[WIP] Add tenant-aware temporal role tests for RBAC

[Copilot]

Thanks for assigning this issue to me. I'm starting to work on it and will keep this PR's description up to date as I form a plan and make progress.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Implement tenant-aware temporal role tests</issue_title>
<issue_description># Implement Tenant-Aware Temporal Role Tests

Context

PR #109 (RBAC Phase 1) implements the temporal role foundation (TemporalRoleUser model, migration, User relationship override) but does not include tests due to architectural constraints.

Problem

Initial test implementation failed because:

1. Multi-tenancy constraint: model_has_roles.tenant_id is NOT NULL, but tests didn't set tenant context
2. UUID mismatch: assigned_by column expects UUID (foreign key to users.id), but tests passed integer user IDs
3. Missing tenant fixtures: No reusable test fixtures for tenant-aware role assignments

Required Tests (12 test cases)

Temporal Filtering

• Can assign role with temporal validity (valid_from + valid_until)
• Filters out future roles (valid_from > now)
• Filters out expired roles (valid_until < now)
• Includes currently active roles (valid_from <= now <= valid_until)
• Includes permanent roles (no temporal bounds)

Query Scopes

• active() scope returns only active roles
• expired() scope returns only expired roles (with auto_revoke=true)

Helper Methods

• isActive() correctly identifies active assignment
• isActive() correctly identifies inactive assignment (future)
• isExpired() correctly identifies expired assignment
• isExpired() correctly identifies non-expired assignment

Auto-Revoke

• Respects auto_revoke flag (only auto_revoke=true roles appear in expired() scope)

Implementation Requirements

Test Infrastructure

1. Create tenant-aware test fixture helper:

   // Example structure
   trait HasTenantContext {
       protected function assignRoleWithTenant(User $user, Role $role, array $pivotData = []): void
       {
           // Set tenant context via setPermissionTeam()
           // Ensure tenant_id is set in pivot data
           // Handle UUID conversion for assigned_by
       }
   }

2. Use RefreshDatabase trait

3. Set proper tenant context before role assignments

4. Use UUID strings for assigned_by field (or null)

Test Location

• Path: tests/Feature/Models/TemporalRoleUserTest.php
• Use Pest PHP syntax (matching project convention)
• Group under describe('TemporalRoleUser Pivot Model', ...)

Acceptance Criteria

• All 12 test cases implemented
• Tests pass without modifications to production code
• Proper tenant isolation (roles from different tenants don't interfere)
• No skipped tests
• Coverage meets 80% minimum for TemporalRoleUser model

Dependencies

• Depends on: PR feat: RBAC Phase 1 - Temporal Role Foundation #109 (RBAC Phase 1) being merged
• Blocks: Phase 2 complete sign-off

Related

• PR feat: RBAC Phase 1 - Temporal Role Foundation #109: RBAC Phase 1 - Temporal Role Foundation
• Issue RBAC Phase 1: Foundation & Temporal Extensions #105: RBAC Phase 1 - Temporal Role Foundation
• Issue 🔐 Implement RBAC System (Role-Based Access Control) #5: Implement Role-Based Access Control (RBAC) System (parent epic)

Notes

This is a Quality First decision: Better to ship production code without tests and track them properly, than to ship broken/skipped tests that provide no value.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Implement tenant-aware temporal role tests #110

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}