
  ✓ returns 403 for non-admin

Support Access — `tests/Feature/Admin/SupportAccessTest.php`

GET /admin/support-access-sessions
  ✓ platform admin lists all support sessions
  ✓ FIRM_ADMIN lists sessions for their firm only
  ✓ returns 403 for non-admin

POST /admin/support-access-sessions
  ✓ platform admin creates an impersonation session for a user
  ✓ session is logged in support_access_sessions
  ✓ returns 403 for FIRM_ADMIN (platform admin only)
  ✓ returns 422 for missing target_user_id

DELETE /admin/support-access-sessions/{sessionId}
  ✓ platform admin revokes an active session
  ✓ returns 404 for non-existent session
  ✓ returns 403 for non-platform-admin

POST /admin/resource-locks
  ✓ FIRM_ADMIN acquires an exclusive lock on a resource
  ✓ returns 409 if resource is already locked by another admin
  ✓ lock expires after configured TTL

DELETE /admin/resource-locks/{lockId}
  ✓ lock owner releases the lock
  ✓ returns 403 if requester is not the lock owner
  ✓ returns 404 for non-existent lock

Firms — tests/Feature/Admin/FirmsTest.php​

Users — tests/Feature/Admin/UsersTest.php​

Access Grants — tests/Feature/Admin/AccessGrantsTest.php​

Support Access — tests/Feature/Admin/SupportAccessTest.php​

Firms — `tests/Feature/Admin/FirmsTest.php`

Users — `tests/Feature/Admin/UsersTest.php`

Access Grants — `tests/Feature/Admin/AccessGrantsTest.php`

Support Access — `tests/Feature/Admin/SupportAccessTest.php`