Phase 3: Expand unit test coverage for service classes and models

[dkwiebe]

Summary

Test coverage is currently focused on feature/integration tests for the webhook and auth flows. Service classes and model logic have no unit test coverage, making refactoring riskier.

Areas to Cover

ProjectAccessService (unit tests)

• getAccessibleProjects: super admin gets all projects; regular user gets only assigned
• getAdminProjects: returns only projects where pivot role = 'admin'
• hasAccessToProjectId: returns true/false correctly
• getAccessibleProjectIds: returns correct ID array

Email model computed appends (unit tests)

• status append: computed correctly from recipients' statuses
• destination append: returns correct address(es) from recipients

SnsPayloadParser (unit tests — after Phase 3 refactor issue)

• SNS-wrapped format parsed correctly
• Direct SES format parsed and synthetic MessageId generated
• Unknown format throws expected exception

SesEventProcessor (unit tests — after Phase 3 refactor issue)

• Each event type (send, delivery, bounce, complaint, open, click, rendering_failure, delivery_delay, subscription) creates the correct records
• Duplicate events are idempotent (no duplicate DB rows)

Policy unit tests (after Phase 3 policy issue)

• Super admin passes all policy checks
• Project admin passes manage but not create
• Regular user fails manage and create

Acceptance Criteria

• php artisan test reports >80% class coverage for the above classes
• All new tests are isolated (use RefreshDatabase or in-memory SQLite; no external HTTP)