Add tests to validate the disabled elevated session behavior.

Author: nicbovee

tests/Auth/ElevatedSessionTest.php

@@ -300,6 +300,47 @@ public function middleware_denies_request_when_elevated_session_has_expired_via_
             ->assertJson(['message' => __('Requires an elevated session.')]);
     }
 
+    #[Test]
+    public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled()
+    {
+        config(['statamic.users.elevated_session_disabled' => true]);
+
+        $this->actingAs($this->user);
+
+        $this
+            ->get('/requires-elevated-session')
+            ->assertOk()
+            ->assertSee('ok');
+    }
+
+    #[Test]
+    public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled_even_if_session_expired()
+    {
+        config(['statamic.users.elevated_session_disabled' => true]);
+
+        $this->actingAs($this->user);
+
+        $this
+            ->withElevatedSession(now()->subMinutes(16))
+            ->get('/requires-elevated-session')
+            ->assertOk()
+            ->assertSee('ok');
+    }
+
+    #[Test]
+    public function middleware_does_not_require_elevated_session_when_elevated_session_is_disabled_via_json()
+    {
+        config(['statamic.users.elevated_session_disabled' => true]);
+
+        $this->actingAs($this->user);
+
+        $this
+            ->withElevatedSession(now()->subMinutes(16))
+            ->getJson('/requires-elevated-session')
+            ->assertOk()
+            ->assertSee('ok');
+    }
+
     #[Test]
     public function the_session_is_elevated_upon_login()
     {

tests/Feature/Roles/StoreRoleTest.php

@@ -68,6 +68,26 @@ public function it_denies_access_without_active_elevated_session()
             ->assertRedirect('/cp/auth/confirm-password');
     }
 
+    #[Test]
+    public function it_allows_storing_a_role_without_elevated_session_when_elevated_sessions_are_disabled()
+    {
+        config(['statamic.users.elevated_session_disabled' => true]);
+
+        $this
+            ->actingAsUserWithPermissions(['edit roles'])
+            ->store([
+                'title' => 'No Elevated Session',
+                'handle' => 'no_elevated_session',
+                'permissions' => ['one', 'two'],
+            ])
+            ->assertOk()
+            ->assertJson(['redirect' => cp_route('roles.index')]);
+
+        $role = Role::find('no_elevated_session');
+        $this->assertEquals('No Elevated Session', $role->title());
+        $this->assertEquals(['one', 'two'], $role->permissions()->all());
+    }
+
     #[Test]
     public function it_stores_a_role()
     {