test: assert visibility is gated on user eligibility

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Author: vitormattos

tests/php/Unit/Service/Policy/Runtime/DefaultPolicyResolverTest.php

@@ -342,6 +342,29 @@ public function testResolveCanSaveAsUserDefaultFalseWhenDefinitionDoesNotSupport
 		$this->assertFalse($resolved->canUseAsRequestOverride());
 	}
 
+	public function testResolveHidesWhenUserIsNotEligible(): void {
+		$source = new InMemoryPolicySource();
+		$source->systemLayer = (new PolicyLayer())
+			->setScope('system')
+			->setValue('none')
+			->setAllowChildOverride(true)
+			->setVisibleToChild(true);
+
+		$definition = new PolicySpec(
+			key: 'context_only_policy',
+			defaultSystemValue: 'none',
+			allowedValues: ['none', 'strict'],
+			eligibilityChecker: static fn (PolicyContext $ctx): bool => false,
+		);
+
+		$resolver = new DefaultPolicyResolver($source);
+		$resolved = $resolver->resolve($definition, PolicyContext::fromUserId('john'));
+
+		$this->assertFalse($resolved->isVisible(), 'Policy must be hidden when user is not eligible');
+		$this->assertFalse($resolved->canSaveAsUserDefault());
+		$this->assertFalse($resolved->canUseAsRequestOverride());
+	}
+
 	private function getValueChoiceDefinition(): PolicySpec {
 		return new PolicySpec(
 			key: 'signature_flow',