Compare commits
5 Commits
248-privat
...
dev
| Author | SHA1 | Date | |
|---|---|---|---|
| 7613e339c4 | |||
| 7ee4909212 | |||
| 72bfb37ba7 | |||
| aacd82849a | |||
| ff3392892b |
8
.github/agents/copilot-instructions.md
vendored
8
.github/agents/copilot-instructions.md
vendored
@ -260,6 +260,10 @@ ## Active Technologies
|
||||
- PostgreSQL via existing `managed_tenant_onboarding_sessions`, `provider_connections`, `operation_runs`, and stored permission-posture data; no new persistence planned (240-tenant-onboarding-readiness)
|
||||
- PHP 8.4 (Laravel 12) + Laravel 12 + Filament v5 + Livewire v4 + Pest; existing `OperationRunLinks`, `GovernanceRunDiagnosticSummaryBuilder`, `ProviderReasonTranslator`, `RelatedNavigationResolver`, `RedactionIntegrity`, `WorkspaceAuditLogger` (241-support-diagnostic-pack)
|
||||
- PostgreSQL via existing `operation_runs`, `provider_connections`, `findings`, `stored_reports`, `tenant_reviews`, `review_packs`, and `audit_logs`; no new persistence planned (241-support-diagnostic-pack)
|
||||
- PHP 8.4, Laravel 12 + Filament v5, Livewire v4, Pest v4, existing review/evidence/review-pack/audit/RBAC support services (249-customer-review-workspace)
|
||||
- PostgreSQL via existing `tenant_reviews`, `review_packs`, `evidence_snapshots`, findings / finding-exception truth, workspace memberships, and `audit_logs`; no new persistence planned (249-customer-review-workspace)
|
||||
- PHP 8.4 (Laravel 12) + Filament v5 + Livewire v4, existing workspace settings stack (`SettingsRegistry`, `SettingsResolver`, `SettingsWriter`), `WorkspaceEntitlementResolver`, `ReviewPackService`, system directory detail page (251-commercial-entitlements-billing-state)
|
||||
- PostgreSQL via existing `workspace_settings` rows plus existing audit log records; no new table or billing/account model (251-commercial-entitlements-billing-state)
|
||||
|
||||
- PHP 8.4.15 (feat/005-bulk-operations)
|
||||
|
||||
@ -294,9 +298,9 @@ ## Code Style
|
||||
PHP 8.4.15: Follow standard conventions
|
||||
|
||||
## Recent Changes
|
||||
- 251-commercial-entitlements-billing-state: Added PHP 8.4 (Laravel 12) + Filament v5 + Livewire v4, existing workspace settings stack (`SettingsRegistry`, `SettingsResolver`, `SettingsWriter`), `WorkspaceEntitlementResolver`, `ReviewPackService`, system directory detail page
|
||||
- 249-customer-review-workspace: Added PHP 8.4, Laravel 12 + Filament v5, Livewire v4, Pest v4, existing review/evidence/review-pack/audit/RBAC support services
|
||||
- 241-support-diagnostic-pack: Added PHP 8.4 (Laravel 12) + Laravel 12 + Filament v5 + Livewire v4 + Pest; existing `OperationRunLinks`, `GovernanceRunDiagnosticSummaryBuilder`, `ProviderReasonTranslator`, `RelatedNavigationResolver`, `RedactionIntegrity`, `WorkspaceAuditLogger`
|
||||
- 240-tenant-onboarding-readiness: Added PHP 8.4 (Laravel 12) + Laravel 12 + Filament v5 + Livewire v4 + Pest; existing onboarding services (`OnboardingLifecycleService`, `OnboardingDraftStageResolver`), provider connection summary, verification assist, and Ops-UX helpers
|
||||
- 239-canonical-operation-type-source-of-truth: Added PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + existing `App\Support\OperationCatalog`, `App\Support\OperationRunType`, `App\Services\OperationRunService`, `App\Services\Providers\ProviderOperationRegistry`, `App\Services\Providers\ProviderOperationStartGate`, `App\Filament\Resources\OperationRunResource`, `App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard`, `App\Support\Filament\FilterOptionCatalog`, `App\Support\OpsUx\OperationUxPresenter`, `App\Support\References\Resolvers\OperationRunReferenceResolver`, `App\Services\Audit\AuditEventBuilder`, Pest v4
|
||||
<!-- MANUAL ADDITIONS START -->
|
||||
|
||||
### Pre-production compatibility check
|
||||
|
||||
@ -9,4 +9,9 @@
|
||||
class Login extends BaseLogin
|
||||
{
|
||||
protected string $view = 'filament.pages.auth.login';
|
||||
|
||||
public function getTitle(): string
|
||||
{
|
||||
return __('localization.auth.sign_in_microsoft');
|
||||
}
|
||||
}
|
||||
|
||||
494
apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
Normal file
494
apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
Normal file
@ -0,0 +1,494 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Filament\Pages\Governance;
|
||||
|
||||
use App\Filament\Pages\Findings\FindingsIntakeQueue;
|
||||
use App\Filament\Pages\Findings\MyFindingsInbox;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\Auth\CapabilityResolver;
|
||||
use App\Services\Auth\WorkspaceCapabilityResolver;
|
||||
use App\Services\TenantReviews\TenantReviewRegisterService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\GovernanceInbox\GovernanceInboxSectionBuilder;
|
||||
use App\Support\Navigation\CanonicalNavigationContext;
|
||||
use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
|
||||
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
|
||||
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
|
||||
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceSlot;
|
||||
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceType;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use BackedEnum;
|
||||
use Filament\Facades\Filament;
|
||||
use Filament\Pages\Page;
|
||||
use Illuminate\Support\Str;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use UnitEnum;
|
||||
|
||||
class GovernanceInbox extends Page
|
||||
{
|
||||
protected static bool $isDiscovered = false;
|
||||
|
||||
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-inbox-stack';
|
||||
|
||||
protected static string|UnitEnum|null $navigationGroup = 'Governance';
|
||||
|
||||
protected static ?string $navigationLabel = 'Governance inbox';
|
||||
|
||||
protected static ?int $navigationSort = 5;
|
||||
|
||||
protected static ?string $title = 'Governance inbox';
|
||||
|
||||
protected static ?string $slug = 'governance/inbox';
|
||||
|
||||
protected string $view = 'filament.pages.governance.governance-inbox';
|
||||
|
||||
/**
|
||||
* @var array<int, Tenant>|null
|
||||
*/
|
||||
private ?array $authorizedTenants = null;
|
||||
|
||||
/**
|
||||
* @var array<int, Tenant>|null
|
||||
*/
|
||||
private ?array $visibleFindingTenants = null;
|
||||
|
||||
/**
|
||||
* @var array<int, Tenant>|null
|
||||
*/
|
||||
private ?array $reviewTenants = null;
|
||||
|
||||
/**
|
||||
* @var array<string, mixed>|null
|
||||
*/
|
||||
private ?array $inboxPayload = null;
|
||||
|
||||
/**
|
||||
* @var array<string, mixed>|null
|
||||
*/
|
||||
private ?array $unfilteredInboxPayload = null;
|
||||
|
||||
private ?Workspace $workspace = null;
|
||||
|
||||
private ?bool $visibleAlertsFamily = null;
|
||||
|
||||
public ?int $tenantId = null;
|
||||
|
||||
public ?string $family = null;
|
||||
|
||||
public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
|
||||
{
|
||||
return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::ListOnlyReadOnly, ActionSurfaceType::ReadOnlyRegistryReport)
|
||||
->satisfy(ActionSurfaceSlot::ListHeader, 'Header actions keep the workspace decision surface calm and read-only.')
|
||||
->satisfy(ActionSurfaceSlot::InspectAffordance, ActionSurfaceInspectAffordance::ClickableRow->value)
|
||||
->exempt(ActionSurfaceSlot::ListRowMoreMenu, 'The governance inbox routes into existing source surfaces instead of exposing row-level secondary actions.')
|
||||
->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'The governance inbox does not expose bulk actions.')
|
||||
->satisfy(ActionSurfaceSlot::ListEmptyState, 'Empty states stay calm and capability-safe when no visible attention exists.')
|
||||
->exempt(ActionSurfaceSlot::DetailHeader, 'The governance inbox owns no local detail surface in v1.');
|
||||
}
|
||||
|
||||
public function mount(): void
|
||||
{
|
||||
$this->authorizeWorkspaceMembership();
|
||||
$this->applyRequestedTenantPrefilter();
|
||||
$this->family = $this->resolveRequestedFamily();
|
||||
$this->ensureAtLeastOneVisibleFamily();
|
||||
$this->ensureRequestedFamilyIsVisible();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function appliedScope(): array
|
||||
{
|
||||
$selectedTenant = $this->selectedTenant();
|
||||
$availableFamilies = collect($this->availableFamilies())
|
||||
->keyBy('key');
|
||||
|
||||
return [
|
||||
'workspace_label' => $this->workspace()?->name,
|
||||
'tenant_label' => $selectedTenant?->name,
|
||||
'tenant_prefilter_source' => $selectedTenant instanceof Tenant ? 'explicit_filter' : 'none',
|
||||
'family_key' => $this->family,
|
||||
'family_label' => $this->family !== null
|
||||
? ($availableFamilies->get($this->family)['label'] ?? Str::headline($this->family))
|
||||
: 'All attention',
|
||||
'total_count' => (int) ($this->inboxPayload()['total_count'] ?? 0),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<array{key: string, label: string, count: int}>
|
||||
*/
|
||||
public function availableFamilies(): array
|
||||
{
|
||||
return $this->inboxPayload()['available_families'] ?? [];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<array<string, mixed>>
|
||||
*/
|
||||
public function sections(): array
|
||||
{
|
||||
return $this->inboxPayload()['sections'] ?? [];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function calmEmptyState(): array
|
||||
{
|
||||
if ($this->tenantFilterAloneExcludesRows()) {
|
||||
return [
|
||||
'title' => 'This tenant filter is hiding other visible attention',
|
||||
'body' => 'The current tenant scope is calm, but other visible tenants in this workspace still have governance attention.',
|
||||
'action_label' => 'Clear tenant filter',
|
||||
'action_url' => $this->pageUrl(['tenant' => null]),
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
'title' => 'No visible governance attention right now',
|
||||
'body' => 'The current workspace scope is calm across the visible governance families.',
|
||||
'action_label' => null,
|
||||
'action_url' => null,
|
||||
];
|
||||
}
|
||||
|
||||
public function hasTenantPrefilter(): bool
|
||||
{
|
||||
return $this->selectedTenant() instanceof Tenant;
|
||||
}
|
||||
|
||||
public function isActiveFamily(?string $familyKey): bool
|
||||
{
|
||||
return $this->family === $familyKey;
|
||||
}
|
||||
|
||||
public function pageUrl(array $overrides = []): string
|
||||
{
|
||||
$selectedTenant = $this->selectedTenant();
|
||||
$resolvedTenant = array_key_exists('tenant', $overrides)
|
||||
? $overrides['tenant']
|
||||
: ($selectedTenant?->getKey() !== null ? (string) $selectedTenant->getKey() : null);
|
||||
$resolvedFamily = array_key_exists('family', $overrides)
|
||||
? $overrides['family']
|
||||
: $this->family;
|
||||
|
||||
return static::getUrl(
|
||||
panel: 'admin',
|
||||
parameters: array_filter([
|
||||
'tenant_id' => is_string($resolvedTenant) && $resolvedTenant !== '' ? $resolvedTenant : null,
|
||||
'family' => is_string($resolvedFamily) && $resolvedFamily !== '' ? $resolvedFamily : null,
|
||||
], static fn (mixed $value): bool => $value !== null && $value !== ''),
|
||||
);
|
||||
}
|
||||
|
||||
public function navigationContext(): CanonicalNavigationContext
|
||||
{
|
||||
return new CanonicalNavigationContext(
|
||||
sourceSurface: 'governance.inbox',
|
||||
canonicalRouteName: static::getRouteName(Filament::getPanel('admin')),
|
||||
tenantId: $this->tenantId,
|
||||
backLinkLabel: 'Back to governance inbox',
|
||||
backLinkUrl: $this->pageUrl(),
|
||||
);
|
||||
}
|
||||
|
||||
private function authorizeWorkspaceMembership(): void
|
||||
{
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
if (! $workspace instanceof Workspace) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$resolver = app(WorkspaceCapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $workspace)) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
}
|
||||
|
||||
private function ensureAtLeastOneVisibleFamily(): void
|
||||
{
|
||||
if (
|
||||
$this->hasVisibleOperationsFamily()
|
||||
|| $this->visibleFindingTenants() !== []
|
||||
|| $this->reviewTenants() !== []
|
||||
|| $this->hasVisibleAlertsFamily()
|
||||
) {
|
||||
return;
|
||||
}
|
||||
|
||||
abort(403);
|
||||
}
|
||||
|
||||
private function ensureRequestedFamilyIsVisible(): void
|
||||
{
|
||||
if ($this->family === null) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (in_array($this->family, collect($this->availableFamilies())->pluck('key')->all(), true)) {
|
||||
return;
|
||||
}
|
||||
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
private function hasVisibleOperationsFamily(): bool
|
||||
{
|
||||
return $this->authorizedTenants() !== [];
|
||||
}
|
||||
|
||||
private function hasVisibleAlertsFamily(): bool
|
||||
{
|
||||
if (is_bool($this->visibleAlertsFamily)) {
|
||||
return $this->visibleAlertsFamily;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->visibleAlertsFamily = false;
|
||||
}
|
||||
|
||||
return $this->visibleAlertsFamily = app(WorkspaceCapabilityResolver::class)->can($user, $workspace, Capabilities::ALERTS_VIEW);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, Tenant>
|
||||
*/
|
||||
private function visibleFindingTenants(): array
|
||||
{
|
||||
if ($this->visibleFindingTenants !== null) {
|
||||
return $this->visibleFindingTenants;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$tenants = $this->authorizedTenants();
|
||||
|
||||
if (! $user instanceof User || $tenants === []) {
|
||||
return $this->visibleFindingTenants = [];
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
$resolver->primeMemberships(
|
||||
$user,
|
||||
array_map(static fn (Tenant $tenant): int => (int) $tenant->getKey(), $tenants),
|
||||
);
|
||||
|
||||
return $this->visibleFindingTenants = array_values(array_filter(
|
||||
$tenants,
|
||||
fn (Tenant $tenant): bool => $resolver->can($user, $tenant, Capabilities::TENANT_FINDINGS_VIEW),
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, Tenant>
|
||||
*/
|
||||
private function reviewTenants(): array
|
||||
{
|
||||
if ($this->reviewTenants !== null) {
|
||||
return $this->reviewTenants;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->reviewTenants = [];
|
||||
}
|
||||
|
||||
$service = app(TenantReviewRegisterService::class);
|
||||
|
||||
if (! $service->canAccessWorkspace($user, $workspace)) {
|
||||
return $this->reviewTenants = [];
|
||||
}
|
||||
|
||||
return $this->reviewTenants = $service->authorizedTenants($user, $workspace);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, Tenant>
|
||||
*/
|
||||
private function authorizedTenants(): array
|
||||
{
|
||||
if ($this->authorizedTenants !== null) {
|
||||
return $this->authorizedTenants;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->authorizedTenants = [];
|
||||
}
|
||||
|
||||
return $this->authorizedTenants = $user->tenants()
|
||||
->where('tenants.workspace_id', (int) $workspace->getKey())
|
||||
->where('tenants.status', 'active')
|
||||
->orderBy('tenants.name')
|
||||
->get(['tenants.id', 'tenants.name', 'tenants.external_id', 'tenants.workspace_id'])
|
||||
->all();
|
||||
}
|
||||
|
||||
private function applyRequestedTenantPrefilter(): void
|
||||
{
|
||||
$requestedTenant = request()->query('tenant_id', request()->query('tenant'));
|
||||
|
||||
if (! is_string($requestedTenant) && ! is_numeric($requestedTenant)) {
|
||||
return;
|
||||
}
|
||||
|
||||
foreach ($this->authorizedTenants() as $tenant) {
|
||||
if ((string) $tenant->getKey() !== (string) $requestedTenant && (string) $tenant->external_id !== (string) $requestedTenant) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$this->tenantId = (int) $tenant->getKey();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
private function resolveRequestedFamily(): ?string
|
||||
{
|
||||
$family = request()->query('family');
|
||||
|
||||
if (! is_string($family)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return in_array($family, [
|
||||
'assigned_findings',
|
||||
'intake_findings',
|
||||
'stale_operations',
|
||||
'alert_delivery_failures',
|
||||
'review_follow_up',
|
||||
], true) ? $family : null;
|
||||
}
|
||||
|
||||
private function workspace(): ?Workspace
|
||||
{
|
||||
if ($this->workspace instanceof Workspace) {
|
||||
return $this->workspace;
|
||||
}
|
||||
|
||||
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
|
||||
|
||||
if (! is_int($workspaceId)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $this->workspace = Workspace::query()->whereKey($workspaceId)->first();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function inboxPayload(): array
|
||||
{
|
||||
if (is_array($this->inboxPayload)) {
|
||||
return $this->inboxPayload;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->inboxPayload = [
|
||||
'sections' => [],
|
||||
'available_families' => [],
|
||||
'family_counts' => [],
|
||||
'total_count' => 0,
|
||||
];
|
||||
}
|
||||
|
||||
return $this->inboxPayload = app(GovernanceInboxSectionBuilder::class)->build(
|
||||
user: $user,
|
||||
workspace: $workspace,
|
||||
authorizedTenants: $this->authorizedTenants(),
|
||||
visibleFindingTenants: $this->visibleFindingTenants(),
|
||||
reviewTenants: $this->reviewTenants(),
|
||||
canViewAlerts: $this->hasVisibleAlertsFamily(),
|
||||
selectedTenant: $this->selectedTenant(),
|
||||
selectedFamily: $this->family,
|
||||
navigationContext: $this->navigationContext(),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function unfilteredInboxPayload(): array
|
||||
{
|
||||
if (is_array($this->unfilteredInboxPayload)) {
|
||||
return $this->unfilteredInboxPayload;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->unfilteredInboxPayload = [
|
||||
'sections' => [],
|
||||
'available_families' => [],
|
||||
'family_counts' => [],
|
||||
'total_count' => 0,
|
||||
];
|
||||
}
|
||||
|
||||
return $this->unfilteredInboxPayload = app(GovernanceInboxSectionBuilder::class)->build(
|
||||
user: $user,
|
||||
workspace: $workspace,
|
||||
authorizedTenants: $this->authorizedTenants(),
|
||||
visibleFindingTenants: $this->visibleFindingTenants(),
|
||||
reviewTenants: $this->reviewTenants(),
|
||||
canViewAlerts: $this->hasVisibleAlertsFamily(),
|
||||
selectedTenant: null,
|
||||
selectedFamily: null,
|
||||
navigationContext: $this->navigationContext(),
|
||||
);
|
||||
}
|
||||
|
||||
private function selectedTenant(): ?Tenant
|
||||
{
|
||||
if (! is_int($this->tenantId)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
foreach ($this->authorizedTenants() as $tenant) {
|
||||
if ((int) $tenant->getKey() === $this->tenantId) {
|
||||
return $tenant;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private function tenantFilterAloneExcludesRows(): bool
|
||||
{
|
||||
if (! is_int($this->tenantId) || $this->family !== null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->sections() !== []) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return (int) ($this->unfilteredInboxPayload()['total_count'] ?? 0) > 0;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,515 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Filament\Pages\Reviews;
|
||||
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\TenantReviews\TenantReviewRegisterService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Findings\FindingOutcomeSemantics;
|
||||
use App\Support\Filament\TablePaginationProfiles;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthEnvelope;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\CompressedGovernanceOutcome;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\SurfaceCompressionContext;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use BackedEnum;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Pages\Page;
|
||||
use Filament\Tables\Columns\TextColumn;
|
||||
use Filament\Tables\Concerns\InteractsWithTable;
|
||||
use Filament\Tables\Contracts\HasTable;
|
||||
use Filament\Tables\Filters\SelectFilter;
|
||||
use Filament\Tables\Table;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use UnitEnum;
|
||||
|
||||
class CustomerReviewWorkspace extends Page implements HasTable
|
||||
{
|
||||
use InteractsWithTable;
|
||||
|
||||
public const string DETAIL_CONTEXT_QUERY_KEY = 'customer_workspace';
|
||||
|
||||
private const string SOURCE_SURFACE = 'customer_review_workspace';
|
||||
|
||||
protected static bool $isDiscovered = false;
|
||||
|
||||
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-document-text';
|
||||
|
||||
protected static string|UnitEnum|null $navigationGroup = 'Reporting';
|
||||
|
||||
protected static ?string $navigationLabel = 'Customer reviews';
|
||||
|
||||
protected static ?int $navigationSort = 44;
|
||||
|
||||
protected static ?string $title = 'Customer Review Workspace';
|
||||
|
||||
protected static ?string $slug = 'reviews/workspace';
|
||||
|
||||
protected string $view = 'filament.pages.reviews.customer-review-workspace';
|
||||
|
||||
public static function getNavigationGroup(): string
|
||||
{
|
||||
return __('localization.review.reporting');
|
||||
}
|
||||
|
||||
public static function getNavigationLabel(): string
|
||||
{
|
||||
return __('localization.review.customer_reviews');
|
||||
}
|
||||
|
||||
public function getTitle(): string
|
||||
{
|
||||
return __('localization.review.customer_review_workspace');
|
||||
}
|
||||
|
||||
public static function tenantPrefilterUrl(Tenant $tenant): string
|
||||
{
|
||||
$tenantIdentifier = filled($tenant->external_id)
|
||||
? (string) $tenant->external_id
|
||||
: (string) $tenant->getKey();
|
||||
|
||||
return static::getUrl(panel: 'admin').'?'.http_build_query([
|
||||
'tenant' => $tenantIdentifier,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @var array<int, Tenant>|null
|
||||
*/
|
||||
private ?array $authorizedTenants = null;
|
||||
|
||||
public function mount(): void
|
||||
{
|
||||
$this->authorizePageAccess();
|
||||
$this->applyRequestedTenantPrefilter();
|
||||
$this->mountInteractsWithTable();
|
||||
}
|
||||
|
||||
protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
Action::make('clear_filters')
|
||||
->label(__('localization.review.clear_filters'))
|
||||
->icon('heroicon-o-x-mark')
|
||||
->color('gray')
|
||||
->visible(fn (): bool => $this->hasActiveFilters())
|
||||
->action(function (): void {
|
||||
$this->clearWorkspaceFilters();
|
||||
}),
|
||||
];
|
||||
}
|
||||
|
||||
public function table(Table $table): Table
|
||||
{
|
||||
return $table
|
||||
->query(fn (): Builder => $this->workspaceQuery())
|
||||
->defaultSort('name')
|
||||
->paginated(TablePaginationProfiles::customPage())
|
||||
->persistFiltersInSession()
|
||||
->persistSearchInSession()
|
||||
->persistSortInSession()
|
||||
->recordUrl(fn (Tenant $record): ?string => $this->latestReviewUrl($record))
|
||||
->columns([
|
||||
TextColumn::make('name')->label(__('localization.review.tenant'))->searchable()->sortable(),
|
||||
TextColumn::make('latest_review')
|
||||
->label(__('localization.review.latest_review'))
|
||||
->badge()
|
||||
->getStateUsing(fn (Tenant $record): string => $this->latestReviewStateLabel($record))
|
||||
->color(fn (Tenant $record): string => $this->latestReviewStateColor($record))
|
||||
->icon(fn (Tenant $record): ?string => $this->latestReviewStateIcon($record))
|
||||
->iconColor(fn (Tenant $record): ?string => $this->latestReviewStateIconColor($record))
|
||||
->description(fn (Tenant $record): ?string => $this->reviewOutcomeDescription($record))
|
||||
->wrap(),
|
||||
TextColumn::make('finding_summary')
|
||||
->label(__('localization.review.key_findings'))
|
||||
->getStateUsing(fn (Tenant $record): string => $this->findingSummary($record))
|
||||
->wrap(),
|
||||
TextColumn::make('accepted_risk_summary')
|
||||
->label(__('localization.review.accepted_risks'))
|
||||
->getStateUsing(fn (Tenant $record): string => $this->acceptedRiskSummary($record))
|
||||
->wrap(),
|
||||
TextColumn::make('published_at')
|
||||
->label(__('localization.review.published'))
|
||||
->getStateUsing(fn (Tenant $record): ?string => $this->latestPublishedAt($record)?->toDateTimeString())
|
||||
->dateTime()
|
||||
->placeholder('—'),
|
||||
TextColumn::make('review_pack_state')
|
||||
->label(__('localization.review.review_pack'))
|
||||
->getStateUsing(fn (Tenant $record): string => $this->reviewPackAvailability($record)),
|
||||
])
|
||||
->filters([
|
||||
SelectFilter::make('tenant_id')
|
||||
->label(__('localization.review.tenant'))
|
||||
->options(fn (): array => $this->tenantFilterOptions())
|
||||
->default(fn (): ?string => $this->defaultTenantFilter())
|
||||
->query(function (Builder $query, array $data): Builder {
|
||||
$tenantId = $data['value'] ?? null;
|
||||
|
||||
return is_numeric($tenantId)
|
||||
? $query->whereKey((int) $tenantId)
|
||||
: $query;
|
||||
})
|
||||
->searchable(),
|
||||
])
|
||||
->actions([
|
||||
Action::make('open_latest_review')
|
||||
->label(__('localization.review.open_latest_review'))
|
||||
->icon('heroicon-o-arrow-top-right-on-square')
|
||||
->url(fn (Tenant $record): ?string => $this->latestReviewUrl($record))
|
||||
->visible(fn (Tenant $record): bool => $this->latestPublishedReview($record) instanceof TenantReview),
|
||||
Action::make('download_review_pack')
|
||||
->label(__('localization.review.download_review_pack'))
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->url(fn (Tenant $record): ?string => $this->latestReviewPackDownloadUrl($record))
|
||||
->openUrlInNewTab()
|
||||
->visible(fn (Tenant $record): bool => is_string($this->latestReviewPackDownloadUrl($record))),
|
||||
])
|
||||
->bulkActions([])
|
||||
->emptyStateHeading(__('localization.review.no_entitled_tenants'))
|
||||
->emptyStateDescription(fn (): string => $this->hasActiveFilters()
|
||||
? __('localization.review.clear_filters_description')
|
||||
: __('localization.review.adjust_filters_description'))
|
||||
->emptyStateActions([
|
||||
Action::make('clear_filters_empty')
|
||||
->label(__('localization.review.clear_filters'))
|
||||
->icon('heroicon-o-x-mark')
|
||||
->color('gray')
|
||||
->visible(fn (): bool => $this->hasActiveFilters())
|
||||
->action(fn (): mixed => $this->clearWorkspaceFilters()),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, Tenant>
|
||||
*/
|
||||
public function authorizedTenants(): array
|
||||
{
|
||||
if ($this->authorizedTenants !== null) {
|
||||
return $this->authorizedTenants;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->authorizedTenants = [];
|
||||
}
|
||||
|
||||
return $this->authorizedTenants = app(TenantReviewRegisterService::class)->authorizedTenants($user, $workspace);
|
||||
}
|
||||
|
||||
private function authorizePageAccess(): void
|
||||
{
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
if (! $workspace instanceof Workspace) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$service = app(TenantReviewRegisterService::class);
|
||||
|
||||
if (! $service->canAccessWorkspace($user, $workspace)) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if ($this->authorizedTenants() === []) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
}
|
||||
|
||||
private function workspaceQuery(): Builder
|
||||
{
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return Tenant::query()->whereRaw('1 = 0');
|
||||
}
|
||||
|
||||
return app(TenantReviewRegisterService::class)->customerWorkspaceTenantQuery($user, $workspace);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
private function tenantFilterOptions(): array
|
||||
{
|
||||
return collect($this->authorizedTenants())
|
||||
->mapWithKeys(static fn (Tenant $tenant): array => [
|
||||
(string) $tenant->getKey() => $tenant->name,
|
||||
])
|
||||
->all();
|
||||
}
|
||||
|
||||
private function defaultTenantFilter(): ?string
|
||||
{
|
||||
$tenantId = app(WorkspaceContext::class)->lastTenantId(request());
|
||||
|
||||
return is_int($tenantId) && array_key_exists($tenantId, $this->authorizedTenants())
|
||||
? (string) $tenantId
|
||||
: null;
|
||||
}
|
||||
|
||||
private function applyRequestedTenantPrefilter(): void
|
||||
{
|
||||
$requestedTenant = request()->query('tenant', request()->query('tenant_id'));
|
||||
|
||||
if (! is_string($requestedTenant) && ! is_numeric($requestedTenant)) {
|
||||
return;
|
||||
}
|
||||
|
||||
foreach ($this->authorizedTenants() as $tenant) {
|
||||
if ((string) $tenant->getKey() !== (string) $requestedTenant && (string) $tenant->external_id !== (string) $requestedTenant) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$this->tableFilters['tenant_id']['value'] = (string) $tenant->getKey();
|
||||
$this->tableDeferredFilters['tenant_id']['value'] = (string) $tenant->getKey();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
private function hasActiveFilters(): bool
|
||||
{
|
||||
return $this->currentTenantFilterId() !== null;
|
||||
}
|
||||
|
||||
private function clearWorkspaceFilters(): void
|
||||
{
|
||||
app(WorkspaceContext::class)->clearLastTenantId(request());
|
||||
$this->removeTableFilters();
|
||||
}
|
||||
|
||||
private function currentTenantFilterId(): ?int
|
||||
{
|
||||
$tenantFilter = data_get($this->tableFilters, 'tenant_id.value');
|
||||
|
||||
if (! is_numeric($tenantFilter)) {
|
||||
$tenantFilter = data_get(session()->get($this->getTableFiltersSessionKey(), []), 'tenant_id.value');
|
||||
}
|
||||
|
||||
return is_numeric($tenantFilter) ? (int) $tenantFilter : null;
|
||||
}
|
||||
|
||||
private function workspace(): ?Workspace
|
||||
{
|
||||
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
|
||||
|
||||
return is_numeric($workspaceId)
|
||||
? Workspace::query()->whereKey((int) $workspaceId)->first()
|
||||
: null;
|
||||
}
|
||||
|
||||
private function latestPublishedReview(Tenant $tenant): ?TenantReview
|
||||
{
|
||||
$review = $tenant->tenantReviews->first();
|
||||
|
||||
return $review instanceof TenantReview ? $review : null;
|
||||
}
|
||||
|
||||
private function latestReviewUrl(Tenant $tenant): ?string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant, 'tenant').'?'.http_build_query([
|
||||
self::DETAIL_CONTEXT_QUERY_KEY => 1,
|
||||
]);
|
||||
}
|
||||
|
||||
private function latestReviewPack(Tenant $tenant): ?ReviewPack
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
$pack = $review?->currentExportReviewPack;
|
||||
|
||||
return $pack instanceof ReviewPack ? $pack : null;
|
||||
}
|
||||
|
||||
private function latestReviewPackDownloadUrl(Tenant $tenant): ?string
|
||||
{
|
||||
$user = auth()->user();
|
||||
$pack = $this->latestReviewPack($tenant);
|
||||
|
||||
if (! $user instanceof User || ! $pack instanceof ReviewPack) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($pack->status !== ReviewPackStatus::Ready->value) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($pack->expires_at !== null && $pack->expires_at->isPast()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return app(ReviewPackService::class)->generateDownloadUrl($pack, [
|
||||
'source_surface' => self::SOURCE_SURFACE,
|
||||
]);
|
||||
}
|
||||
|
||||
private function latestPublishedAt(Tenant $tenant): ?\Illuminate\Support\Carbon
|
||||
{
|
||||
return $this->latestPublishedReview($tenant)?->published_at;
|
||||
}
|
||||
|
||||
private function reviewTruth(Tenant $tenant): ?ArtifactTruthEnvelope
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
return $review instanceof TenantReview
|
||||
? app(ArtifactTruthPresenter::class)->forTenantReview($review)
|
||||
: null;
|
||||
}
|
||||
|
||||
private function reviewOutcome(Tenant $tenant): ?CompressedGovernanceOutcome
|
||||
{
|
||||
$presenter = app(ArtifactTruthPresenter::class);
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
$truth = $this->reviewTruth($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview || ! $truth instanceof ArtifactTruthEnvelope) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::reviewRegister())
|
||||
?? $presenter->compressedOutcomeFromEnvelope($truth, SurfaceCompressionContext::reviewRegister());
|
||||
}
|
||||
|
||||
private function latestReviewStateLabel(Tenant $tenant): string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryLabel ?? __('localization.review.no_published_review');
|
||||
}
|
||||
|
||||
private function latestReviewStateColor(Tenant $tenant): string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryBadge->color ?? 'gray';
|
||||
}
|
||||
|
||||
private function latestReviewStateIcon(Tenant $tenant): ?string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryBadge->icon;
|
||||
}
|
||||
|
||||
private function latestReviewStateIconColor(Tenant $tenant): ?string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryBadge->iconColor;
|
||||
}
|
||||
|
||||
private function reviewOutcomeDescription(Tenant $tenant): ?string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return __('localization.review.no_published_review_available');
|
||||
}
|
||||
|
||||
$primaryReason = $this->reviewOutcome($tenant)?->primaryReason;
|
||||
$summary = is_array($review->summary) ? $review->summary : [];
|
||||
$findingOutcomes = $summary['finding_outcomes'] ?? null;
|
||||
|
||||
if (! is_array($findingOutcomes)) {
|
||||
return $primaryReason;
|
||||
}
|
||||
|
||||
$findingOutcomeSummary = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);
|
||||
|
||||
if ($findingOutcomeSummary === null) {
|
||||
return $primaryReason;
|
||||
}
|
||||
|
||||
return trim($primaryReason.' '.__('localization.review.terminal_outcomes').': '.$findingOutcomeSummary.'.');
|
||||
}
|
||||
|
||||
private function findingSummary(Tenant $tenant): string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return __('localization.review.no_published_review_available');
|
||||
}
|
||||
|
||||
$summary = is_array($review->summary) ? $review->summary : [];
|
||||
$findingCount = (int) ($summary['finding_count'] ?? 0);
|
||||
$findingOutcomes = is_array($summary['finding_outcomes'] ?? null) ? $summary['finding_outcomes'] : [];
|
||||
$terminalOutcomes = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);
|
||||
|
||||
if ($findingCount === 0) {
|
||||
return __('localization.review.no_findings_recorded');
|
||||
}
|
||||
|
||||
if ($terminalOutcomes === null) {
|
||||
return __('localization.review.findings_count_summary', ['count' => $findingCount]);
|
||||
}
|
||||
|
||||
return __('localization.review.findings_count_with_outcomes', [
|
||||
'count' => $findingCount,
|
||||
'outcomes' => $terminalOutcomes,
|
||||
]);
|
||||
}
|
||||
|
||||
private function acceptedRiskSummary(Tenant $tenant): string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return __('localization.review.no_published_review_available');
|
||||
}
|
||||
|
||||
$summary = is_array($review->summary) ? $review->summary : [];
|
||||
$riskAcceptance = is_array($summary['risk_acceptance'] ?? null) ? $summary['risk_acceptance'] : [];
|
||||
$statusMarkedCount = (int) ($riskAcceptance['status_marked_count'] ?? 0);
|
||||
$validGovernedCount = (int) ($riskAcceptance['valid_governed_count'] ?? 0);
|
||||
$warningCount = (int) ($riskAcceptance['warning_count'] ?? 0);
|
||||
|
||||
return match (true) {
|
||||
$statusMarkedCount === 0 => __('localization.review.no_accepted_risks_recorded'),
|
||||
$warningCount > 0 => __('localization.review.accepted_risks_need_follow_up', ['warnings' => $warningCount, 'total' => $statusMarkedCount]),
|
||||
$validGovernedCount > 0 => __('localization.review.accepted_risks_governed', ['count' => $validGovernedCount]),
|
||||
default => __('localization.review.accepted_risks_on_record', ['count' => $statusMarkedCount]),
|
||||
};
|
||||
}
|
||||
|
||||
private function reviewPackAvailability(Tenant $tenant): string
|
||||
{
|
||||
$pack = $this->latestReviewPack($tenant);
|
||||
|
||||
if (! $pack instanceof ReviewPack) {
|
||||
return __('localization.review.unavailable');
|
||||
}
|
||||
|
||||
if ($pack->status !== ReviewPackStatus::Ready->value) {
|
||||
return __('localization.review.unavailable');
|
||||
}
|
||||
|
||||
if ($pack->expires_at !== null && $pack->expires_at->isPast()) {
|
||||
return __('localization.review.unavailable');
|
||||
}
|
||||
|
||||
return __('localization.review.available');
|
||||
}
|
||||
}
|
||||
@ -178,9 +178,23 @@ public function table(Table $table): Table
|
||||
&& auth()->user()->can(Capabilities::TENANT_REVIEW_MANAGE, $record->tenant)
|
||||
&& in_array($record->status, ['ready', 'published'], true))
|
||||
->disabled(fn (TenantReview $record): bool => (bool) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['is_blocked'] ?? false))
|
||||
->tooltip(fn (TenantReview $record): ?string => (bool) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['is_blocked'] ?? false)
|
||||
? (string) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['block_reason'] ?? '')
|
||||
: null)
|
||||
->tooltip(function (TenantReview $record): ?string {
|
||||
$decision = app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant);
|
||||
|
||||
if ((bool) ($decision['is_blocked'] ?? false)) {
|
||||
$reason = $decision['block_reason'] ?? null;
|
||||
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
if ((bool) ($decision['is_warning'] ?? false)) {
|
||||
$reason = $decision['warning_reason'] ?? null;
|
||||
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
return null;
|
||||
})
|
||||
->action(fn (TenantReview $record): mixed => TenantReviewResource::executeExport($record)),
|
||||
])
|
||||
->bulkActions([])
|
||||
|
||||
@ -7,9 +7,12 @@
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Support\Ai\AiPolicyMode;
|
||||
use App\Support\Ai\AiUseCaseCatalog;
|
||||
use App\Services\Auth\WorkspaceCapabilityResolver;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Entitlements\WorkspacePlanProfileCatalog;
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\Capabilities;
|
||||
@ -22,6 +25,7 @@
|
||||
use BackedEnum;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Forms\Components\KeyValue;
|
||||
use Filament\Forms\Components\Placeholder;
|
||||
use Filament\Forms\Components\Select;
|
||||
use Filament\Forms\Components\Textarea;
|
||||
use Filament\Forms\Components\TextInput;
|
||||
@ -54,6 +58,8 @@ class WorkspaceSettings extends Page
|
||||
* @var array<string, array{domain: string, key: string, type: 'int'|'json'|'string'|'bool'}>
|
||||
*/
|
||||
private const SETTING_FIELDS = [
|
||||
'ai_policy_mode' => ['domain' => 'ai', 'key' => 'policy_mode', 'type' => 'string'],
|
||||
'localization_default_locale' => ['domain' => 'localization', 'key' => 'default_locale', 'type' => 'string'],
|
||||
'backup_retention_keep_last_default' => ['domain' => 'backup', 'key' => 'retention_keep_last_default', 'type' => 'int'],
|
||||
'backup_retention_min_floor' => ['domain' => 'backup', 'key' => 'retention_min_floor', 'type' => 'int'],
|
||||
'drift_severity_mapping' => ['domain' => 'drift', 'key' => 'severity_mapping', 'type' => 'json'],
|
||||
@ -149,17 +155,22 @@ protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
Action::make('save')
|
||||
->label('Save')
|
||||
->label(__('localization.workspace.save'))
|
||||
->action(function (): void {
|
||||
$this->save();
|
||||
})
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->tooltip(fn (): ?string => $this->currentUserCanManage()
|
||||
? null
|
||||
: 'You do not have permission to manage workspace settings.'),
|
||||
: __('localization.workspace.no_manage_permission')),
|
||||
];
|
||||
}
|
||||
|
||||
public function getTitle(): string
|
||||
{
|
||||
return __('localization.workspace.title');
|
||||
}
|
||||
|
||||
public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
|
||||
{
|
||||
return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::ListOnlyReadOnly)
|
||||
@ -204,6 +215,18 @@ public function content(Schema $schema): Schema
|
||||
return $schema
|
||||
->statePath('data')
|
||||
->schema([
|
||||
Section::make(__('localization.workspace.section'))
|
||||
->description($this->sectionDescription('localization', __('localization.workspace.section_description')))
|
||||
->schema([
|
||||
Select::make('localization_default_locale')
|
||||
->label(__('localization.workspace.default_locale_label'))
|
||||
->options(LocaleResolver::localeOptions())
|
||||
->placeholder(__('localization.workspace.default_locale_placeholder'))
|
||||
->native(false)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->localeDefaultHelperText())
|
||||
->hintAction($this->makeResetAction('localization_default_locale')),
|
||||
]),
|
||||
Section::make('Workspace entitlements')
|
||||
->description($this->sectionDescription('entitlements', 'Select a plan profile and optional first-slice overrides for onboarding activation and review pack generation.'))
|
||||
->columns(2)
|
||||
@ -248,6 +271,27 @@ public function content(Schema $schema): Schema
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->reviewPackGenerationReasonHelperText()),
|
||||
]),
|
||||
Section::make('Workspace AI policy')
|
||||
->description($this->sectionDescription('ai', 'Control whether the workspace disables AI entirely or allows approved internal-only drafts on private-only infrastructure.'))
|
||||
->schema([
|
||||
Select::make('ai_policy_mode')
|
||||
->label('AI posture')
|
||||
->options(AiPolicyMode::optionLabels())
|
||||
->placeholder('Unset (uses default)')
|
||||
->native(false)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->aiPolicyModeHelperText())
|
||||
->hintAction($this->makeResetAction('ai_policy_mode')),
|
||||
Placeholder::make('ai_approved_use_cases')
|
||||
->label('Approved use cases')
|
||||
->content(fn (): string => $this->aiApprovedUseCasesText()),
|
||||
Placeholder::make('ai_allowed_provider_classes')
|
||||
->label('Allowed provider classes')
|
||||
->content(fn (): string => $this->aiAllowedProviderClassesText()),
|
||||
Placeholder::make('ai_blocked_data_classifications')
|
||||
->label('Blocked data classifications')
|
||||
->content(fn (): string => $this->aiBlockedDataClassificationsText()),
|
||||
]),
|
||||
Section::make('Backup settings')
|
||||
->description($this->sectionDescription('backup', 'Workspace defaults used when a schedule has no explicit value.'))
|
||||
->schema([
|
||||
@ -482,7 +526,7 @@ public function save(): void
|
||||
$this->loadFormState();
|
||||
|
||||
Notification::make()
|
||||
->title($changedSettingsCount > 0 ? 'Workspace settings saved' : 'No settings changes to save')
|
||||
->title($changedSettingsCount > 0 ? __('localization.notifications.workspace_settings_saved') : __('localization.notifications.workspace_settings_unchanged'))
|
||||
->success()
|
||||
->send();
|
||||
}
|
||||
@ -501,7 +545,7 @@ public function resetSetting(string $field): void
|
||||
|
||||
if ($this->workspaceOverrideForField($field) === null) {
|
||||
Notification::make()
|
||||
->title('Setting already uses default')
|
||||
->title(__('localization.notifications.setting_already_default'))
|
||||
->success()
|
||||
->send();
|
||||
|
||||
@ -518,7 +562,7 @@ public function resetSetting(string $field): void
|
||||
$this->loadFormState();
|
||||
|
||||
Notification::make()
|
||||
->title('Workspace setting reset to default')
|
||||
->title(__('localization.notifications.workspace_setting_reset'))
|
||||
->success()
|
||||
->send();
|
||||
}
|
||||
@ -667,18 +711,17 @@ private function sectionDescription(string $domain, string $baseDescription): st
|
||||
/** @var Carbon $updatedAt */
|
||||
$updatedAt = $meta['updated_at'];
|
||||
|
||||
return sprintf(
|
||||
'%s — Last modified by %s, %s.',
|
||||
$baseDescription,
|
||||
$meta['user_name'],
|
||||
$updatedAt->diffForHumans(),
|
||||
);
|
||||
return __('localization.workspace.last_modified_by', [
|
||||
'description' => $baseDescription,
|
||||
'user' => $meta['user_name'],
|
||||
'time' => $updatedAt->diffForHumans(),
|
||||
]);
|
||||
}
|
||||
|
||||
private function makeResetAction(string $field): Action
|
||||
{
|
||||
return Action::make('reset_'.$field)
|
||||
->label('Reset')
|
||||
->label(__('localization.workspace.reset'))
|
||||
->color('danger')
|
||||
->requiresConfirmation()
|
||||
->action(function () use ($field): void {
|
||||
@ -693,15 +736,15 @@ private function makeResetAction(string $field): Action
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage() || ! $this->canResetField($field))
|
||||
->tooltip(function () use ($field): ?string {
|
||||
if (! $this->currentUserCanManage()) {
|
||||
return 'You do not have permission to manage workspace settings.';
|
||||
return __('localization.workspace.no_manage_permission');
|
||||
}
|
||||
|
||||
if (! $this->canResetField($field)) {
|
||||
if ($this->isEntitlementOverrideValueField($field)) {
|
||||
return 'No workspace override to reset.';
|
||||
return __('localization.workspace.no_workspace_override');
|
||||
}
|
||||
|
||||
return 'No workspace override to reset.';
|
||||
return __('localization.workspace.no_workspace_override');
|
||||
}
|
||||
|
||||
return null;
|
||||
@ -793,6 +836,57 @@ private function reviewPackGenerationReasonHelperText(): string
|
||||
);
|
||||
}
|
||||
|
||||
private function aiPolicyModeHelperText(): string
|
||||
{
|
||||
$resolved = $this->resolvedSettings['ai_policy_mode'] ?? null;
|
||||
|
||||
if (! is_array($resolved)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$mode = AiPolicyMode::tryFrom((string) ($resolved['value'] ?? AiPolicyMode::Disabled->value))
|
||||
?? AiPolicyMode::Disabled;
|
||||
|
||||
$prefix = ! $this->hasWorkspaceOverride('ai_policy_mode')
|
||||
? sprintf('Effective posture: %s. Source: %s.', $mode->label(), $this->sourceLabel((string) ($resolved['source'] ?? 'system_default')))
|
||||
: sprintf('Effective posture: %s.', $mode->label());
|
||||
|
||||
return sprintf('%s %s', $prefix, $mode->summary());
|
||||
}
|
||||
|
||||
private function aiApprovedUseCasesText(): string
|
||||
{
|
||||
return implode('; ', app(AiUseCaseCatalog::class)->labels()).'.';
|
||||
}
|
||||
|
||||
private function aiAllowedProviderClassesText(): string
|
||||
{
|
||||
$labels = app(AiUseCaseCatalog::class)->allowedProviderClassLabelsForMode($this->effectiveAiPolicyMode());
|
||||
|
||||
if ($labels === []) {
|
||||
return 'No provider classes are allowed while AI is disabled.';
|
||||
}
|
||||
|
||||
return implode(', ', $labels).'.';
|
||||
}
|
||||
|
||||
private function aiBlockedDataClassificationsText(): string
|
||||
{
|
||||
return implode(', ', app(AiUseCaseCatalog::class)->blockedDataClassificationLabels()).'.';
|
||||
}
|
||||
|
||||
private function effectiveAiPolicyMode(): AiPolicyMode
|
||||
{
|
||||
$resolved = $this->resolvedSettings['ai_policy_mode'] ?? null;
|
||||
|
||||
if (! is_array($resolved)) {
|
||||
return AiPolicyMode::Disabled;
|
||||
}
|
||||
|
||||
return AiPolicyMode::tryFrom((string) ($resolved['value'] ?? AiPolicyMode::Disabled->value))
|
||||
?? AiPolicyMode::Disabled;
|
||||
}
|
||||
|
||||
private function entitlementReasonHelperText(string $valueField, string $key): string
|
||||
{
|
||||
$decision = $this->entitlementDecision($key);
|
||||
@ -872,6 +966,29 @@ private function helperTextFor(string $field): string
|
||||
return sprintf('Effective value: %s.', $effectiveValue);
|
||||
}
|
||||
|
||||
private function localeDefaultHelperText(): string
|
||||
{
|
||||
$resolved = $this->resolvedSettings['localization_default_locale'] ?? null;
|
||||
|
||||
if (! is_array($resolved)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$effectiveLocale = LocaleResolver::normalize($resolved['value'] ?? null) ?? 'en';
|
||||
$localeLabel = LocaleResolver::localeOptions()[$effectiveLocale] ?? strtoupper($effectiveLocale);
|
||||
|
||||
if (! $this->hasWorkspaceOverride('localization_default_locale')) {
|
||||
return __('localization.workspace.default_locale_helper_unset', [
|
||||
'locale' => $localeLabel,
|
||||
'source' => $this->sourceLabel((string) ($resolved['source'] ?? 'system_default')),
|
||||
]);
|
||||
}
|
||||
|
||||
return __('localization.workspace.default_locale_helper_set', [
|
||||
'locale' => $localeLabel,
|
||||
]);
|
||||
}
|
||||
|
||||
private function slaFieldHelperText(string $severity): string
|
||||
{
|
||||
$resolved = $this->resolvedSettings['findings_sla_days'] ?? null;
|
||||
@ -1277,9 +1394,9 @@ private function formatValueForDisplay(string $field, mixed $value): string
|
||||
private function sourceLabel(string $source): string
|
||||
{
|
||||
return match ($source) {
|
||||
'workspace_override' => 'workspace override',
|
||||
'workspace_override' => __('localization.source.workspace_override'),
|
||||
'tenant_override' => 'tenant override',
|
||||
default => 'system default',
|
||||
default => __('localization.source.system_default'),
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@ -42,6 +42,11 @@ class TenantDashboard extends Dashboard
|
||||
*/
|
||||
public array $supportDiagnosticsAuditKeys = [];
|
||||
|
||||
public function getTitle(): string
|
||||
{
|
||||
return __('localization.dashboard.tenant_title');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<mixed> $parameters
|
||||
*/
|
||||
@ -90,38 +95,38 @@ public function authorizeTenantSupportRequest(): void
|
||||
private function requestSupportAction(): Action
|
||||
{
|
||||
$action = Action::make('requestSupport')
|
||||
->label('Request support')
|
||||
->label(__('localization.dashboard.request_support'))
|
||||
->icon('heroicon-o-paper-airplane')
|
||||
->color('gray')
|
||||
->slideOver()
|
||||
->stickyModalHeader()
|
||||
->modalHeading('Request support')
|
||||
->modalDescription('Share a concise summary and TenantAtlas will attach redacted context from existing records.')
|
||||
->modalSubmitActionLabel('Submit request')
|
||||
->modalHeading(__('localization.dashboard.support_request_heading'))
|
||||
->modalDescription(__('localization.dashboard.support_request_description'))
|
||||
->modalSubmitActionLabel(__('localization.dashboard.submit_request'))
|
||||
->form([
|
||||
Placeholder::make('included_context')
|
||||
->label('Included context')
|
||||
->label(__('localization.dashboard.included_context'))
|
||||
->content(fn (): string => $this->tenantSupportRequestAttachmentSummary())
|
||||
->columnSpanFull(),
|
||||
Select::make('severity')
|
||||
->label('Severity')
|
||||
->label(__('localization.dashboard.severity'))
|
||||
->options(SupportRequest::severityOptions())
|
||||
->default(SupportRequest::SEVERITY_NORMAL)
|
||||
->required()
|
||||
->native(false),
|
||||
TextInput::make('summary')
|
||||
->label('Summary')
|
||||
->label(__('localization.dashboard.summary'))
|
||||
->required()
|
||||
->columnSpanFull(),
|
||||
Textarea::make('reproduction_notes')
|
||||
->label('Reproduction notes')
|
||||
->label(__('localization.dashboard.reproduction_notes'))
|
||||
->rows(4)
|
||||
->columnSpanFull(),
|
||||
TextInput::make('contact_name')
|
||||
->label('Contact name')
|
||||
->label(__('localization.dashboard.contact_name'))
|
||||
->default(fn (): ?string => $this->resolveDashboardActor()->name),
|
||||
TextInput::make('contact_email')
|
||||
->label('Contact email')
|
||||
->label(__('localization.dashboard.contact_email'))
|
||||
->email()
|
||||
->default(fn (): ?string => $this->resolveDashboardActor()->email),
|
||||
])
|
||||
@ -132,7 +137,7 @@ private function requestSupportAction(): Action
|
||||
$supportRequest = app(SupportRequestSubmissionService::class)->submitForTenant($tenant, $actor, $data);
|
||||
|
||||
Notification::make()
|
||||
->title('Support request submitted')
|
||||
->title(__('localization.dashboard.support_request_submitted'))
|
||||
->body('Reference '.$supportRequest->internal_reference)
|
||||
->success()
|
||||
->send();
|
||||
@ -146,16 +151,16 @@ private function requestSupportAction(): Action
|
||||
private function openSupportDiagnosticsAction(): Action
|
||||
{
|
||||
$action = Action::make('openSupportDiagnostics')
|
||||
->label('Open support diagnostics')
|
||||
->label(__('localization.dashboard.open_support_diagnostics'))
|
||||
->icon('heroicon-o-lifebuoy')
|
||||
->color('gray')
|
||||
->modal()
|
||||
->slideOver()
|
||||
->stickyModalHeader()
|
||||
->modalHeading('Support diagnostics')
|
||||
->modalDescription('Redacted tenant context from existing records.')
|
||||
->modalHeading(__('localization.dashboard.support_diagnostics'))
|
||||
->modalDescription(__('localization.dashboard.support_diagnostics_description'))
|
||||
->modalSubmitAction(false)
|
||||
->modalCancelAction(fn (Action $action): Action => $action->label('Close'))
|
||||
->modalCancelAction(fn (Action $action): Action => $action->label(__('localization.dashboard.close')))
|
||||
->mountUsing(function (): void {
|
||||
$this->auditTenantSupportDiagnosticsOpen();
|
||||
})
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
use App\Services\Onboarding\OnboardingDraftResolver;
|
||||
use App\Services\Onboarding\OnboardingDraftStageResolver;
|
||||
use App\Services\Onboarding\OnboardingLifecycleService;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\OperationRunService;
|
||||
use App\Services\Providers\ProviderConnectionMutationService;
|
||||
@ -4551,27 +4552,30 @@ private function completionSummaryEntitlementDecision(): array
|
||||
return [];
|
||||
}
|
||||
|
||||
return app(WorkspaceEntitlementResolver::class)->resolve(
|
||||
return app(WorkspaceCommercialLifecycleResolver::class)->actionDecision(
|
||||
$this->workspace,
|
||||
WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
WorkspaceCommercialLifecycleResolver::ACTION_MANAGED_TENANT_ACTIVATION,
|
||||
);
|
||||
}
|
||||
|
||||
private function completionSummaryEntitlementBlocked(): bool
|
||||
{
|
||||
return (bool) ($this->completionSummaryEntitlementDecision()['is_blocked'] ?? false);
|
||||
return ($this->completionSummaryEntitlementDecision()['outcome'] ?? null) === WorkspaceCommercialLifecycleResolver::OUTCOME_BLOCK;
|
||||
}
|
||||
|
||||
private function completionSummaryEntitlementSummary(): string
|
||||
{
|
||||
$decision = $this->completionSummaryEntitlementDecision();
|
||||
$currentUsage = (int) ($decision['current_usage'] ?? 0);
|
||||
$effectiveValue = (int) ($decision['effective_value'] ?? 0);
|
||||
$sourceLabel = $this->completionSummaryEntitlementSourceLabel($decision);
|
||||
$entitlementDecision = is_array($decision['entitlement_decision'] ?? null) ? $decision['entitlement_decision'] : [];
|
||||
$currentUsage = (int) ($entitlementDecision['current_usage'] ?? 0);
|
||||
$effectiveValue = (int) ($entitlementDecision['effective_value'] ?? 0);
|
||||
$sourceLabel = $this->completionSummaryEntitlementSourceLabel($entitlementDecision);
|
||||
$stateLabel = is_string($decision['state_label'] ?? null) ? $decision['state_label'] : 'Active paid';
|
||||
|
||||
return sprintf(
|
||||
'%s - %d active of %d allowed (%s)',
|
||||
'%s - %s - %d active of %d allowed (%s)',
|
||||
$this->completionSummaryEntitlementBlocked() ? 'Blocked' : 'Allowed',
|
||||
$stateLabel,
|
||||
$currentUsage,
|
||||
$effectiveValue,
|
||||
$sourceLabel,
|
||||
@ -4581,13 +4585,15 @@ private function completionSummaryEntitlementSummary(): string
|
||||
private function completionSummaryEntitlementDetail(): string
|
||||
{
|
||||
$decision = $this->completionSummaryEntitlementDecision();
|
||||
$currentUsage = (int) ($decision['current_usage'] ?? 0);
|
||||
$effectiveValue = (int) ($decision['effective_value'] ?? 0);
|
||||
$remainingCapacity = (int) ($decision['remaining_capacity'] ?? 0);
|
||||
$sourceLabel = $this->completionSummaryEntitlementSourceLabel($decision);
|
||||
$entitlementDecision = is_array($decision['entitlement_decision'] ?? null) ? $decision['entitlement_decision'] : [];
|
||||
$currentUsage = (int) ($entitlementDecision['current_usage'] ?? 0);
|
||||
$effectiveValue = (int) ($entitlementDecision['effective_value'] ?? 0);
|
||||
$remainingCapacity = (int) ($entitlementDecision['remaining_capacity'] ?? 0);
|
||||
$sourceLabel = $this->completionSummaryEntitlementSourceLabel($entitlementDecision);
|
||||
$rationale = is_string($decision['rationale'] ?? null) ? $decision['rationale'] : null;
|
||||
$message = sprintf(
|
||||
'Current usage is %d active managed tenant%s out of %d allowed. Source: %s.',
|
||||
'%s Current usage is %d active managed tenant%s out of %d allowed. Source: %s.',
|
||||
(string) ($decision['message'] ?? 'Managed-tenant activation is available for this workspace commercial state.'),
|
||||
$currentUsage,
|
||||
$currentUsage === 1 ? '' : 's',
|
||||
$effectiveValue,
|
||||
@ -4606,7 +4612,7 @@ private function completionSummaryEntitlementDetail(): string
|
||||
}
|
||||
}
|
||||
|
||||
if ($rationale !== null && $rationale !== '' && ($decision['source'] ?? null) === 'workspace_override') {
|
||||
if ($rationale !== null && $rationale !== '' && ($decision['source'] ?? null) === WorkspaceCommercialLifecycleResolver::SOURCE_WORKSPACE_SETTING) {
|
||||
$message .= ' Rationale: '.$rationale;
|
||||
}
|
||||
|
||||
@ -4982,7 +4988,7 @@ public function completeOnboarding(): void
|
||||
|
||||
if ($this->completionSummaryEntitlementBlocked()) {
|
||||
Notification::make()
|
||||
->title('Activation limit reached')
|
||||
->title('Activation unavailable')
|
||||
->body($this->completionSummaryEntitlementDetail())
|
||||
->warning()
|
||||
->send();
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
use App\Filament\Concerns\InteractsWithTenantOwnedRecords;
|
||||
use App\Filament\Concerns\ResolvesPanelTenantContext;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\EvidenceSnapshotResource\Pages;
|
||||
use App\Filament\Resources\ReviewPackResource;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
@ -267,6 +268,20 @@ public static function relatedContextEntries(EvidenceSnapshot $record): array
|
||||
)->toArray();
|
||||
}
|
||||
|
||||
if ($record->tenant instanceof Tenant) {
|
||||
$entries[] = RelatedContextEntry::available(
|
||||
key: 'customer_review_workspace',
|
||||
label: 'Customer workspace',
|
||||
value: $record->tenant->name,
|
||||
secondaryValue: 'Open the customer-safe review workspace prefiltered to this tenant.',
|
||||
targetUrl: CustomerReviewWorkspace::tenantPrefilterUrl($record->tenant),
|
||||
targetKind: 'canonical_page',
|
||||
priority: 30,
|
||||
actionLabel: 'Open customer workspace',
|
||||
contextBadge: 'Reporting',
|
||||
)->toArray();
|
||||
}
|
||||
|
||||
return $entries;
|
||||
}
|
||||
|
||||
|
||||
@ -75,8 +75,6 @@ class FindingResource extends Resource
|
||||
|
||||
protected static string|UnitEnum|null $navigationGroup = 'Governance';
|
||||
|
||||
protected static ?string $navigationLabel = 'Findings';
|
||||
|
||||
public static function shouldRegisterNavigation(): bool
|
||||
{
|
||||
if (Filament::getCurrentPanel()?->getId() === 'admin') {
|
||||
@ -86,6 +84,26 @@ public static function shouldRegisterNavigation(): bool
|
||||
return parent::shouldRegisterNavigation();
|
||||
}
|
||||
|
||||
public static function getNavigationLabel(): string
|
||||
{
|
||||
return __('localization.navigation.findings');
|
||||
}
|
||||
|
||||
public static function getNavigationGroup(): string
|
||||
{
|
||||
return __('localization.navigation.governance');
|
||||
}
|
||||
|
||||
public static function getModelLabel(): string
|
||||
{
|
||||
return __('localization.navigation.findings');
|
||||
}
|
||||
|
||||
public static function getPluralModelLabel(): string
|
||||
{
|
||||
return __('localization.navigation.findings');
|
||||
}
|
||||
|
||||
public static function canViewAny(): bool
|
||||
{
|
||||
$tenant = static::resolveTenantContextForCurrentPanel();
|
||||
|
||||
@ -77,15 +77,15 @@ public function getTabs(): array
|
||||
$stats = FindingResource::findingStatsForCurrentTenant();
|
||||
|
||||
return [
|
||||
'all' => Tab::make('All')
|
||||
'all' => Tab::make(__('localization.findings.all'))
|
||||
->icon('heroicon-m-list-bullet'),
|
||||
'needs_action' => Tab::make('Needs action')
|
||||
'needs_action' => Tab::make(__('localization.findings.needs_action'))
|
||||
->icon('heroicon-m-exclamation-triangle')
|
||||
->modifyQueryUsing(fn (Builder $query): Builder => $query
|
||||
->whereIn('status', Finding::openStatusesForQuery()))
|
||||
->badge($stats['open'] > 0 ? $stats['open'] : null)
|
||||
->badgeColor('warning'),
|
||||
'overdue' => Tab::make('Overdue')
|
||||
'overdue' => Tab::make(__('localization.findings.overdue'))
|
||||
->icon('heroicon-m-clock')
|
||||
->modifyQueryUsing(fn (Builder $query): Builder => $query
|
||||
->whereIn('status', Finding::openStatusesForQuery())
|
||||
@ -93,11 +93,11 @@ public function getTabs(): array
|
||||
->where('due_at', '<', now()))
|
||||
->badge($stats['overdue'] > 0 ? $stats['overdue'] : null)
|
||||
->badgeColor('danger'),
|
||||
'risk_accepted' => Tab::make('Risk accepted')
|
||||
'risk_accepted' => Tab::make(__('localization.findings.risk_accepted'))
|
||||
->icon('heroicon-m-shield-check')
|
||||
->modifyQueryUsing(fn (Builder $query): Builder => $query
|
||||
->where('status', Finding::STATUS_RISK_ACCEPTED)),
|
||||
'resolved' => Tab::make('Resolved')
|
||||
'resolved' => Tab::make(__('localization.findings.resolved'))
|
||||
->icon('heroicon-m-archive-box')
|
||||
->modifyQueryUsing(fn (Builder $query): Builder => $query
|
||||
->whereIn('status', [Finding::STATUS_RESOLVED, Finding::STATUS_CLOSED])),
|
||||
|
||||
@ -44,7 +44,7 @@ protected function getHeaderActions(): array
|
||||
->primaryListAction(CrossResourceNavigationMatrix::SOURCE_FINDING, $this->getRecord())?->isAvailable() ?? false))
|
||||
->color('gray'),
|
||||
Actions\Action::make('open_approval_queue')
|
||||
->label('Open approval queue')
|
||||
->label(__('localization.findings.open_approval_queue'))
|
||||
->icon('heroicon-o-arrow-top-right-on-square')
|
||||
->color('gray')
|
||||
->visible(function (): bool {
|
||||
@ -61,7 +61,7 @@ protected function getHeaderActions(): array
|
||||
: null;
|
||||
}),
|
||||
Actions\ActionGroup::make(FindingResource::workflowActions())
|
||||
->label('Actions')
|
||||
->label(__('localization.findings.actions'))
|
||||
->icon('heroicon-o-ellipsis-vertical')
|
||||
->color('gray'),
|
||||
]);
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
use App\Filament\Concerns\ResolvesPanelTenantContext;
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Exceptions\ReviewPackEvidenceResolutionException;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\EvidenceSnapshotResource as TenantEvidenceSnapshotResource;
|
||||
use App\Filament\Resources\ReviewPackResource\Pages;
|
||||
use App\Models\ReviewPack;
|
||||
@ -195,6 +196,13 @@ public static function infolist(Schema $schema): Schema
|
||||
? TenantReviewResource::tenantScopedUrl('view', ['record' => $record->tenantReview], $record->tenant)
|
||||
: null)
|
||||
->placeholder('—'),
|
||||
TextEntry::make('customer_workspace')
|
||||
->label('Customer workspace')
|
||||
->state(fn (): string => 'Open workspace')
|
||||
->url(fn (ReviewPack $record): ?string => $record->tenant instanceof Tenant
|
||||
? CustomerReviewWorkspace::tenantPrefilterUrl($record->tenant)
|
||||
: null)
|
||||
->placeholder('—'),
|
||||
TextEntry::make('summary.review_status')
|
||||
->label('Review status')
|
||||
->badge()
|
||||
@ -567,6 +575,19 @@ public static function reviewPackGenerationBlockReason(?Tenant $tenant = null):
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationWarningReason(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$decision = static::reviewPackGenerationDecision($tenant);
|
||||
|
||||
if (! (bool) ($decision['is_warning'] ?? false)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$reason = $decision['warning_reason'] ?? null;
|
||||
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationActionTooltip(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$tenant ??= static::currentTenantContext();
|
||||
@ -576,6 +597,7 @@ public static function reviewPackGenerationActionTooltip(?Tenant $tenant = null)
|
||||
return AuthUiTooltips::insufficientPermission();
|
||||
}
|
||||
|
||||
return static::reviewPackGenerationBlockReason($tenant);
|
||||
return static::reviewPackGenerationBlockReason($tenant)
|
||||
?? static::reviewPackGenerationWarningReason($tenant);
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
use App\Filament\Concerns\InteractsWithTenantOwnedRecords;
|
||||
use App\Filament\Concerns\ResolvesPanelTenantContext;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\TenantReviewResource\Pages;
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
@ -84,6 +85,26 @@ public static function shouldRegisterNavigation(): bool
|
||||
return Filament::getCurrentPanel()?->getId() === 'tenant';
|
||||
}
|
||||
|
||||
public static function getNavigationGroup(): string
|
||||
{
|
||||
return __('localization.review.reporting');
|
||||
}
|
||||
|
||||
public static function getNavigationLabel(): string
|
||||
{
|
||||
return __('localization.review.reviews');
|
||||
}
|
||||
|
||||
public static function getModelLabel(): string
|
||||
{
|
||||
return __('localization.review.review');
|
||||
}
|
||||
|
||||
public static function getPluralModelLabel(): string
|
||||
{
|
||||
return __('localization.review.reviews');
|
||||
}
|
||||
|
||||
public static function canViewAny(): bool
|
||||
{
|
||||
$tenant = static::resolveTenantContextForCurrentPanel();
|
||||
@ -152,7 +173,7 @@ public static function form(Schema $schema): Schema
|
||||
public static function infolist(Schema $schema): Schema
|
||||
{
|
||||
return $schema->schema([
|
||||
Section::make('Outcome summary')
|
||||
Section::make(__('localization.review.outcome_summary'))
|
||||
->schema([
|
||||
ViewEntry::make('artifact_truth')
|
||||
->hiddenLabel()
|
||||
@ -161,7 +182,7 @@ public static function infolist(Schema $schema): Schema
|
||||
->columnSpanFull(),
|
||||
])
|
||||
->columnSpanFull(),
|
||||
Section::make('Review')
|
||||
Section::make(__('localization.review.review'))
|
||||
->schema([
|
||||
TextEntry::make('status')
|
||||
->badge()
|
||||
@ -170,23 +191,23 @@ public static function infolist(Schema $schema): Schema
|
||||
->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewStatus))
|
||||
->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewStatus)),
|
||||
TextEntry::make('completeness_state')
|
||||
->label('Completeness')
|
||||
->label(__('localization.review.completeness'))
|
||||
->badge()
|
||||
->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewCompleteness))
|
||||
->color(BadgeRenderer::color(BadgeDomain::TenantReviewCompleteness))
|
||||
->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewCompleteness))
|
||||
->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewCompleteness)),
|
||||
TextEntry::make('tenant.name')->label('Tenant'),
|
||||
TextEntry::make('tenant.name')->label(__('localization.review.tenant')),
|
||||
TextEntry::make('generated_at')->dateTime()->placeholder('—'),
|
||||
TextEntry::make('published_at')->dateTime()->placeholder('—'),
|
||||
TextEntry::make('evidenceSnapshot.id')
|
||||
->label('Evidence snapshot')
|
||||
->label(__('localization.review.evidence_snapshot'))
|
||||
->formatStateUsing(fn (?int $state): string => $state ? '#'.$state : '—')
|
||||
->url(fn (TenantReview $record): ?string => $record->evidenceSnapshot
|
||||
? EvidenceSnapshotResource::getUrl('view', ['record' => $record->evidenceSnapshot], tenant: $record->tenant)
|
||||
: null),
|
||||
TextEntry::make('currentExportReviewPack.id')
|
||||
->label('Current export')
|
||||
->label(__('localization.review.current_export'))
|
||||
->formatStateUsing(fn (?int $state): string => $state ? '#'.$state : '—')
|
||||
->url(fn (TenantReview $record): ?string => $record->currentExportReviewPack
|
||||
? ReviewPackResource::getUrl('view', ['record' => $record->currentExportReviewPack], tenant: $record->tenant)
|
||||
@ -200,7 +221,7 @@ public static function infolist(Schema $schema): Schema
|
||||
])
|
||||
->columns(2)
|
||||
->columnSpanFull(),
|
||||
Section::make('Executive posture')
|
||||
Section::make(__('localization.review.executive_posture'))
|
||||
->schema([
|
||||
ViewEntry::make('review_summary')
|
||||
->hiddenLabel()
|
||||
@ -209,21 +230,21 @@ public static function infolist(Schema $schema): Schema
|
||||
->columnSpanFull(),
|
||||
])
|
||||
->columnSpanFull(),
|
||||
Section::make('Sections')
|
||||
Section::make(__('localization.review.sections'))
|
||||
->schema([
|
||||
RepeatableEntry::make('sections')
|
||||
->hiddenLabel()
|
||||
->schema([
|
||||
TextEntry::make('title'),
|
||||
TextEntry::make('completeness_state')
|
||||
->label('Completeness')
|
||||
->label(__('localization.review.completeness'))
|
||||
->badge()
|
||||
->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewCompleteness))
|
||||
->color(BadgeRenderer::color(BadgeDomain::TenantReviewCompleteness))
|
||||
->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewCompleteness))
|
||||
->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewCompleteness)),
|
||||
TextEntry::make('measured_at')->dateTime()->placeholder('—'),
|
||||
Section::make('Details')
|
||||
Section::make(__('localization.review.details'))
|
||||
->schema([
|
||||
ViewEntry::make('section_payload')
|
||||
->hiddenLabel()
|
||||
@ -245,7 +266,7 @@ public static function table(Table $table): Table
|
||||
{
|
||||
$exportExecutivePackAction = UiEnforcement::forTableAction(
|
||||
Actions\Action::make('export_executive_pack')
|
||||
->label('Export executive pack')
|
||||
->label(__('localization.review.export_executive_pack'))
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->visible(fn (TenantReview $record): bool => in_array($record->status, [
|
||||
TenantReviewStatus::Ready->value,
|
||||
@ -277,7 +298,7 @@ public static function table(Table $table): Table
|
||||
->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewStatus))
|
||||
->sortable(),
|
||||
Tables\Columns\TextColumn::make('outcome')
|
||||
->label('Outcome')
|
||||
->label(__('localization.review.outcome'))
|
||||
->badge()
|
||||
->getStateUsing(fn (TenantReview $record): string => static::compressedOutcome($record)->primaryLabel)
|
||||
->color(fn (TenantReview $record): string => static::compressedOutcome($record)->primaryBadge->color)
|
||||
@ -288,10 +309,10 @@ public static function table(Table $table): Table
|
||||
Tables\Columns\TextColumn::make('generated_at')->dateTime()->placeholder('—')->sortable(),
|
||||
Tables\Columns\TextColumn::make('published_at')->dateTime()->placeholder('—')->sortable(),
|
||||
Tables\Columns\IconColumn::make('summary.has_ready_export')
|
||||
->label('Export')
|
||||
->label(__('localization.review.export'))
|
||||
->boolean(),
|
||||
Tables\Columns\TextColumn::make('next_step')
|
||||
->label('Next step')
|
||||
->label(__('localization.review.next_step'))
|
||||
->getStateUsing(fn (TenantReview $record): string => static::compressedOutcome($record)->nextActionText)
|
||||
->wrap(),
|
||||
Tables\Columns\TextColumn::make('fingerprint')
|
||||
@ -305,18 +326,18 @@ public static function table(Table $table): Table
|
||||
->all()),
|
||||
Tables\Filters\SelectFilter::make('completeness_state')
|
||||
->options(BadgeCatalog::options(BadgeDomain::TenantReviewCompleteness, TenantReviewCompletenessState::values())),
|
||||
\App\Support\Filament\FilterPresets::dateRange('review_date', 'Review date', 'generated_at'),
|
||||
\App\Support\Filament\FilterPresets::dateRange('review_date', __('localization.review.review_date'), 'generated_at'),
|
||||
])
|
||||
->actions([
|
||||
$exportExecutivePackAction,
|
||||
])
|
||||
->bulkActions([])
|
||||
->emptyStateHeading('No tenant reviews yet')
|
||||
->emptyStateDescription('Create the first review from an anchored evidence snapshot to start the recurring review history for this tenant.')
|
||||
->emptyStateHeading(__('localization.review.no_tenant_reviews_yet'))
|
||||
->emptyStateDescription(__('localization.review.create_first_review_description'))
|
||||
->emptyStateActions([
|
||||
static::makeCreateReviewAction(
|
||||
name: 'create_first_review',
|
||||
label: 'Create first review',
|
||||
label: __('localization.review.create_first_review'),
|
||||
icon: 'heroicon-o-plus',
|
||||
),
|
||||
]);
|
||||
@ -335,19 +356,23 @@ public static function makeCreateReviewAction(
|
||||
string $label = 'Create review',
|
||||
string $icon = 'heroicon-o-plus',
|
||||
): Actions\Action {
|
||||
$label = $label === 'Create review'
|
||||
? __('localization.review.create_review')
|
||||
: $label;
|
||||
|
||||
return UiEnforcement::forAction(
|
||||
Actions\Action::make($name)
|
||||
->label($label)
|
||||
->icon($icon)
|
||||
->form([
|
||||
Section::make('Evidence basis')
|
||||
Section::make(__('localization.review.evidence_basis'))
|
||||
->schema([
|
||||
Select::make('evidence_snapshot_id')
|
||||
->label('Evidence snapshot')
|
||||
->label(__('localization.review.evidence_snapshot'))
|
||||
->required()
|
||||
->options(fn (): array => static::evidenceSnapshotOptions())
|
||||
->searchable()
|
||||
->helperText('Choose the anchored evidence snapshot for this review.'),
|
||||
->helperText(__('localization.review.evidence_basis_helper')),
|
||||
]),
|
||||
])
|
||||
->action(fn (array $data): mixed => static::executeCreateReview($data)),
|
||||
@ -365,7 +390,7 @@ public static function executeCreateReview(array $data): void
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
||||
Notification::make()->danger()->title('Unable to create review — missing context.')->send();
|
||||
Notification::make()->danger()->title(__('localization.review.unable_create_missing_context'))->send();
|
||||
|
||||
return;
|
||||
}
|
||||
@ -387,7 +412,7 @@ public static function executeCreateReview(array $data): void
|
||||
: null;
|
||||
|
||||
if (! $snapshot instanceof EvidenceSnapshot) {
|
||||
Notification::make()->danger()->title('Select a valid evidence snapshot.')->send();
|
||||
Notification::make()->danger()->title(__('localization.review.select_valid_evidence_snapshot'))->send();
|
||||
|
||||
return;
|
||||
}
|
||||
@ -395,7 +420,7 @@ public static function executeCreateReview(array $data): void
|
||||
try {
|
||||
$review = app(TenantReviewService::class)->create($tenant, $snapshot, $user);
|
||||
} catch (\Throwable $throwable) {
|
||||
Notification::make()->danger()->title('Unable to create review')->body($throwable->getMessage())->send();
|
||||
Notification::make()->danger()->title(__('localization.review.unable_create_review'))->body($throwable->getMessage())->send();
|
||||
|
||||
return;
|
||||
}
|
||||
@ -405,11 +430,11 @@ public static function executeCreateReview(array $data): void
|
||||
if (! $review->wasRecentlyCreated) {
|
||||
Notification::make()
|
||||
->success()
|
||||
->title('Review already available')
|
||||
->body('A matching mutable review already exists for this evidence basis.')
|
||||
->title(__('localization.review.review_already_available'))
|
||||
->body(__('localization.review.review_already_available_body'))
|
||||
->actions([
|
||||
Actions\Action::make('view_review')
|
||||
->label('View review')
|
||||
->label(__('localization.review.view_review'))
|
||||
->url(static::tenantScopedUrl('view', ['record' => $review], $tenant)),
|
||||
])
|
||||
->send();
|
||||
@ -418,12 +443,12 @@ public static function executeCreateReview(array $data): void
|
||||
}
|
||||
|
||||
$toast = OperationUxPresenter::queuedToast(OperationRunType::TenantReviewCompose->value)
|
||||
->body('The review is being composed in the background.');
|
||||
->body(__('localization.review.review_composing_background'));
|
||||
|
||||
if ($review->operation_run_id) {
|
||||
$toast->actions([
|
||||
Actions\Action::make('view_run')
|
||||
->label('Open operation')
|
||||
->label(__('localization.review.open_operation'))
|
||||
->url(OperationRunLinks::tenantlessView((int) $review->operation_run_id)),
|
||||
]);
|
||||
}
|
||||
@ -463,6 +488,19 @@ public static function reviewPackGenerationBlockReason(?Tenant $tenant = null):
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationWarningReason(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$decision = static::reviewPackGenerationDecision($tenant);
|
||||
|
||||
if (! (bool) ($decision['is_warning'] ?? false)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$reason = $decision['warning_reason'] ?? null;
|
||||
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationActionTooltip(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$tenant ??= static::panelTenantContext();
|
||||
@ -472,7 +510,8 @@ public static function reviewPackGenerationActionTooltip(?Tenant $tenant = null)
|
||||
return AuthUiTooltips::insufficientPermission();
|
||||
}
|
||||
|
||||
return static::reviewPackGenerationBlockReason($tenant);
|
||||
return static::reviewPackGenerationBlockReason($tenant)
|
||||
?? static::reviewPackGenerationWarningReason($tenant);
|
||||
}
|
||||
|
||||
public static function executeExport(TenantReview $review): void
|
||||
@ -481,7 +520,7 @@ public static function executeExport(TenantReview $review): void
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $user instanceof User || ! $review->tenant instanceof Tenant) {
|
||||
Notification::make()->danger()->title('Unable to export review — missing context.')->send();
|
||||
Notification::make()->danger()->title(__('localization.review.unable_export_missing_context'))->send();
|
||||
|
||||
return;
|
||||
}
|
||||
@ -498,7 +537,7 @@ public static function executeExport(TenantReview $review): void
|
||||
|
||||
if ($service->checkActiveRunForReview($review)) {
|
||||
OperationUxPresenter::alreadyQueuedToast(OperationRunType::ReviewPackGenerate->value)
|
||||
->body('An executive pack export is already queued or running for this review.')
|
||||
->body(__('localization.review.export_already_queued_body'))
|
||||
->send();
|
||||
|
||||
return;
|
||||
@ -510,11 +549,11 @@ public static function executeExport(TenantReview $review): void
|
||||
'include_operations' => true,
|
||||
]);
|
||||
} catch (WorkspaceEntitlementBlockedException $exception) {
|
||||
Notification::make()->warning()->title('Executive pack export unavailable')->body($exception->getMessage())->send();
|
||||
Notification::make()->warning()->title(__('localization.review.executive_pack_export_unavailable'))->body($exception->getMessage())->send();
|
||||
|
||||
return;
|
||||
} catch (\Throwable $throwable) {
|
||||
Notification::make()->danger()->title('Unable to export executive pack')->body($throwable->getMessage())->send();
|
||||
Notification::make()->danger()->title(__('localization.review.unable_export_executive_pack'))->body($throwable->getMessage())->send();
|
||||
|
||||
return;
|
||||
}
|
||||
@ -525,11 +564,11 @@ public static function executeExport(TenantReview $review): void
|
||||
if (! $pack->wasRecentlyCreated) {
|
||||
Notification::make()
|
||||
->success()
|
||||
->title('Executive pack already available')
|
||||
->body('A matching executive pack already exists for this review.')
|
||||
->title(__('localization.review.executive_pack_already_available'))
|
||||
->body(__('localization.review.executive_pack_already_available_body'))
|
||||
->actions([
|
||||
Actions\Action::make('view_pack')
|
||||
->label('View pack')
|
||||
->label(__('localization.review.view_pack'))
|
||||
->url(ReviewPackResource::getUrl('view', ['record' => $pack], tenant: $review->tenant)),
|
||||
])
|
||||
->send();
|
||||
@ -538,7 +577,7 @@ public static function executeExport(TenantReview $review): void
|
||||
}
|
||||
|
||||
OperationUxPresenter::queuedToast(OperationRunType::ReviewPackGenerate->value)
|
||||
->body('The executive pack is being generated in the background.')
|
||||
->body(__('localization.review.executive_pack_generating_background'))
|
||||
->send();
|
||||
}
|
||||
|
||||
@ -578,7 +617,7 @@ private static function evidenceSnapshotOptions(): array
|
||||
'#%d · %s · %s',
|
||||
(int) $snapshot->getKey(),
|
||||
BadgeCatalog::spec(BadgeDomain::EvidenceCompleteness, $snapshot->completeness_state)->label,
|
||||
$snapshot->generated_at?->format('Y-m-d H:i') ?? 'Pending'
|
||||
$snapshot->generated_at?->format('Y-m-d H:i') ?? __('localization.review.pending')
|
||||
),
|
||||
])
|
||||
->all();
|
||||
@ -602,7 +641,7 @@ private static function summaryPresentation(TenantReview $record): array
|
||||
$findingOutcomes = is_array($summary['finding_outcomes'] ?? null) ? $summary['finding_outcomes'] : [];
|
||||
|
||||
if ($findingOutcomeSummary !== null) {
|
||||
$highlights[] = 'Terminal outcomes: '.$findingOutcomeSummary.'.';
|
||||
$highlights[] = __('localization.review.terminal_outcomes').': '.$findingOutcomeSummary.'.';
|
||||
}
|
||||
|
||||
return [
|
||||
@ -614,12 +653,12 @@ private static function summaryPresentation(TenantReview $record): array
|
||||
'publish_blockers' => is_array($summary['publish_blockers'] ?? null) ? $summary['publish_blockers'] : [],
|
||||
'context_links' => static::summaryContextLinks($record),
|
||||
'metrics' => [
|
||||
['label' => 'Findings', 'value' => (string) ($summary['finding_count'] ?? 0)],
|
||||
['label' => 'Reports', 'value' => (string) ($summary['report_count'] ?? 0)],
|
||||
['label' => 'Operations', 'value' => (string) ($summary['operation_count'] ?? 0)],
|
||||
['label' => 'Sections', 'value' => (string) ($summary['section_count'] ?? 0)],
|
||||
['label' => 'Pending verification', 'value' => (string) ($findingOutcomes[FindingOutcomeSemantics::OUTCOME_RESOLVED_PENDING_VERIFICATION] ?? 0)],
|
||||
['label' => 'Verified cleared', 'value' => (string) ($findingOutcomes[FindingOutcomeSemantics::OUTCOME_VERIFIED_CLEARED] ?? 0)],
|
||||
['label' => __('localization.review.findings'), 'value' => (string) ($summary['finding_count'] ?? 0)],
|
||||
['label' => __('localization.review.reports'), 'value' => (string) ($summary['report_count'] ?? 0)],
|
||||
['label' => __('localization.review.operations'), 'value' => (string) ($summary['operation_count'] ?? 0)],
|
||||
['label' => __('localization.review.sections'), 'value' => (string) ($summary['section_count'] ?? 0)],
|
||||
['label' => __('localization.review.pending_verification'), 'value' => (string) ($findingOutcomes[FindingOutcomeSemantics::OUTCOME_RESOLVED_PENDING_VERIFICATION] ?? 0)],
|
||||
['label' => __('localization.review.verified_cleared'), 'value' => (string) ($findingOutcomes[FindingOutcomeSemantics::OUTCOME_VERIFIED_CLEARED] ?? 0)],
|
||||
],
|
||||
];
|
||||
}
|
||||
@ -633,28 +672,37 @@ private static function summaryContextLinks(TenantReview $record): array
|
||||
|
||||
if (is_numeric($record->operation_run_id)) {
|
||||
$links[] = [
|
||||
'title' => 'Operation',
|
||||
'label' => 'Open operation',
|
||||
'title' => __('localization.review.operation'),
|
||||
'label' => __('localization.review.open_operation'),
|
||||
'url' => OperationRunLinks::tenantlessView((int) $record->operation_run_id),
|
||||
'description' => 'Inspect the latest review composition or refresh run.',
|
||||
'description' => __('localization.review.operation_description'),
|
||||
];
|
||||
}
|
||||
|
||||
if ($record->currentExportReviewPack && $record->tenant) {
|
||||
$links[] = [
|
||||
'title' => 'Executive pack',
|
||||
'label' => 'View executive pack',
|
||||
'title' => __('localization.review.executive_pack'),
|
||||
'label' => __('localization.review.view_executive_pack'),
|
||||
'url' => ReviewPackResource::getUrl('view', ['record' => $record->currentExportReviewPack], tenant: $record->tenant),
|
||||
'description' => 'Open the current export that belongs to this review.',
|
||||
'description' => __('localization.review.executive_pack_description'),
|
||||
];
|
||||
}
|
||||
|
||||
if ($record->tenant) {
|
||||
$links[] = [
|
||||
'title' => __('localization.review.customer_workspace'),
|
||||
'label' => __('localization.review.open_customer_workspace'),
|
||||
'url' => CustomerReviewWorkspace::tenantPrefilterUrl($record->tenant),
|
||||
'description' => __('localization.review.customer_workspace_description'),
|
||||
];
|
||||
}
|
||||
|
||||
if ($record->evidenceSnapshot && $record->tenant) {
|
||||
$links[] = [
|
||||
'title' => 'Evidence snapshot',
|
||||
'label' => 'View evidence snapshot',
|
||||
'title' => __('localization.review.evidence_snapshot'),
|
||||
'label' => __('localization.review.view_evidence_snapshot'),
|
||||
'url' => EvidenceSnapshotResource::getUrl('view', ['record' => $record->evidenceSnapshot], tenant: $record->tenant),
|
||||
'description' => 'Return to the evidence basis behind this review.',
|
||||
'description' => __('localization.review.evidence_snapshot_description'),
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -4,12 +4,15 @@
|
||||
|
||||
namespace App\Filament\Resources\TenantReviewResource\Pages;
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\TenantReviews\TenantReviewLifecycleService;
|
||||
use App\Services\TenantReviews\TenantReviewService;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Rbac\UiEnforcement;
|
||||
use App\Support\TenantReviewStatus;
|
||||
@ -24,6 +27,13 @@ class ViewTenantReview extends ViewRecord
|
||||
{
|
||||
protected static string $resource = TenantReviewResource::class;
|
||||
|
||||
public function mount(int|string $record): void
|
||||
{
|
||||
parent::mount($record);
|
||||
|
||||
$this->auditCustomerWorkspaceOpen();
|
||||
}
|
||||
|
||||
protected function resolveRecord(int|string $key): Model
|
||||
{
|
||||
return TenantReviewResource::resolveScopedRecordOrFail($key);
|
||||
@ -69,7 +79,7 @@ protected function getHeaderActions(): array
|
||||
->label('Danger')
|
||||
->icon('heroicon-o-archive-box')
|
||||
->color('danger')
|
||||
->visible(fn (): bool => ! $this->record->statusEnum()->isTerminal()),
|
||||
->visible(fn (): bool => ! $this->isCustomerWorkspaceView() && ! $this->record->statusEnum()->isTerminal()),
|
||||
]));
|
||||
}
|
||||
|
||||
@ -85,6 +95,10 @@ private function primaryLifecycleAction(): ?Actions\Action
|
||||
|
||||
private function primaryLifecycleActionName(): ?string
|
||||
{
|
||||
if ($this->isCustomerWorkspaceView()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ((string) $this->record->status === TenantReviewStatus::Published->value) {
|
||||
return 'export_executive_pack';
|
||||
}
|
||||
@ -122,6 +136,10 @@ private function secondaryLifecycleActions(): array
|
||||
*/
|
||||
private function secondaryLifecycleActionNames(): array
|
||||
{
|
||||
if ($this->isCustomerWorkspaceView()) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$names = [];
|
||||
|
||||
if ($this->record->isMutable()) {
|
||||
@ -178,7 +196,6 @@ private function refreshReviewAction(): Actions\Action
|
||||
}),
|
||||
)
|
||||
->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
|
||||
->preserveVisibility()
|
||||
->apply();
|
||||
}
|
||||
|
||||
@ -325,4 +342,39 @@ private function archiveReviewAction(): Actions\Action
|
||||
->preserveVisibility()
|
||||
->apply();
|
||||
}
|
||||
|
||||
private function isCustomerWorkspaceView(): bool
|
||||
{
|
||||
return request()->boolean(CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY);
|
||||
}
|
||||
|
||||
private function auditCustomerWorkspaceOpen(): void
|
||||
{
|
||||
if (! $this->isCustomerWorkspaceView()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$tenant = $this->record->tenant;
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
return;
|
||||
}
|
||||
|
||||
app(WorkspaceAuditLogger::class)->log(
|
||||
workspace: $tenant->workspace,
|
||||
action: AuditActionId::TenantReviewOpened,
|
||||
context: [
|
||||
'metadata' => [
|
||||
'review_id' => (int) $this->record->getKey(),
|
||||
'source_surface' => 'customer_review_workspace',
|
||||
],
|
||||
],
|
||||
actor: $user,
|
||||
resourceType: 'tenant_review',
|
||||
resourceId: (string) $this->record->getKey(),
|
||||
targetLabel: sprintf('Tenant review #%d', (int) $this->record->getKey()),
|
||||
tenant: $tenant,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -28,6 +28,11 @@ class Dashboard extends BaseDashboard
|
||||
{
|
||||
public string $window = SystemConsoleWindow::LastDay;
|
||||
|
||||
public function getTitle(): string
|
||||
{
|
||||
return __('localization.dashboard.system_title');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<mixed> $parameters
|
||||
*/
|
||||
@ -109,12 +114,12 @@ protected function getHeaderActions(): array
|
||||
|
||||
return [
|
||||
Action::make('set_window')
|
||||
->label('Time window')
|
||||
->label(__('localization.dashboard.time_window'))
|
||||
->icon('heroicon-o-clock')
|
||||
->color('gray')
|
||||
->form([
|
||||
Select::make('window')
|
||||
->label('Window')
|
||||
->label(__('localization.dashboard.window'))
|
||||
->options(SystemConsoleWindow::options())
|
||||
->default($this->window)
|
||||
->required(),
|
||||
@ -130,7 +135,7 @@ protected function getHeaderActions(): array
|
||||
}),
|
||||
|
||||
Action::make('enter_break_glass')
|
||||
->label('Enter break-glass mode')
|
||||
->label(__('localization.dashboard.enter_break_glass'))
|
||||
->color('danger')
|
||||
->visible(fn (): bool => $canUseBreakGlass && ! $breakGlass->isActive())
|
||||
->requiresConfirmation()
|
||||
@ -158,13 +163,13 @@ protected function getHeaderActions(): array
|
||||
$breakGlass->start($user, (string) ($data['reason'] ?? ''));
|
||||
|
||||
Notification::make()
|
||||
->title('Recovery mode enabled')
|
||||
->title(__('localization.dashboard.recovery_mode_enabled'))
|
||||
->success()
|
||||
->send();
|
||||
}),
|
||||
|
||||
Action::make('exit_break_glass')
|
||||
->label('Exit break-glass')
|
||||
->label(__('localization.dashboard.exit_break_glass'))
|
||||
->color('gray')
|
||||
->visible(fn (): bool => $canUseBreakGlass && $breakGlass->isActive())
|
||||
->requiresConfirmation()
|
||||
@ -180,7 +185,7 @@ protected function getHeaderActions(): array
|
||||
$breakGlass->exit($user);
|
||||
|
||||
Notification::make()
|
||||
->title('Recovery mode ended')
|
||||
->title(__('localization.dashboard.recovery_mode_ended'))
|
||||
->success()
|
||||
->send();
|
||||
}),
|
||||
|
||||
@ -9,13 +9,19 @@
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\CustomerHealth\WorkspaceHealthSummaryQuery;
|
||||
use App\Support\OperationCatalog;
|
||||
use App\Support\System\SystemDirectoryLinks;
|
||||
use App\Support\System\SystemOperationRunLinks;
|
||||
use App\Support\SystemConsole\SystemConsoleWindow;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Forms\Components\Select;
|
||||
use Filament\Forms\Components\Textarea;
|
||||
use Filament\Notifications\Notification;
|
||||
use Filament\Pages\Page;
|
||||
use Illuminate\Support\Collection;
|
||||
|
||||
@ -94,6 +100,77 @@ public function workspaceEntitlementSummary(): array
|
||||
return app(WorkspaceEntitlementResolver::class)->summary($this->workspace);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function workspaceCommercialLifecycleSummary(): array
|
||||
{
|
||||
return app(WorkspaceCommercialLifecycleResolver::class)->summary($this->workspace);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<Action>
|
||||
*/
|
||||
protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
Action::make('change_commercial_state')
|
||||
->label('Change commercial state')
|
||||
->icon('heroicon-o-adjustments-horizontal')
|
||||
->color('warning')
|
||||
->visible(fn (): bool => $this->canManageCommercialLifecycle())
|
||||
->requiresConfirmation()
|
||||
->modalHeading('Change commercial state')
|
||||
->modalDescription('This changes the workspace commercial lifecycle overlay. The rationale is audited and affects onboarding activation and review-pack starts.')
|
||||
->form([
|
||||
Select::make('state')
|
||||
->label('Commercial state')
|
||||
->options(WorkspaceCommercialLifecycleResolver::stateLabels())
|
||||
->required()
|
||||
->default(fn (): string => (string) ($this->workspaceCommercialLifecycleSummary()['state'] ?? WorkspaceCommercialLifecycleResolver::STATE_ACTIVE_PAID)),
|
||||
Textarea::make('reason')
|
||||
->label('Rationale')
|
||||
->required()
|
||||
->minLength(5)
|
||||
->maxLength(500)
|
||||
->rows(4),
|
||||
])
|
||||
->action(function (array $data, SettingsWriter $settingsWriter): void {
|
||||
$actor = auth('platform')->user();
|
||||
|
||||
if (! $actor instanceof PlatformUser) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
if (! $actor->hasCapability(PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE)) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
$settingsWriter->updateWorkspaceCommercialLifecycle(
|
||||
actor: $actor,
|
||||
workspace: $this->workspace,
|
||||
state: (string) ($data['state'] ?? ''),
|
||||
reason: (string) ($data['reason'] ?? ''),
|
||||
);
|
||||
|
||||
$this->workspace->refresh();
|
||||
|
||||
Notification::make()
|
||||
->title('Commercial state updated')
|
||||
->success()
|
||||
->send();
|
||||
}),
|
||||
];
|
||||
}
|
||||
|
||||
private function canManageCommercialLifecycle(): bool
|
||||
{
|
||||
$user = auth('platform')->user();
|
||||
|
||||
return $user instanceof PlatformUser
|
||||
&& $user->hasCapability(PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* overall: array{label: string, color: string, icon: string|null},
|
||||
|
||||
@ -80,6 +80,9 @@ protected function getHeaderActions(): array
|
||||
$this->pauseRestoreExecuteAction(),
|
||||
$this->resumeRestoreExecuteAction(),
|
||||
$this->viewHistoryRestoreExecuteAction(),
|
||||
$this->pauseAiExecutionAction(),
|
||||
$this->resumeAiExecutionAction(),
|
||||
$this->viewHistoryAiExecutionAction(),
|
||||
];
|
||||
}
|
||||
|
||||
@ -199,6 +202,21 @@ public function viewHistoryRestoreExecuteAction(): Action
|
||||
return $this->historyActionFor('restore.execute');
|
||||
}
|
||||
|
||||
public function pauseAiExecutionAction(): Action
|
||||
{
|
||||
return $this->pauseActionFor('ai.execution');
|
||||
}
|
||||
|
||||
public function resumeAiExecutionAction(): Action
|
||||
{
|
||||
return $this->resumeActionFor('ai.execution');
|
||||
}
|
||||
|
||||
public function viewHistoryAiExecutionAction(): Action
|
||||
{
|
||||
return $this->historyActionFor('ai.execution');
|
||||
}
|
||||
|
||||
private function pauseActionFor(string $controlKey): Action
|
||||
{
|
||||
$label = app(OperationalControlCatalog::class)->label($controlKey);
|
||||
@ -213,7 +231,7 @@ private function pauseActionFor(string $controlKey): Action
|
||||
->form($this->pauseFormSchema($controlKey))
|
||||
->action(function (array $data, AuditRecorder $auditRecorder, WorkspaceAuditLogger $workspaceAuditLogger) use ($controlKey, $label): void {
|
||||
$actor = $this->controlsActor();
|
||||
[$scopeType, $workspace, $reasonText, $expiresAt] = $this->normalizePauseInput($data);
|
||||
[$scopeType, $workspace, $reasonText, $expiresAt] = $this->normalizePauseInput($controlKey, $data);
|
||||
|
||||
$scopeQuery = $this->activationScopeQuery($controlKey, $scopeType, $workspace);
|
||||
|
||||
@ -273,7 +291,7 @@ private function resumeActionFor(string $controlKey): Action
|
||||
->form($this->resumeFormSchema($controlKey))
|
||||
->action(function (array $data, AuditRecorder $auditRecorder, WorkspaceAuditLogger $workspaceAuditLogger) use ($controlKey, $label): void {
|
||||
$actor = $this->controlsActor();
|
||||
[$scopeType, $workspace] = $this->normalizeResumeInput($data);
|
||||
[$scopeType, $workspace] = $this->normalizeResumeInput($controlKey, $data);
|
||||
|
||||
$activation = $this->activationScopeQuery($controlKey, $scopeType, $workspace)
|
||||
->notExpired()
|
||||
@ -331,11 +349,8 @@ private function pauseFormSchema(string $controlKey): array
|
||||
return [
|
||||
Radio::make('scope_type')
|
||||
->label('Scope')
|
||||
->options([
|
||||
'global' => 'Global',
|
||||
'workspace' => 'One workspace',
|
||||
])
|
||||
->default('global')
|
||||
->options($this->scopeOptions($controlKey))
|
||||
->default($this->defaultScopeFor($controlKey))
|
||||
->live()
|
||||
->required(),
|
||||
|
||||
@ -395,11 +410,8 @@ private function resumeFormSchema(string $controlKey): array
|
||||
return [
|
||||
Radio::make('scope_type')
|
||||
->label('Scope')
|
||||
->options([
|
||||
'global' => 'Global',
|
||||
'workspace' => 'One workspace',
|
||||
])
|
||||
->default('global')
|
||||
->options($this->scopeOptions($controlKey))
|
||||
->default($this->defaultScopeFor($controlKey))
|
||||
->live()
|
||||
->required(),
|
||||
|
||||
@ -456,9 +468,9 @@ private function controlsActor(): PlatformUser
|
||||
/**
|
||||
* @return array{0: string, 1: ?Workspace, 2: string, 3: ?CarbonInterface}
|
||||
*/
|
||||
private function normalizePauseInput(array $data): array
|
||||
private function normalizePauseInput(string $controlKey, array $data): array
|
||||
{
|
||||
[$scopeType, $workspace] = $this->resolveScopeInput($data);
|
||||
[$scopeType, $workspace] = $this->resolveScopeInput($controlKey, $data);
|
||||
$reasonText = trim((string) ($data['reason_text'] ?? ''));
|
||||
|
||||
if ($reasonText === '') {
|
||||
@ -485,19 +497,20 @@ private function normalizePauseInput(array $data): array
|
||||
/**
|
||||
* @return array{0: string, 1: ?Workspace}
|
||||
*/
|
||||
private function normalizeResumeInput(array $data): array
|
||||
private function normalizeResumeInput(string $controlKey, array $data): array
|
||||
{
|
||||
return $this->resolveScopeInput($data);
|
||||
return $this->resolveScopeInput($controlKey, $data);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{0: string, 1: ?Workspace}
|
||||
*/
|
||||
private function resolveScopeInput(array $data): array
|
||||
private function resolveScopeInput(string $controlKey, array $data): array
|
||||
{
|
||||
$scopeType = (string) ($data['scope_type'] ?? 'global');
|
||||
$supportedScopes = app(OperationalControlCatalog::class)->definition($controlKey)['supported_scopes'] ?? ['global'];
|
||||
|
||||
if (! in_array($scopeType, ['global', 'workspace'], true)) {
|
||||
if (! in_array($scopeType, $supportedScopes, true)) {
|
||||
throw ValidationException::withMessages([
|
||||
'scope_type' => 'Invalid scope selected.',
|
||||
]);
|
||||
@ -526,6 +539,26 @@ private function resolveScopeInput(array $data): array
|
||||
return [$scopeType, $workspace];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
private function scopeOptions(string $controlKey): array
|
||||
{
|
||||
$supportedScopes = app(OperationalControlCatalog::class)->definition($controlKey)['supported_scopes'];
|
||||
|
||||
return Arr::only([
|
||||
'global' => 'Global',
|
||||
'workspace' => 'One workspace',
|
||||
], $supportedScopes);
|
||||
}
|
||||
|
||||
private function defaultScopeFor(string $controlKey): string
|
||||
{
|
||||
$supportedScopes = app(OperationalControlCatalog::class)->definition($controlKey)['supported_scopes'];
|
||||
|
||||
return $supportedScopes[0] ?? 'global';
|
||||
}
|
||||
|
||||
private function activationScopeQuery(string $controlKey, string $scopeType, ?Workspace $workspace): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
$query = OperationalControlActivation::query()
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
namespace App\Filament\Widgets\Tenant;
|
||||
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
@ -80,6 +81,14 @@ public function generatePack(bool $includePii = true, bool $includeOperations =
|
||||
return;
|
||||
}
|
||||
|
||||
if ((bool) ($decision['is_warning'] ?? false) && is_string($decision['warning_reason'] ?? null)) {
|
||||
Notification::make()
|
||||
->title('Review pack generation allowed with warning')
|
||||
->body($decision['warning_reason'])
|
||||
->warning()
|
||||
->send();
|
||||
}
|
||||
|
||||
$activeRun = $service->checkActiveRun($tenant)
|
||||
? OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
@ -162,6 +171,9 @@ protected function getViewData(): array
|
||||
$generationBlockReason = is_string($generationEntitlement['block_reason'] ?? null)
|
||||
? $generationEntitlement['block_reason']
|
||||
: null;
|
||||
$generationWarningReason = is_string($generationEntitlement['warning_reason'] ?? null)
|
||||
? $generationEntitlement['warning_reason']
|
||||
: null;
|
||||
|
||||
$latestPack = ReviewPack::query()
|
||||
->with(['tenantReview', 'operationRun'])
|
||||
@ -180,6 +192,8 @@ protected function getViewData(): array
|
||||
'canManage' => $canManage,
|
||||
'generationBlocked' => $generationBlocked,
|
||||
'generationBlockReason' => $generationBlockReason,
|
||||
'generationWarningReason' => $generationWarningReason,
|
||||
'customerWorkspaceUrl' => $canView ? CustomerReviewWorkspace::tenantPrefilterUrl($tenant) : null,
|
||||
'downloadUrl' => null,
|
||||
'failedReason' => null,
|
||||
'reviewUrl' => null,
|
||||
@ -230,6 +244,8 @@ protected function getViewData(): array
|
||||
'canManage' => $canManage,
|
||||
'generationBlocked' => $generationBlocked,
|
||||
'generationBlockReason' => $generationBlockReason,
|
||||
'generationWarningReason' => $generationWarningReason,
|
||||
'customerWorkspaceUrl' => $canView ? CustomerReviewWorkspace::tenantPrefilterUrl($tenant) : null,
|
||||
'downloadUrl' => $downloadUrl,
|
||||
'failedReason' => $failedReason,
|
||||
'failedReasonDetail' => $failedReasonDetail,
|
||||
@ -262,6 +278,8 @@ private function emptyState(): array
|
||||
'canManage' => false,
|
||||
'generationBlocked' => false,
|
||||
'generationBlockReason' => null,
|
||||
'generationWarningReason' => null,
|
||||
'customerWorkspaceUrl' => null,
|
||||
'downloadUrl' => null,
|
||||
'failedReason' => null,
|
||||
'failedReasonDetail' => null,
|
||||
|
||||
@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\User;
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Support\Facades\App;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
class LocalizationController extends Controller
|
||||
{
|
||||
public function context(Request $request, LocaleResolver $resolver): JsonResponse
|
||||
{
|
||||
$plane = $request->query('plane');
|
||||
$context = $request->attributes->get(LocaleResolver::REQUEST_ATTRIBUTE);
|
||||
|
||||
if (is_string($plane) && $plane !== '') {
|
||||
$context = $resolver->resolve($request, $plane);
|
||||
}
|
||||
|
||||
return response()->json(is_array($context) ? $context : $resolver->resolve($request));
|
||||
}
|
||||
|
||||
public function updateOverride(Request $request): RedirectResponse
|
||||
{
|
||||
$locale = LocaleResolver::normalize($request->input('locale'));
|
||||
|
||||
if ($locale === null) {
|
||||
throw ValidationException::withMessages([
|
||||
'locale' => [__('localization.validation.unsupported_locale')],
|
||||
]);
|
||||
}
|
||||
|
||||
$request->session()->put(LocaleResolver::SESSION_OVERRIDE_KEY, $locale);
|
||||
App::setLocale($locale);
|
||||
|
||||
return back()->with('status', __('localization.notifications.locale_override_saved'));
|
||||
}
|
||||
|
||||
public function clearOverride(Request $request, LocaleResolver $resolver): RedirectResponse
|
||||
{
|
||||
$request->session()->forget(LocaleResolver::SESSION_OVERRIDE_KEY);
|
||||
App::setLocale($resolver->resolve($request)['locale']);
|
||||
|
||||
return back()->with('status', __('localization.notifications.locale_override_cleared'));
|
||||
}
|
||||
|
||||
public function updateUserPreference(Request $request, LocaleResolver $resolver): RedirectResponse
|
||||
{
|
||||
$user = $request->user();
|
||||
|
||||
abort_unless($user instanceof User, Response::HTTP_NOT_FOUND);
|
||||
|
||||
$rawLocale = $request->input('preferred_locale');
|
||||
$locale = $rawLocale === null || $rawLocale === ''
|
||||
? null
|
||||
: LocaleResolver::normalize($rawLocale);
|
||||
|
||||
if ($rawLocale !== null && $rawLocale !== '' && $locale === null) {
|
||||
throw ValidationException::withMessages([
|
||||
'preferred_locale' => [__('localization.validation.unsupported_locale')],
|
||||
]);
|
||||
}
|
||||
|
||||
$user->forceFill(['preferred_locale' => $locale])->save();
|
||||
$user->refresh();
|
||||
|
||||
App::setLocale($resolver->resolve($request)['locale']);
|
||||
|
||||
return back()->with('status', $locale === null
|
||||
? __('localization.notifications.user_preference_cleared')
|
||||
: __('localization.notifications.user_preference_saved'));
|
||||
}
|
||||
}
|
||||
@ -4,7 +4,12 @@
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
@ -15,6 +20,21 @@ class ReviewPackDownloadController extends Controller
|
||||
{
|
||||
public function __invoke(Request $request, ReviewPack $reviewPack): StreamedResponse
|
||||
{
|
||||
$user = $request->user();
|
||||
$tenant = $reviewPack->tenant;
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if (! $user->canAccessTenant($tenant)) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
if ($reviewPack->status !== ReviewPackStatus::Ready->value) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
@ -29,7 +49,26 @@ public function __invoke(Request $request, ReviewPack $reviewPack): StreamedResp
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$tenant = $reviewPack->tenant;
|
||||
app(WorkspaceAuditLogger::class)->log(
|
||||
workspace: $tenant->workspace,
|
||||
action: AuditActionId::ReviewPackDownloaded,
|
||||
context: [
|
||||
'metadata' => [
|
||||
'review_pack_id' => (int) $reviewPack->getKey(),
|
||||
'tenant_review_id' => $reviewPack->tenant_review_id !== null
|
||||
? (int) $reviewPack->tenant_review_id
|
||||
: null,
|
||||
'source_surface' => (string) $request->query('source_surface', 'review_pack'),
|
||||
],
|
||||
],
|
||||
actor: $user,
|
||||
resourceType: 'review_pack',
|
||||
resourceId: (string) $reviewPack->getKey(),
|
||||
targetLabel: sprintf('Review pack #%d', (int) $reviewPack->getKey()),
|
||||
tenant: $tenant,
|
||||
operationRunId: $reviewPack->operation_run_id,
|
||||
);
|
||||
|
||||
$filename = sprintf(
|
||||
'review-pack-%s-%s.zip',
|
||||
$tenant?->external_id ?? 'unknown',
|
||||
|
||||
29
apps/platform/app/Http/Middleware/ApplyResolvedLocale.php
Normal file
29
apps/platform/app/Http/Middleware/ApplyResolvedLocale.php
Normal file
@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Carbon;
|
||||
use Illuminate\Support\Facades\App;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class ApplyResolvedLocale
|
||||
{
|
||||
public function __construct(private LocaleResolver $resolver) {}
|
||||
|
||||
public function handle(Request $request, Closure $next, ?string $plane = null): Response
|
||||
{
|
||||
$context = $this->resolver->resolve($request, $plane);
|
||||
|
||||
App::setLocale($context['locale']);
|
||||
Carbon::setLocale($context['locale']);
|
||||
|
||||
$request->attributes->set(LocaleResolver::REQUEST_ATTRIBUTE, $context);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
@ -39,6 +39,7 @@ class User extends Authenticatable implements FilamentUser, HasDefaultTenant, Ha
|
||||
'password',
|
||||
'entra_tenant_id',
|
||||
'entra_object_id',
|
||||
'preferred_locale',
|
||||
];
|
||||
|
||||
/**
|
||||
|
||||
@ -7,11 +7,13 @@
|
||||
use App\Filament\Pages\ChooseWorkspace;
|
||||
use App\Filament\Pages\Findings\FindingsHygieneReport;
|
||||
use App\Filament\Pages\Findings\FindingsIntakeQueue;
|
||||
use App\Filament\Pages\Governance\GovernanceInbox;
|
||||
use App\Filament\Pages\Findings\MyFindingsInbox;
|
||||
use App\Filament\Pages\InventoryCoverage;
|
||||
use App\Filament\Pages\Monitoring\FindingExceptionsQueue;
|
||||
use App\Filament\Pages\NoAccess;
|
||||
use App\Filament\Pages\Reviews\ReviewRegister;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Filament\Pages\TenantRequiredPermissions;
|
||||
use App\Filament\Pages\WorkspaceOverview;
|
||||
@ -77,16 +79,16 @@ public function panel(Panel $panel): Panel
|
||||
])
|
||||
->navigationItems([
|
||||
WorkspaceOverview::navigationItem(),
|
||||
NavigationItem::make('Integrations')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.integrations'))
|
||||
->url(fn (): string => route('filament.admin.resources.provider-connections.index'))
|
||||
->icon('heroicon-o-link')
|
||||
->group('Settings')
|
||||
->group(fn (): string => __('localization.navigation.settings'))
|
||||
->sort(15)
|
||||
->visible(fn (): bool => ProviderConnectionResource::canViewAny()),
|
||||
NavigationItem::make('Settings')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.settings'))
|
||||
->url(fn (): string => WorkspaceSettings::getUrl(panel: 'admin'))
|
||||
->icon('heroicon-o-cog-6-tooth')
|
||||
->group('Settings')
|
||||
->group(fn (): string => __('localization.navigation.settings'))
|
||||
->sort(20)
|
||||
->visible(function (): bool {
|
||||
$user = auth()->user();
|
||||
@ -113,12 +115,12 @@ public function panel(Panel $panel): Panel
|
||||
return $resolver->isMember($user, $workspace)
|
||||
&& $resolver->can($user, $workspace, Capabilities::WORKSPACE_SETTINGS_VIEW);
|
||||
}),
|
||||
NavigationItem::make('Manage workspaces')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.manage_workspaces'))
|
||||
->url(function (): string {
|
||||
return route('filament.admin.resources.workspaces.index');
|
||||
})
|
||||
->icon('heroicon-o-squares-2x2')
|
||||
->group('Settings')
|
||||
->group(fn (): string => __('localization.navigation.settings'))
|
||||
->sort(10)
|
||||
->visible(function (): bool {
|
||||
$user = auth()->user();
|
||||
@ -134,15 +136,15 @@ public function panel(Panel $panel): Panel
|
||||
->whereIn('role', $roles)
|
||||
->exists();
|
||||
}),
|
||||
NavigationItem::make('Operations')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.operations'))
|
||||
->url(fn (): string => route('admin.operations.index'))
|
||||
->icon('heroicon-o-queue-list')
|
||||
->group('Monitoring')
|
||||
->group(fn (): string => __('localization.navigation.monitoring'))
|
||||
->sort(10),
|
||||
NavigationItem::make('Audit Log')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.audit_log'))
|
||||
->url(fn (): string => route('admin.monitoring.audit-log'))
|
||||
->icon('heroicon-o-clipboard-document-list')
|
||||
->group('Monitoring')
|
||||
->group(fn (): string => __('localization.navigation.monitoring'))
|
||||
->sort(30),
|
||||
])
|
||||
->renderHook(
|
||||
@ -179,10 +181,12 @@ public function panel(Panel $panel): Panel
|
||||
InventoryCoverage::class,
|
||||
TenantRequiredPermissions::class,
|
||||
WorkspaceSettings::class,
|
||||
GovernanceInbox::class,
|
||||
FindingsHygieneReport::class,
|
||||
FindingsIntakeQueue::class,
|
||||
MyFindingsInbox::class,
|
||||
FindingExceptionsQueue::class,
|
||||
CustomerReviewWorkspace::class,
|
||||
ReviewRegister::class,
|
||||
])
|
||||
->widgets([
|
||||
@ -206,6 +210,7 @@ public function panel(Panel $panel): Panel
|
||||
DisableBladeIconComponents::class,
|
||||
DispatchServingFilamentEvent::class,
|
||||
])
|
||||
->middleware(['apply-resolved-locale:admin'], isPersistent: true)
|
||||
->authMiddleware([
|
||||
Authenticate::class,
|
||||
]);
|
||||
|
||||
@ -42,6 +42,14 @@ public function panel(Panel $panel): Panel
|
||||
PanelsRenderHook::BODY_START,
|
||||
fn () => view('filament.system.components.break-glass-banner')->render(),
|
||||
)
|
||||
->renderHook(
|
||||
PanelsRenderHook::TOPBAR_START,
|
||||
fn () => view('filament.partials.locale-switcher', [
|
||||
'plane' => 'system',
|
||||
'showPreference' => false,
|
||||
'embedded' => false,
|
||||
])->render(),
|
||||
)
|
||||
->discoverPages(in: app_path('Filament/System/Pages'), for: 'App\\Filament\\System\\Pages')
|
||||
->pages([
|
||||
Dashboard::class,
|
||||
@ -59,6 +67,7 @@ public function panel(Panel $panel): Panel
|
||||
DisableBladeIconComponents::class,
|
||||
DispatchServingFilamentEvent::class,
|
||||
])
|
||||
->middleware(['apply-resolved-locale:system'], isPersistent: true)
|
||||
->authMiddleware([
|
||||
Authenticate::class,
|
||||
'ensure-platform-capability:'.PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
|
||||
@ -50,20 +50,20 @@ public function panel(Panel $panel): Panel
|
||||
'primary' => Color::Indigo,
|
||||
])
|
||||
->navigationItems([
|
||||
NavigationItem::make(OperationRunLinks::collectionLabel())
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.operations'))
|
||||
->url(fn (): string => route('admin.operations.index'))
|
||||
->icon('heroicon-o-queue-list')
|
||||
->group('Monitoring')
|
||||
->group(fn (): string => __('localization.navigation.monitoring'))
|
||||
->sort(10),
|
||||
NavigationItem::make('Alerts')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.alerts'))
|
||||
->url(fn (): string => url('/admin/alerts'))
|
||||
->icon('heroicon-o-bell-alert')
|
||||
->group('Monitoring')
|
||||
->group(fn (): string => __('localization.navigation.monitoring'))
|
||||
->sort(20),
|
||||
NavigationItem::make('Audit Log')
|
||||
NavigationItem::make(fn (): string => __('localization.navigation.audit_log'))
|
||||
->url(fn (): string => route('admin.monitoring.audit-log'))
|
||||
->icon('heroicon-o-clipboard-document-list')
|
||||
->group('Monitoring')
|
||||
->group(fn (): string => __('localization.navigation.monitoring'))
|
||||
->sort(30),
|
||||
])
|
||||
->renderHook(
|
||||
@ -111,6 +111,7 @@ public function panel(Panel $panel): Panel
|
||||
DisableBladeIconComponents::class,
|
||||
DispatchServingFilamentEvent::class,
|
||||
])
|
||||
->middleware(['apply-resolved-locale:tenant'], isPersistent: true)
|
||||
->authMiddleware([
|
||||
Authenticate::class,
|
||||
]);
|
||||
|
||||
@ -0,0 +1,410 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services\Entitlements;
|
||||
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use Carbon\CarbonInterface;
|
||||
|
||||
final class WorkspaceCommercialLifecycleResolver
|
||||
{
|
||||
public const SETTING_DOMAIN = WorkspaceEntitlementResolver::SETTING_DOMAIN;
|
||||
|
||||
public const SETTING_COMMERCIAL_LIFECYCLE_STATE = 'commercial_lifecycle_state';
|
||||
|
||||
public const SETTING_COMMERCIAL_LIFECYCLE_REASON = 'commercial_lifecycle_reason';
|
||||
|
||||
public const STATE_TRIAL = 'trial';
|
||||
|
||||
public const STATE_GRACE = 'grace';
|
||||
|
||||
public const STATE_ACTIVE_PAID = 'active_paid';
|
||||
|
||||
public const STATE_SUSPENDED_READ_ONLY = 'suspended_read_only';
|
||||
|
||||
public const SOURCE_DEFAULT_ACTIVE_PAID = 'default_active_paid';
|
||||
|
||||
public const SOURCE_WORKSPACE_SETTING = 'workspace_setting';
|
||||
|
||||
public const ACTION_MANAGED_TENANT_ACTIVATION = 'managed_tenant_activation';
|
||||
|
||||
public const ACTION_REVIEW_PACK_START = 'review_pack_start';
|
||||
|
||||
public const ACTION_REVIEW_HISTORY_READ = 'review_history_read';
|
||||
|
||||
public const ACTION_EVIDENCE_READ = 'evidence_read';
|
||||
|
||||
public const ACTION_GENERATED_PACK_READ = 'generated_pack_read';
|
||||
|
||||
public const OUTCOME_ALLOW = 'allow';
|
||||
|
||||
public const OUTCOME_WARN = 'warn';
|
||||
|
||||
public const OUTCOME_BLOCK = 'block';
|
||||
|
||||
public const OUTCOME_ALLOW_READ_ONLY = 'allow_read_only';
|
||||
|
||||
public const REASON_FAMILY_ENTITLEMENT_SUBSTRATE = 'entitlement_substrate';
|
||||
|
||||
public const REASON_FAMILY_COMMERCIAL_LIFECYCLE = 'commercial_lifecycle';
|
||||
|
||||
public function __construct(
|
||||
private readonly SettingsResolver $settingsResolver,
|
||||
private readonly WorkspaceEntitlementResolver $workspaceEntitlementResolver,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function stateIds(): array
|
||||
{
|
||||
return [
|
||||
self::STATE_TRIAL,
|
||||
self::STATE_GRACE,
|
||||
self::STATE_ACTIVE_PAID,
|
||||
self::STATE_SUSPENDED_READ_ONLY,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public static function stateLabels(): array
|
||||
{
|
||||
return [
|
||||
self::STATE_TRIAL => 'Trial',
|
||||
self::STATE_GRACE => 'Grace',
|
||||
self::STATE_ACTIVE_PAID => 'Active paid',
|
||||
self::STATE_SUSPENDED_READ_ONLY => 'Suspended / read-only',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public static function stateDescriptions(): array
|
||||
{
|
||||
return [
|
||||
self::STATE_TRIAL => 'Expansion and review-pack starts are available while the workspace is in trial.',
|
||||
self::STATE_GRACE => 'New managed-tenant activation is frozen, but review-pack starts remain available with a warning.',
|
||||
self::STATE_ACTIVE_PAID => 'Expansion and review-pack starts are available for the active paid workspace.',
|
||||
self::STATE_SUSPENDED_READ_ONLY => 'New activation and review-pack starts are blocked while existing review, evidence, and generated-pack access remains read-only.',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function summary(Workspace $workspace): array
|
||||
{
|
||||
$lifecycle = $this->resolve($workspace);
|
||||
|
||||
return $lifecycle + [
|
||||
'entitlement_summary' => $this->workspaceEntitlementResolver->summary($workspace),
|
||||
'action_decisions' => [
|
||||
self::ACTION_MANAGED_TENANT_ACTIVATION => $this->actionDecision($workspace, self::ACTION_MANAGED_TENANT_ACTIVATION, $lifecycle),
|
||||
self::ACTION_REVIEW_PACK_START => $this->actionDecision($workspace, self::ACTION_REVIEW_PACK_START, $lifecycle),
|
||||
self::ACTION_REVIEW_HISTORY_READ => $this->actionDecision($workspace, self::ACTION_REVIEW_HISTORY_READ, $lifecycle),
|
||||
self::ACTION_EVIDENCE_READ => $this->actionDecision($workspace, self::ACTION_EVIDENCE_READ, $lifecycle),
|
||||
self::ACTION_GENERATED_PACK_READ => $this->actionDecision($workspace, self::ACTION_GENERATED_PACK_READ, $lifecycle),
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* workspace_id: int,
|
||||
* state: string,
|
||||
* state_label: string,
|
||||
* source: string,
|
||||
* source_label: string,
|
||||
* rationale: string|null,
|
||||
* description: string,
|
||||
* last_changed_at: CarbonInterface|null,
|
||||
* last_changed_by: string|null
|
||||
* }
|
||||
*/
|
||||
public function resolve(Workspace $workspace): array
|
||||
{
|
||||
$stateSetting = $this->settingsResolver->resolveDetailed(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
);
|
||||
|
||||
$rawState = is_string($stateSetting['value'] ?? null)
|
||||
? strtolower(trim((string) $stateSetting['value']))
|
||||
: null;
|
||||
|
||||
$state = in_array($rawState, self::stateIds(), true)
|
||||
? $rawState
|
||||
: self::STATE_ACTIVE_PAID;
|
||||
|
||||
$source = ($stateSetting['source'] ?? null) === 'workspace_override' && $rawState !== null
|
||||
? self::SOURCE_WORKSPACE_SETTING
|
||||
: self::SOURCE_DEFAULT_ACTIVE_PAID;
|
||||
|
||||
$rationale = $this->settingsResolver->resolveValue(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_COMMERCIAL_LIFECYCLE_REASON,
|
||||
);
|
||||
|
||||
$labels = self::stateLabels();
|
||||
$descriptions = self::stateDescriptions();
|
||||
$lastChanged = $this->lastChangedMetadata($workspace);
|
||||
|
||||
return [
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'state' => $state,
|
||||
'state_label' => $labels[$state],
|
||||
'source' => $source,
|
||||
'source_label' => $source === self::SOURCE_WORKSPACE_SETTING
|
||||
? 'workspace setting'
|
||||
: 'default active paid',
|
||||
'rationale' => is_string($rationale) && trim($rationale) !== '' ? trim($rationale) : null,
|
||||
'description' => $descriptions[$state],
|
||||
'last_changed_at' => $lastChanged['last_changed_at'],
|
||||
'last_changed_by' => $lastChanged['last_changed_by'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed>|null $lifecycle
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function actionDecision(Workspace $workspace, string $actionKey, ?array $lifecycle = null): array
|
||||
{
|
||||
$lifecycle ??= $this->resolve($workspace);
|
||||
|
||||
return match ($actionKey) {
|
||||
self::ACTION_MANAGED_TENANT_ACTIVATION => $this->managedTenantActivationDecision($workspace, $lifecycle),
|
||||
self::ACTION_REVIEW_PACK_START => $this->reviewPackStartDecision($workspace, $lifecycle),
|
||||
self::ACTION_REVIEW_HISTORY_READ,
|
||||
self::ACTION_EVIDENCE_READ,
|
||||
self::ACTION_GENERATED_PACK_READ => $this->readOnlyDecision($actionKey, $lifecycle),
|
||||
default => throw new \InvalidArgumentException(sprintf('Unknown commercial lifecycle action key: %s', $actionKey)),
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function reviewPackStartDecisionForTenant(Tenant $tenant): array
|
||||
{
|
||||
$tenant->loadMissing('workspace');
|
||||
|
||||
return $this->actionDecision($tenant->workspace, self::ACTION_REVIEW_PACK_START);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $lifecycle
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function managedTenantActivationDecision(Workspace $workspace, array $lifecycle): array
|
||||
{
|
||||
$substrateDecision = $this->workspaceEntitlementResolver->resolve(
|
||||
$workspace,
|
||||
WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
);
|
||||
|
||||
if ((bool) ($substrateDecision['is_blocked'] ?? false)) {
|
||||
return $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_MANAGED_TENANT_ACTIVATION,
|
||||
outcome: self::OUTCOME_BLOCK,
|
||||
reasonFamily: self::REASON_FAMILY_ENTITLEMENT_SUBSTRATE,
|
||||
message: (string) ($substrateDecision['block_reason'] ?? 'Workspace entitlement currently blocks managed tenant activation.'),
|
||||
substrateDecision: $substrateDecision,
|
||||
);
|
||||
}
|
||||
|
||||
return match ($lifecycle['state']) {
|
||||
self::STATE_GRACE => $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_MANAGED_TENANT_ACTIVATION,
|
||||
outcome: self::OUTCOME_BLOCK,
|
||||
reasonFamily: self::REASON_FAMILY_COMMERCIAL_LIFECYCLE,
|
||||
message: 'New managed-tenant activation is frozen while this workspace is in grace.',
|
||||
substrateDecision: $substrateDecision,
|
||||
),
|
||||
self::STATE_SUSPENDED_READ_ONLY => $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_MANAGED_TENANT_ACTIVATION,
|
||||
outcome: self::OUTCOME_BLOCK,
|
||||
reasonFamily: self::REASON_FAMILY_COMMERCIAL_LIFECYCLE,
|
||||
message: 'This workspace is suspended / read-only. New managed-tenant activation is blocked, but existing review and evidence history remains available.',
|
||||
substrateDecision: $substrateDecision,
|
||||
),
|
||||
default => $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_MANAGED_TENANT_ACTIVATION,
|
||||
outcome: self::OUTCOME_ALLOW,
|
||||
reasonFamily: null,
|
||||
message: 'Managed-tenant activation is available for this workspace commercial state.',
|
||||
substrateDecision: $substrateDecision,
|
||||
),
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $lifecycle
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function reviewPackStartDecision(Workspace $workspace, array $lifecycle): array
|
||||
{
|
||||
$substrateDecision = $this->workspaceEntitlementResolver->resolve(
|
||||
$workspace,
|
||||
WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED,
|
||||
);
|
||||
|
||||
if ((bool) ($substrateDecision['is_blocked'] ?? false)) {
|
||||
return $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_REVIEW_PACK_START,
|
||||
outcome: self::OUTCOME_BLOCK,
|
||||
reasonFamily: self::REASON_FAMILY_ENTITLEMENT_SUBSTRATE,
|
||||
message: (string) ($substrateDecision['block_reason'] ?? 'Workspace entitlement currently blocks review pack generation.'),
|
||||
substrateDecision: $substrateDecision,
|
||||
);
|
||||
}
|
||||
|
||||
return match ($lifecycle['state']) {
|
||||
self::STATE_GRACE => $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_REVIEW_PACK_START,
|
||||
outcome: self::OUTCOME_WARN,
|
||||
reasonFamily: self::REASON_FAMILY_COMMERCIAL_LIFECYCLE,
|
||||
message: 'Workspace is in grace. Review-pack starts remain available, but managed-tenant expansion is frozen.',
|
||||
substrateDecision: $substrateDecision,
|
||||
),
|
||||
self::STATE_SUSPENDED_READ_ONLY => $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_REVIEW_PACK_START,
|
||||
outcome: self::OUTCOME_BLOCK,
|
||||
reasonFamily: self::REASON_FAMILY_COMMERCIAL_LIFECYCLE,
|
||||
message: 'This workspace is suspended / read-only. New review-pack starts are blocked, but existing review packs, evidence, and review history remain available.',
|
||||
substrateDecision: $substrateDecision,
|
||||
),
|
||||
default => $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: self::ACTION_REVIEW_PACK_START,
|
||||
outcome: self::OUTCOME_ALLOW,
|
||||
reasonFamily: null,
|
||||
message: 'Review-pack starts are available for this workspace commercial state.',
|
||||
substrateDecision: $substrateDecision,
|
||||
),
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $lifecycle
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function readOnlyDecision(string $actionKey, array $lifecycle): array
|
||||
{
|
||||
if (($lifecycle['state'] ?? null) === self::STATE_SUSPENDED_READ_ONLY) {
|
||||
return $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: $actionKey,
|
||||
outcome: self::OUTCOME_ALLOW_READ_ONLY,
|
||||
reasonFamily: self::REASON_FAMILY_COMMERCIAL_LIFECYCLE,
|
||||
message: 'Suspended / read-only workspaces keep existing review, evidence, and generated-pack consumption available under current RBAC.',
|
||||
substrateDecision: null,
|
||||
);
|
||||
}
|
||||
|
||||
return $this->decision(
|
||||
lifecycle: $lifecycle,
|
||||
actionKey: $actionKey,
|
||||
outcome: self::OUTCOME_ALLOW,
|
||||
reasonFamily: null,
|
||||
message: 'Read-only history remains available under current RBAC.',
|
||||
substrateDecision: null,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $lifecycle
|
||||
* @param array<string, mixed>|null $substrateDecision
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function decision(
|
||||
array $lifecycle,
|
||||
string $actionKey,
|
||||
string $outcome,
|
||||
?string $reasonFamily,
|
||||
string $message,
|
||||
?array $substrateDecision,
|
||||
): array {
|
||||
return [
|
||||
'workspace_id' => (int) ($lifecycle['workspace_id'] ?? 0),
|
||||
'action_key' => $actionKey,
|
||||
'outcome' => $outcome,
|
||||
'is_blocked' => $outcome === self::OUTCOME_BLOCK,
|
||||
'is_warning' => $outcome === self::OUTCOME_WARN,
|
||||
'block_reason' => $outcome === self::OUTCOME_BLOCK ? $message : null,
|
||||
'warning_reason' => $outcome === self::OUTCOME_WARN ? $message : null,
|
||||
'message' => $message,
|
||||
'reason_family' => $reasonFamily,
|
||||
'state' => (string) $lifecycle['state'],
|
||||
'state_label' => (string) $lifecycle['state_label'],
|
||||
'source' => (string) $lifecycle['source'],
|
||||
'source_label' => (string) $lifecycle['source_label'],
|
||||
'rationale' => $lifecycle['rationale'] ?? null,
|
||||
'entitlement_decision' => $substrateDecision,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{last_changed_at: CarbonInterface|null, last_changed_by: string|null}
|
||||
*/
|
||||
private function lastChangedMetadata(Workspace $workspace): array
|
||||
{
|
||||
$audit = AuditLog::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('action', AuditActionId::WorkspaceSettingUpdated->value)
|
||||
->where('resource_type', 'workspace_setting')
|
||||
->where('resource_id', self::SETTING_DOMAIN.'.'.self::SETTING_COMMERCIAL_LIFECYCLE_STATE)
|
||||
->latest('recorded_at')
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
if ($audit instanceof AuditLog) {
|
||||
return [
|
||||
'last_changed_at' => $audit->recorded_at,
|
||||
'last_changed_by' => $audit->actorDisplayLabel(),
|
||||
];
|
||||
}
|
||||
|
||||
$record = WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', self::SETTING_DOMAIN)
|
||||
->whereIn('key', [
|
||||
self::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
self::SETTING_COMMERCIAL_LIFECYCLE_REASON,
|
||||
])
|
||||
->with('updatedByUser:id,name')
|
||||
->latest('updated_at')
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
if (! $record instanceof WorkspaceSetting) {
|
||||
return [
|
||||
'last_changed_at' => null,
|
||||
'last_changed_by' => null,
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
'last_changed_at' => $record->updated_at,
|
||||
'last_changed_by' => $record->updatedByUser?->name,
|
||||
];
|
||||
}
|
||||
}
|
||||
215
apps/platform/app/Services/Localization/LocaleResolver.php
Normal file
215
apps/platform/app/Services/Localization/LocaleResolver.php
Normal file
@ -0,0 +1,215 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services\Localization;
|
||||
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class LocaleResolver
|
||||
{
|
||||
public const SESSION_OVERRIDE_KEY = 'tenantpilot.locale_override';
|
||||
|
||||
public const REQUEST_ATTRIBUTE = 'tenantpilot.resolved_locale';
|
||||
|
||||
public const SETTING_DOMAIN = 'localization';
|
||||
|
||||
public const SETTING_DEFAULT_LOCALE = 'default_locale';
|
||||
|
||||
public const SOURCE_EXPLICIT_OVERRIDE = 'explicit_override';
|
||||
|
||||
public const SOURCE_USER_PREFERENCE = 'user_preference';
|
||||
|
||||
public const SOURCE_WORKSPACE_DEFAULT = 'workspace_default';
|
||||
|
||||
public const SOURCE_SYSTEM_DEFAULT = 'system_default';
|
||||
|
||||
/**
|
||||
* @var list<string>
|
||||
*/
|
||||
private const SUPPORTED_LOCALES = ['en', 'de'];
|
||||
|
||||
public function __construct(
|
||||
private SettingsResolver $settingsResolver,
|
||||
private WorkspaceContext $workspaceContext,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function supportedLocales(): array
|
||||
{
|
||||
return self::SUPPORTED_LOCALES;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public static function localeOptions(): array
|
||||
{
|
||||
return [
|
||||
'en' => __('localization.locales.en'),
|
||||
'de' => __('localization.locales.de'),
|
||||
];
|
||||
}
|
||||
|
||||
public static function isSupported(mixed $locale): bool
|
||||
{
|
||||
return self::normalize($locale) !== null;
|
||||
}
|
||||
|
||||
public static function normalize(mixed $locale): ?string
|
||||
{
|
||||
if (! is_string($locale)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = strtolower(trim($locale));
|
||||
|
||||
return in_array($normalized, self::SUPPORTED_LOCALES, true) ? $normalized : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* locale: string,
|
||||
* source: string,
|
||||
* fallback_locale: string,
|
||||
* user_preference_locale: ?string,
|
||||
* workspace_default_locale: ?string,
|
||||
* machine_artifacts_invariant: true
|
||||
* }
|
||||
*/
|
||||
public function resolve(Request $request, ?string $plane = null): array
|
||||
{
|
||||
$plane = $this->normalizePlane($plane, $request);
|
||||
|
||||
$explicitOverride = $this->explicitOverride($request);
|
||||
$systemDefault = (string) config('app.fallback_locale', 'en');
|
||||
|
||||
if ($plane === 'system') {
|
||||
return $this->resolveFromSources(
|
||||
explicitOverride: $explicitOverride,
|
||||
userPreference: null,
|
||||
workspaceDefault: null,
|
||||
systemDefault: $systemDefault,
|
||||
includeUserPreference: false,
|
||||
includeWorkspaceDefault: false,
|
||||
);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$userPreference = $user instanceof User ? $user->preferred_locale : null;
|
||||
$workspaceDefault = $this->workspaceDefault($request);
|
||||
|
||||
return $this->resolveFromSources(
|
||||
explicitOverride: $explicitOverride,
|
||||
userPreference: $userPreference,
|
||||
workspaceDefault: $workspaceDefault,
|
||||
systemDefault: $systemDefault,
|
||||
includeUserPreference: true,
|
||||
includeWorkspaceDefault: true,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* locale: string,
|
||||
* source: string,
|
||||
* fallback_locale: string,
|
||||
* user_preference_locale: ?string,
|
||||
* workspace_default_locale: ?string,
|
||||
* machine_artifacts_invariant: true
|
||||
* }
|
||||
*/
|
||||
public function resolveFromSources(
|
||||
mixed $explicitOverride,
|
||||
mixed $userPreference,
|
||||
mixed $workspaceDefault,
|
||||
mixed $systemDefault,
|
||||
bool $includeUserPreference = true,
|
||||
bool $includeWorkspaceDefault = true,
|
||||
): array {
|
||||
$fallbackLocale = self::normalize(config('app.fallback_locale', 'en')) ?? 'en';
|
||||
|
||||
$candidates = [
|
||||
self::SOURCE_EXPLICIT_OVERRIDE => self::normalize($explicitOverride),
|
||||
];
|
||||
|
||||
if ($includeUserPreference) {
|
||||
$candidates[self::SOURCE_USER_PREFERENCE] = self::normalize($userPreference);
|
||||
}
|
||||
|
||||
if ($includeWorkspaceDefault) {
|
||||
$candidates[self::SOURCE_WORKSPACE_DEFAULT] = self::normalize($workspaceDefault);
|
||||
}
|
||||
|
||||
$candidates[self::SOURCE_SYSTEM_DEFAULT] = self::normalize($systemDefault) ?? $fallbackLocale;
|
||||
|
||||
foreach ($candidates as $source => $locale) {
|
||||
if ($locale !== null) {
|
||||
return [
|
||||
'locale' => $locale,
|
||||
'source' => $source,
|
||||
'fallback_locale' => $fallbackLocale,
|
||||
'user_preference_locale' => $includeUserPreference ? self::normalize($userPreference) : null,
|
||||
'workspace_default_locale' => $includeWorkspaceDefault ? self::normalize($workspaceDefault) : null,
|
||||
'machine_artifacts_invariant' => true,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
return [
|
||||
'locale' => $fallbackLocale,
|
||||
'source' => self::SOURCE_SYSTEM_DEFAULT,
|
||||
'fallback_locale' => $fallbackLocale,
|
||||
'user_preference_locale' => $includeUserPreference ? self::normalize($userPreference) : null,
|
||||
'workspace_default_locale' => $includeWorkspaceDefault ? self::normalize($workspaceDefault) : null,
|
||||
'machine_artifacts_invariant' => true,
|
||||
];
|
||||
}
|
||||
|
||||
private function explicitOverride(Request $request): ?string
|
||||
{
|
||||
$queryLocale = self::normalize($request->query('locale'));
|
||||
|
||||
if ($queryLocale !== null) {
|
||||
return $queryLocale;
|
||||
}
|
||||
|
||||
if (! $request->hasSession()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return self::normalize($request->session()->get(self::SESSION_OVERRIDE_KEY));
|
||||
}
|
||||
|
||||
private function workspaceDefault(Request $request): ?string
|
||||
{
|
||||
$workspace = $this->workspaceContext->currentWorkspace($request);
|
||||
|
||||
if (! $workspace instanceof Workspace) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return self::normalize($this->settingsResolver->resolveValue(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_DEFAULT_LOCALE,
|
||||
));
|
||||
}
|
||||
|
||||
private function normalizePlane(?string $plane, Request $request): string
|
||||
{
|
||||
$plane = strtolower(trim((string) $plane));
|
||||
|
||||
if (in_array($plane, ['admin', 'tenant', 'system'], true)) {
|
||||
return $plane;
|
||||
}
|
||||
|
||||
return $request->is('system', 'system/*') ? 'system' : 'admin';
|
||||
}
|
||||
}
|
||||
@ -14,7 +14,7 @@
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Evidence\EvidenceResolutionRequest;
|
||||
use App\Services\Evidence\EvidenceSnapshotResolver;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
@ -30,7 +30,7 @@ public function __construct(
|
||||
private OperationRunService $operationRunService,
|
||||
private EvidenceSnapshotResolver $snapshotResolver,
|
||||
private WorkspaceAuditLogger $auditLogger,
|
||||
private WorkspaceEntitlementResolver $workspaceEntitlementResolver,
|
||||
private WorkspaceCommercialLifecycleResolver $workspaceCommercialLifecycleResolver,
|
||||
private ProductTelemetryRecorder $productTelemetryRecorder,
|
||||
) {}
|
||||
|
||||
@ -234,14 +234,16 @@ public function computeFingerprint(Tenant $tenant, array $options): string
|
||||
|
||||
/**
|
||||
* Generate a signed download URL for a review pack.
|
||||
*
|
||||
* @param array<string, scalar|null> $parameters
|
||||
*/
|
||||
public function generateDownloadUrl(ReviewPack $pack): string
|
||||
public function generateDownloadUrl(ReviewPack $pack, array $parameters = []): string
|
||||
{
|
||||
$ttlMinutes = (int) config('tenantpilot.review_pack.download_url_ttl_minutes', 60);
|
||||
|
||||
return URL::signedRoute(
|
||||
'admin.review-packs.download',
|
||||
['reviewPack' => $pack->getKey()],
|
||||
array_merge(['reviewPack' => $pack->getKey()], $parameters),
|
||||
now()->addMinutes($ttlMinutes),
|
||||
);
|
||||
}
|
||||
@ -251,10 +253,22 @@ public function generateDownloadUrl(ReviewPack $pack): string
|
||||
*/
|
||||
public function reviewPackGenerationDecisionForTenant(Tenant $tenant): array
|
||||
{
|
||||
return $this->workspaceEntitlementResolver->resolve(
|
||||
$tenant->loadMissing('workspace');
|
||||
$decision = $this->workspaceCommercialLifecycleResolver->actionDecision(
|
||||
$tenant->workspace,
|
||||
WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED,
|
||||
WorkspaceCommercialLifecycleResolver::ACTION_REVIEW_PACK_START,
|
||||
);
|
||||
|
||||
$entitlementDecision = is_array($decision['entitlement_decision'] ?? null)
|
||||
? $decision['entitlement_decision']
|
||||
: [];
|
||||
|
||||
return $decision + [
|
||||
'effective_value' => $entitlementDecision['effective_value'] ?? null,
|
||||
'source' => $decision['source'] ?? null,
|
||||
'current_usage' => $entitlementDecision['current_usage'] ?? null,
|
||||
'remaining_capacity' => $entitlementDecision['remaining_capacity'] ?? null,
|
||||
];
|
||||
}
|
||||
|
||||
private function recordReviewPackRequestTelemetry(ReviewPack $reviewPack, User $user, string $sourceSurface): void
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
|
||||
namespace App\Services\Settings;
|
||||
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantSetting;
|
||||
use App\Models\User;
|
||||
@ -11,11 +12,14 @@
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\Auth\WorkspaceCapabilityResolver;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\Settings\SettingDefinition;
|
||||
use App\Support\Settings\SettingsRegistry;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
@ -33,27 +37,7 @@ public function updateWorkspaceSetting(User $actor, Workspace $workspace, string
|
||||
{
|
||||
$this->authorizeManage($actor, $workspace);
|
||||
|
||||
$definition = $this->requireDefinition($domain, $key);
|
||||
$normalizedValue = $this->validatedValue($definition, $value);
|
||||
|
||||
$existing = WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', $domain)
|
||||
->where('key', $key)
|
||||
->first();
|
||||
|
||||
$beforeValue = $existing instanceof WorkspaceSetting
|
||||
? $this->decodeStoredValue($existing->getAttribute('value'))
|
||||
: null;
|
||||
|
||||
$setting = WorkspaceSetting::query()->updateOrCreate([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => $domain,
|
||||
'key' => $key,
|
||||
], [
|
||||
'value' => $normalizedValue,
|
||||
'updated_by_user_id' => (int) $actor->getKey(),
|
||||
]);
|
||||
$result = $this->persistWorkspaceSetting($workspace, $domain, $key, $value, (int) $actor->getKey());
|
||||
|
||||
$this->resolver->clearCache();
|
||||
|
||||
@ -67,7 +51,7 @@ public function updateWorkspaceSetting(User $actor, Workspace $workspace, string
|
||||
'scope' => 'workspace',
|
||||
'domain' => $domain,
|
||||
'key' => $key,
|
||||
'before_value' => $beforeValue,
|
||||
'before_value' => $result['before_value'],
|
||||
'after_value' => $afterValue,
|
||||
],
|
||||
],
|
||||
@ -76,7 +60,79 @@ public function updateWorkspaceSetting(User $actor, Workspace $workspace, string
|
||||
resourceId: $domain.'.'.$key,
|
||||
);
|
||||
|
||||
return $setting;
|
||||
return $result['setting'];
|
||||
}
|
||||
|
||||
public function updateWorkspaceCommercialLifecycle(
|
||||
PlatformUser $actor,
|
||||
Workspace $workspace,
|
||||
string $state,
|
||||
string $reason,
|
||||
): void {
|
||||
$state = strtolower(trim($state));
|
||||
$reason = trim($reason);
|
||||
|
||||
if (! $actor->hasCapability(PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE)) {
|
||||
throw new AuthorizationException('Missing commercial lifecycle manage capability.');
|
||||
}
|
||||
|
||||
if ($reason === '') {
|
||||
throw ValidationException::withMessages([
|
||||
'reason' => ['A rationale is required when changing commercial lifecycle state.'],
|
||||
]);
|
||||
}
|
||||
|
||||
DB::transaction(function () use ($actor, $workspace, $state, $reason): void {
|
||||
$stateResult = $this->persistWorkspaceSetting(
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceCommercialLifecycleResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
value: $state,
|
||||
updatedByUserId: null,
|
||||
);
|
||||
|
||||
$reasonResult = $this->persistWorkspaceSetting(
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceCommercialLifecycleResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_REASON,
|
||||
value: $reason,
|
||||
updatedByUserId: null,
|
||||
);
|
||||
|
||||
$this->resolver->clearCache();
|
||||
|
||||
$afterState = $this->resolver->resolveValue(
|
||||
$workspace,
|
||||
WorkspaceCommercialLifecycleResolver::SETTING_DOMAIN,
|
||||
WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
);
|
||||
|
||||
$afterReason = $this->resolver->resolveValue(
|
||||
$workspace,
|
||||
WorkspaceCommercialLifecycleResolver::SETTING_DOMAIN,
|
||||
WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_REASON,
|
||||
);
|
||||
|
||||
$this->auditLogger->log(
|
||||
workspace: $workspace,
|
||||
action: AuditActionId::WorkspaceSettingUpdated->value,
|
||||
context: [
|
||||
'metadata' => [
|
||||
'scope' => 'workspace',
|
||||
'domain' => WorkspaceCommercialLifecycleResolver::SETTING_DOMAIN,
|
||||
'key' => WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
'before_state' => $stateResult['before_value'],
|
||||
'after_state' => $afterState,
|
||||
'before_reason' => $reasonResult['before_value'],
|
||||
'after_reason' => $afterReason,
|
||||
],
|
||||
],
|
||||
actor: $actor,
|
||||
resourceType: 'workspace_setting',
|
||||
resourceId: WorkspaceCommercialLifecycleResolver::SETTING_DOMAIN.'.'.WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
targetLabel: 'Commercial lifecycle state',
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
public function resetWorkspaceSetting(User $actor, Workspace $workspace, string $domain, string $key): void
|
||||
@ -174,6 +230,39 @@ private function requireDefinition(string $domain, string $key): SettingDefiniti
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{setting: WorkspaceSetting, before_value: mixed}
|
||||
*/
|
||||
private function persistWorkspaceSetting(Workspace $workspace, string $domain, string $key, mixed $value, ?int $updatedByUserId): array
|
||||
{
|
||||
$definition = $this->requireDefinition($domain, $key);
|
||||
$normalizedValue = $this->validatedValue($definition, $value);
|
||||
|
||||
$existing = WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', $domain)
|
||||
->where('key', $key)
|
||||
->first();
|
||||
|
||||
$beforeValue = $existing instanceof WorkspaceSetting
|
||||
? $this->decodeStoredValue($existing->getAttribute('value'))
|
||||
: null;
|
||||
|
||||
$setting = WorkspaceSetting::query()->updateOrCreate([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => $domain,
|
||||
'key' => $key,
|
||||
], [
|
||||
'value' => $normalizedValue,
|
||||
'updated_by_user_id' => $updatedByUserId,
|
||||
]);
|
||||
|
||||
return [
|
||||
'setting' => $setting,
|
||||
'before_value' => $beforeValue,
|
||||
];
|
||||
}
|
||||
|
||||
private function validatedValue(SettingDefinition $definition, mixed $value): mixed
|
||||
{
|
||||
$validator = Validator::make(
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
use App\Services\Auth\RoleCapabilityMap;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
final class TenantReviewRegisterService
|
||||
{
|
||||
@ -43,6 +44,55 @@ public function query(User $user, Workspace $workspace): Builder
|
||||
->latest('id');
|
||||
}
|
||||
|
||||
public function latestPublishedQuery(User $user, Workspace $workspace): Builder
|
||||
{
|
||||
$tenantIds = array_keys($this->authorizedTenants($user, $workspace));
|
||||
|
||||
$rankedReviews = TenantReview::query()
|
||||
->select([
|
||||
'tenant_reviews.id',
|
||||
'tenant_reviews.tenant_id',
|
||||
'tenant_reviews.published_at',
|
||||
'tenant_reviews.generated_at',
|
||||
])
|
||||
->selectRaw('ROW_NUMBER() OVER (PARTITION BY tenant_id ORDER BY published_at DESC, generated_at DESC, id DESC) as rn')
|
||||
->forWorkspace((int) $workspace->getKey())
|
||||
->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->published();
|
||||
|
||||
$latestPublishedIds = DB::query()
|
||||
->fromSub($rankedReviews, 'ranked_tenant_reviews')
|
||||
->where('rn', 1)
|
||||
->select('id');
|
||||
|
||||
return TenantReview::query()
|
||||
->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
|
||||
->forWorkspace((int) $workspace->getKey())
|
||||
->whereIn('tenant_reviews.id', $latestPublishedIds)
|
||||
->orderByDesc('published_at')
|
||||
->orderByDesc('generated_at')
|
||||
->orderByDesc('id');
|
||||
}
|
||||
|
||||
public function customerWorkspaceTenantQuery(User $user, Workspace $workspace): Builder
|
||||
{
|
||||
$tenantIds = array_keys($this->authorizedTenants($user, $workspace));
|
||||
|
||||
return Tenant::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->whereIn('id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->with([
|
||||
'tenantReviews' => fn ($query) => $query
|
||||
->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
|
||||
->published()
|
||||
->orderByDesc('published_at')
|
||||
->orderByDesc('generated_at')
|
||||
->orderByDesc('id')
|
||||
->limit(1),
|
||||
])
|
||||
->orderBy('name');
|
||||
}
|
||||
|
||||
public function canAccessWorkspace(User $user, Workspace $workspace): bool
|
||||
{
|
||||
return WorkspaceMembership::query()
|
||||
|
||||
27
apps/platform/app/Support/Ai/AiDataClassification.php
Normal file
27
apps/platform/app/Support/Ai/AiDataClassification.php
Normal file
@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiDataClassification: string
|
||||
{
|
||||
case ProductKnowledge = 'product_knowledge';
|
||||
case OperationalMetadata = 'operational_metadata';
|
||||
case RedactedSupportSummary = 'redacted_support_summary';
|
||||
case PersonalData = 'personal_data';
|
||||
case CustomerConfidential = 'customer_confidential';
|
||||
case RawProviderPayload = 'raw_provider_payload';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::ProductKnowledge => 'Product knowledge',
|
||||
self::OperationalMetadata => 'Operational metadata',
|
||||
self::RedactedSupportSummary => 'Redacted support summary',
|
||||
self::PersonalData => 'Personal data',
|
||||
self::CustomerConfidential => 'Customer confidential',
|
||||
self::RawProviderPayload => 'Raw provider payload',
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
final class AiDecisionAuditMetadataFactory
|
||||
{
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function make(AiExecutionRequest $request, AiExecutionDecision $decision): array
|
||||
{
|
||||
return array_filter([
|
||||
'use_case_key' => $decision->useCaseKey,
|
||||
'decision_outcome' => $decision->outcome,
|
||||
'decision_reason' => $decision->reasonCode->value,
|
||||
'workspace_ai_policy_mode' => $decision->workspaceAiPolicyMode,
|
||||
'requested_provider_class' => $decision->requestedProviderClass,
|
||||
'data_classifications' => $decision->dataClassifications,
|
||||
'source_family' => $decision->sourceFamily,
|
||||
'workspace_id' => $request->workspace?->getKey(),
|
||||
'tenant_id' => $request->tenant?->getKey(),
|
||||
'context_fingerprint' => $this->normalizedFingerprint($request->contextFingerprint),
|
||||
'matched_operational_control_scope' => $decision->matchedOperationalControlScope,
|
||||
], static fn (mixed $value): bool => $value !== null);
|
||||
}
|
||||
|
||||
private function normalizedFingerprint(?string $contextFingerprint): ?string
|
||||
{
|
||||
if (! is_string($contextFingerprint)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim($contextFingerprint);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
}
|
||||
}
|
||||
18
apps/platform/app/Support/Ai/AiDecisionReasonCode.php
Normal file
18
apps/platform/app/Support/Ai/AiDecisionReasonCode.php
Normal file
@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiDecisionReasonCode: string
|
||||
{
|
||||
case Allowed = 'allowed';
|
||||
case MissingWorkspaceContext = 'missing_workspace_context';
|
||||
case TenantOutsideWorkspace = 'tenant_outside_workspace';
|
||||
case OperationalControlPaused = 'operational_control_paused';
|
||||
case WorkspacePolicyDisabled = 'workspace_policy_disabled';
|
||||
case UnregisteredUseCase = 'unregistered_use_case';
|
||||
case ProviderClassBlocked = 'provider_class_blocked';
|
||||
case DataClassificationBlocked = 'data_classification_blocked';
|
||||
case SourceFamilyMismatch = 'source_family_mismatch';
|
||||
}
|
||||
37
apps/platform/app/Support/Ai/AiExecutionDecision.php
Normal file
37
apps/platform/app/Support/Ai/AiExecutionDecision.php
Normal file
@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
use App\Support\Audit\AuditActionId;
|
||||
|
||||
final readonly class AiExecutionDecision
|
||||
{
|
||||
/**
|
||||
* @param list<string> $dataClassifications
|
||||
* @param array<string, mixed> $auditMetadata
|
||||
*/
|
||||
public function __construct(
|
||||
public string $outcome,
|
||||
public AiDecisionReasonCode $reasonCode,
|
||||
public string $workspaceAiPolicyMode,
|
||||
public ?string $matchedOperationalControlScope,
|
||||
public string $useCaseKey,
|
||||
public string $requestedProviderClass,
|
||||
public array $dataClassifications,
|
||||
public string $sourceFamily,
|
||||
public AuditActionId $auditAction,
|
||||
public array $auditMetadata,
|
||||
) {}
|
||||
|
||||
public function isAllowed(): bool
|
||||
{
|
||||
return $this->outcome === 'allowed';
|
||||
}
|
||||
|
||||
public function isBlocked(): bool
|
||||
{
|
||||
return $this->outcome === 'blocked';
|
||||
}
|
||||
}
|
||||
28
apps/platform/app/Support/Ai/AiExecutionRequest.php
Normal file
28
apps/platform/app/Support/Ai/AiExecutionRequest.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
|
||||
final readonly class AiExecutionRequest
|
||||
{
|
||||
/**
|
||||
* @param list<string> $dataClassifications
|
||||
*/
|
||||
public function __construct(
|
||||
public ?Workspace $workspace,
|
||||
public ?Tenant $tenant,
|
||||
public User|PlatformUser|null $actor,
|
||||
public string $useCaseKey,
|
||||
public string $requestedProviderClass,
|
||||
public array $dataClassifications,
|
||||
public string $sourceFamily,
|
||||
public ?string $callerSurface = null,
|
||||
public ?string $contextFingerprint = null,
|
||||
) {}
|
||||
}
|
||||
43
apps/platform/app/Support/Ai/AiPolicyMode.php
Normal file
43
apps/platform/app/Support/Ai/AiPolicyMode.php
Normal file
@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiPolicyMode: string
|
||||
{
|
||||
case Disabled = 'disabled';
|
||||
case PrivateOnly = 'private_only';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::Disabled => 'Disabled',
|
||||
self::PrivateOnly => 'Private only',
|
||||
};
|
||||
}
|
||||
|
||||
public function summary(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::Disabled => 'No AI execution is allowed for this workspace.',
|
||||
self::PrivateOnly => 'Only approved internal drafts may use private-only AI for approved use cases.',
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public static function optionLabels(): array
|
||||
{
|
||||
return array_reduce(
|
||||
self::cases(),
|
||||
static function (array $labels, self $mode): array {
|
||||
$labels[$mode->value] = $mode->label();
|
||||
|
||||
return $labels;
|
||||
},
|
||||
[],
|
||||
);
|
||||
}
|
||||
}
|
||||
19
apps/platform/app/Support/Ai/AiProviderClass.php
Normal file
19
apps/platform/app/Support/Ai/AiProviderClass.php
Normal file
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiProviderClass: string
|
||||
{
|
||||
case LocalPrivate = 'local_private';
|
||||
case ExternalPublic = 'external_public';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::LocalPrivate => 'Local private',
|
||||
self::ExternalPublic => 'External public',
|
||||
};
|
||||
}
|
||||
}
|
||||
126
apps/platform/app/Support/Ai/AiUseCaseCatalog.php
Normal file
126
apps/platform/app/Support/Ai/AiUseCaseCatalog.php
Normal file
@ -0,0 +1,126 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
final class AiUseCaseCatalog
|
||||
{
|
||||
/**
|
||||
* @var array<string, array{
|
||||
* key: string,
|
||||
* label: string,
|
||||
* future_consumer: string,
|
||||
* visibility: string,
|
||||
* allowed_provider_classes: list<string>,
|
||||
* allowed_data_classifications: list<string>,
|
||||
* source_family: string,
|
||||
* tenant_context_permitted: bool
|
||||
* }>
|
||||
*/
|
||||
private const USE_CASES = [
|
||||
'product_knowledge.answer_draft' => [
|
||||
'key' => 'product_knowledge.answer_draft',
|
||||
'label' => 'Product knowledge answer draft',
|
||||
'future_consumer' => 'ContextualHelpResolver',
|
||||
'visibility' => 'internal_only_draft',
|
||||
'allowed_provider_classes' => [AiProviderClass::LocalPrivate->value],
|
||||
'allowed_data_classifications' => [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
'source_family' => 'product_knowledge',
|
||||
'tenant_context_permitted' => false,
|
||||
],
|
||||
'support_diagnostics.summary_draft' => [
|
||||
'key' => 'support_diagnostics.summary_draft',
|
||||
'label' => 'Support diagnostics summary draft',
|
||||
'future_consumer' => 'SupportDiagnosticBundleBuilder',
|
||||
'visibility' => 'internal_only_draft',
|
||||
'allowed_provider_classes' => [AiProviderClass::LocalPrivate->value],
|
||||
'allowed_data_classifications' => [AiDataClassification::RedactedSupportSummary->value],
|
||||
'source_family' => 'support_diagnostics',
|
||||
'tenant_context_permitted' => true,
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
* @return list<array{
|
||||
* key: string,
|
||||
* label: string,
|
||||
* future_consumer: string,
|
||||
* visibility: string,
|
||||
* allowed_provider_classes: list<string>,
|
||||
* allowed_data_classifications: list<string>,
|
||||
* source_family: string,
|
||||
* tenant_context_permitted: bool
|
||||
* }>
|
||||
*/
|
||||
public function all(): array
|
||||
{
|
||||
return array_values(self::USE_CASES);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* key: string,
|
||||
* label: string,
|
||||
* future_consumer: string,
|
||||
* visibility: string,
|
||||
* allowed_provider_classes: list<string>,
|
||||
* allowed_data_classifications: list<string>,
|
||||
* source_family: string,
|
||||
* tenant_context_permitted: bool
|
||||
* }|null
|
||||
*/
|
||||
public function find(string $key): ?array
|
||||
{
|
||||
return self::USE_CASES[$key] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public function labels(): array
|
||||
{
|
||||
return array_map(
|
||||
static fn (array $definition): string => $definition['label'],
|
||||
$this->all(),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public function allowedProviderClassLabelsForMode(AiPolicyMode $mode): array
|
||||
{
|
||||
if ($mode === AiPolicyMode::Disabled) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$labels = [];
|
||||
|
||||
foreach ($this->all() as $definition) {
|
||||
foreach ($definition['allowed_provider_classes'] as $providerClass) {
|
||||
$labels[$providerClass] = AiProviderClass::from($providerClass)->label();
|
||||
}
|
||||
}
|
||||
|
||||
return array_values($labels);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public function blockedDataClassificationLabels(): array
|
||||
{
|
||||
return array_map(
|
||||
static fn (AiDataClassification $classification): string => $classification->label(),
|
||||
[
|
||||
AiDataClassification::PersonalData,
|
||||
AiDataClassification::CustomerConfidential,
|
||||
AiDataClassification::RawProviderPayload,
|
||||
],
|
||||
);
|
||||
}
|
||||
}
|
||||
181
apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php
Normal file
181
apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php
Normal file
@ -0,0 +1,181 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\OperationalControls\OperationalControlEvaluator;
|
||||
|
||||
final class GovernedAiExecutionBoundary
|
||||
{
|
||||
public function __construct(
|
||||
private readonly AiUseCaseCatalog $useCaseCatalog,
|
||||
private readonly SettingsResolver $settingsResolver,
|
||||
private readonly OperationalControlEvaluator $operationalControls,
|
||||
private readonly AiDecisionAuditMetadataFactory $auditMetadataFactory,
|
||||
private readonly WorkspaceAuditLogger $workspaceAuditLogger,
|
||||
) {}
|
||||
|
||||
public function evaluate(AiExecutionRequest $request): AiExecutionDecision
|
||||
{
|
||||
$decision = $this->decisionFor($request);
|
||||
$metadata = $this->auditMetadataFactory->make($request, $decision);
|
||||
|
||||
$decision = new AiExecutionDecision(
|
||||
outcome: $decision->outcome,
|
||||
reasonCode: $decision->reasonCode,
|
||||
workspaceAiPolicyMode: $decision->workspaceAiPolicyMode,
|
||||
matchedOperationalControlScope: $decision->matchedOperationalControlScope,
|
||||
useCaseKey: $decision->useCaseKey,
|
||||
requestedProviderClass: $decision->requestedProviderClass,
|
||||
dataClassifications: $decision->dataClassifications,
|
||||
sourceFamily: $decision->sourceFamily,
|
||||
auditAction: $decision->auditAction,
|
||||
auditMetadata: $metadata,
|
||||
);
|
||||
|
||||
if ($request->workspace !== null) {
|
||||
$definition = $this->useCaseCatalog->find($request->useCaseKey);
|
||||
|
||||
$this->workspaceAuditLogger->log(
|
||||
workspace: $request->workspace,
|
||||
action: $decision->auditAction,
|
||||
context: ['metadata' => $decision->auditMetadata],
|
||||
actor: $request->actor,
|
||||
status: $decision->isAllowed() ? 'success' : 'blocked',
|
||||
resourceType: 'ai_use_case',
|
||||
resourceId: $request->useCaseKey,
|
||||
targetLabel: $definition['label'] ?? $request->useCaseKey,
|
||||
summary: 'AI execution decision evaluated',
|
||||
tenant: $request->tenant,
|
||||
);
|
||||
}
|
||||
|
||||
return $decision;
|
||||
}
|
||||
|
||||
private function decisionFor(AiExecutionRequest $request): AiExecutionDecision
|
||||
{
|
||||
if ($request->workspace === null) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::MissingWorkspaceContext,
|
||||
workspaceAiPolicyMode: AiPolicyMode::Disabled->value,
|
||||
);
|
||||
}
|
||||
|
||||
if ($request->tenant !== null && (int) $request->tenant->workspace_id !== (int) $request->workspace->getKey()) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::TenantOutsideWorkspace,
|
||||
workspaceAiPolicyMode: AiPolicyMode::Disabled->value,
|
||||
);
|
||||
}
|
||||
|
||||
$controlDecision = $this->operationalControls->evaluate('ai.execution', $request->workspace);
|
||||
|
||||
if ($controlDecision->isPaused()) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::OperationalControlPaused,
|
||||
workspaceAiPolicyMode: $this->resolvedPolicyMode($request),
|
||||
matchedOperationalControlScope: $controlDecision->matchedScopeType,
|
||||
);
|
||||
}
|
||||
|
||||
$policyMode = $this->resolvedPolicyMode($request);
|
||||
|
||||
if ($policyMode === AiPolicyMode::Disabled->value) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::WorkspacePolicyDisabled,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
$definition = $this->useCaseCatalog->find($request->useCaseKey);
|
||||
|
||||
if ($definition === null) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::UnregisteredUseCase,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
if ($definition['source_family'] !== $request->sourceFamily) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::SourceFamilyMismatch,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
if (! in_array($request->requestedProviderClass, $definition['allowed_provider_classes'], true)) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::ProviderClassBlocked,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
foreach ($request->dataClassifications as $classification) {
|
||||
if (! in_array($classification, $definition['allowed_data_classifications'], true)) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::DataClassificationBlocked,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return new AiExecutionDecision(
|
||||
outcome: 'allowed',
|
||||
reasonCode: AiDecisionReasonCode::Allowed,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
matchedOperationalControlScope: null,
|
||||
useCaseKey: $request->useCaseKey,
|
||||
requestedProviderClass: $request->requestedProviderClass,
|
||||
dataClassifications: $request->dataClassifications,
|
||||
sourceFamily: $request->sourceFamily,
|
||||
auditAction: AuditActionId::AiExecutionDecisionEvaluated,
|
||||
auditMetadata: [],
|
||||
);
|
||||
}
|
||||
|
||||
private function resolvedPolicyMode(AiExecutionRequest $request): string
|
||||
{
|
||||
if ($request->workspace === null) {
|
||||
return AiPolicyMode::Disabled->value;
|
||||
}
|
||||
|
||||
$resolved = $this->settingsResolver->resolveValue($request->workspace, 'ai', 'policy_mode');
|
||||
|
||||
return is_string($resolved) && $resolved !== ''
|
||||
? $resolved
|
||||
: AiPolicyMode::Disabled->value;
|
||||
}
|
||||
|
||||
private function blockedDecision(
|
||||
AiExecutionRequest $request,
|
||||
AiDecisionReasonCode $reasonCode,
|
||||
string $workspaceAiPolicyMode,
|
||||
?string $matchedOperationalControlScope = null,
|
||||
): AiExecutionDecision {
|
||||
return new AiExecutionDecision(
|
||||
outcome: 'blocked',
|
||||
reasonCode: $reasonCode,
|
||||
workspaceAiPolicyMode: $workspaceAiPolicyMode,
|
||||
matchedOperationalControlScope: $matchedOperationalControlScope,
|
||||
useCaseKey: $request->useCaseKey,
|
||||
requestedProviderClass: $request->requestedProviderClass,
|
||||
dataClassifications: $request->dataClassifications,
|
||||
sourceFamily: $request->sourceFamily,
|
||||
auditAction: AuditActionId::AiExecutionDecisionEvaluated,
|
||||
auditMetadata: [],
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -94,13 +94,16 @@ enum AuditActionId: string
|
||||
case TenantReviewRefreshed = 'tenant_review.refreshed';
|
||||
case TenantReviewPublished = 'tenant_review.published';
|
||||
case TenantReviewArchived = 'tenant_review.archived';
|
||||
case TenantReviewOpened = 'tenant_review.opened';
|
||||
case TenantReviewExported = 'tenant_review.exported';
|
||||
case TenantReviewSuccessorCreated = 'tenant_review.successor_created';
|
||||
case ReviewPackDownloaded = 'review_pack.downloaded';
|
||||
case TenantTriageReviewMarkedReviewed = 'tenant_triage_review.marked_reviewed';
|
||||
case TenantTriageReviewMarkedFollowUpNeeded = 'tenant_triage_review.marked_follow_up_needed';
|
||||
|
||||
case SupportDiagnosticsOpened = 'support_diagnostics.opened';
|
||||
case SupportRequestCreated = 'support_request.created';
|
||||
case AiExecutionDecisionEvaluated = 'ai_execution.decision_evaluated';
|
||||
case OperationalControlPaused = 'operational_control.paused';
|
||||
case OperationalControlUpdated = 'operational_control.updated';
|
||||
case OperationalControlResumed = 'operational_control.resumed';
|
||||
@ -237,12 +240,15 @@ private static function labels(): array
|
||||
self::TenantReviewRefreshed->value => 'Tenant review refreshed',
|
||||
self::TenantReviewPublished->value => 'Tenant review published',
|
||||
self::TenantReviewArchived->value => 'Tenant review archived',
|
||||
self::TenantReviewOpened->value => 'Tenant review opened',
|
||||
self::TenantReviewExported->value => 'Tenant review exported',
|
||||
self::TenantReviewSuccessorCreated->value => 'Tenant review next cycle created',
|
||||
self::ReviewPackDownloaded->value => 'Review pack downloaded',
|
||||
self::TenantTriageReviewMarkedReviewed->value => 'Triage review marked reviewed',
|
||||
self::TenantTriageReviewMarkedFollowUpNeeded->value => 'Triage review marked follow-up needed',
|
||||
self::SupportDiagnosticsOpened->value => 'Support diagnostics opened',
|
||||
self::SupportRequestCreated->value => 'Support request created',
|
||||
self::AiExecutionDecisionEvaluated->value => 'AI execution decision evaluated',
|
||||
self::OperationalControlPaused->value => 'Operational control paused',
|
||||
self::OperationalControlUpdated->value => 'Operational control updated',
|
||||
self::OperationalControlResumed->value => 'Operational control resumed',
|
||||
@ -326,10 +332,13 @@ private static function summaries(): array
|
||||
self::TenantReviewRefreshed->value => 'Tenant review refreshed',
|
||||
self::TenantReviewPublished->value => 'Tenant review published',
|
||||
self::TenantReviewArchived->value => 'Tenant review archived',
|
||||
self::TenantReviewOpened->value => 'Tenant review opened',
|
||||
self::TenantReviewExported->value => 'Tenant review exported',
|
||||
self::TenantReviewSuccessorCreated->value => 'Tenant review next cycle created',
|
||||
self::ReviewPackDownloaded->value => 'Review pack downloaded',
|
||||
self::SupportDiagnosticsOpened->value => 'Support diagnostics opened',
|
||||
self::SupportRequestCreated->value => 'Support request created',
|
||||
self::AiExecutionDecisionEvaluated->value => 'AI execution decision evaluated',
|
||||
self::OperationalControlPaused->value => 'Operational control paused',
|
||||
self::OperationalControlUpdated->value => 'Operational control updated',
|
||||
self::OperationalControlResumed->value => 'Operational control resumed',
|
||||
|
||||
@ -18,6 +18,8 @@ class PlatformCapabilities
|
||||
|
||||
public const DIRECTORY_VIEW = 'platform.directory.view';
|
||||
|
||||
public const COMMERCIAL_LIFECYCLE_MANAGE = 'platform.commercial_lifecycle.manage';
|
||||
|
||||
public const OPERATIONS_VIEW = 'platform.operations.view';
|
||||
|
||||
public const OPERATIONS_MANAGE = 'platform.operations.manage';
|
||||
|
||||
@ -57,6 +57,7 @@ final class BadgeCatalog
|
||||
BadgeDomain::BaselineProfileStatus->value => Domains\BaselineProfileStatusBadge::class,
|
||||
BadgeDomain::FindingType->value => Domains\FindingTypeBadge::class,
|
||||
BadgeDomain::ReviewPackStatus->value => Domains\ReviewPackStatusBadge::class,
|
||||
BadgeDomain::CommercialLifecycleState->value => Domains\CommercialLifecycleStateBadge::class,
|
||||
BadgeDomain::EvidenceSnapshotStatus->value => Domains\EvidenceSnapshotStatusBadge::class,
|
||||
BadgeDomain::EvidenceCompleteness->value => Domains\EvidenceCompletenessBadge::class,
|
||||
BadgeDomain::TenantReviewStatus->value => Domains\TenantReviewStatusBadge::class,
|
||||
|
||||
@ -48,6 +48,7 @@ enum BadgeDomain: string
|
||||
case BaselineProfileStatus = 'baseline_profile_status';
|
||||
case FindingType = 'finding_type';
|
||||
case ReviewPackStatus = 'review_pack_status';
|
||||
case CommercialLifecycleState = 'commercial_lifecycle_state';
|
||||
case EvidenceSnapshotStatus = 'evidence_snapshot_status';
|
||||
case EvidenceCompleteness = 'evidence_completeness';
|
||||
case TenantReviewStatus = 'tenant_review_status';
|
||||
|
||||
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Badges\Domains;
|
||||
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Support\Badges\BadgeCatalog;
|
||||
use App\Support\Badges\BadgeMapper;
|
||||
use App\Support\Badges\BadgeSpec;
|
||||
|
||||
final class CommercialLifecycleStateBadge implements BadgeMapper
|
||||
{
|
||||
public function spec(mixed $value): BadgeSpec
|
||||
{
|
||||
$state = BadgeCatalog::normalizeState($value);
|
||||
|
||||
return match ($state) {
|
||||
WorkspaceCommercialLifecycleResolver::STATE_TRIAL => new BadgeSpec('Trial', 'info', 'heroicon-m-clock'),
|
||||
WorkspaceCommercialLifecycleResolver::STATE_GRACE => new BadgeSpec('Grace', 'warning', 'heroicon-m-exclamation-triangle'),
|
||||
WorkspaceCommercialLifecycleResolver::STATE_ACTIVE_PAID => new BadgeSpec('Active paid', 'success', 'heroicon-m-check-circle'),
|
||||
WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY => new BadgeSpec('Suspended / read-only', 'danger', 'heroicon-m-lock-closed'),
|
||||
default => BadgeSpec::unknown(),
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,888 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\GovernanceInbox;
|
||||
|
||||
use App\Filament\Pages\Findings\FindingsIntakeQueue;
|
||||
use App\Filament\Pages\Findings\MyFindingsInbox;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\AlertDeliveryResource;
|
||||
use App\Filament\Resources\FindingExceptionResource;
|
||||
use App\Filament\Resources\FindingResource;
|
||||
use App\Filament\Resources\TenantResource;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\AlertDelivery;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantTriageReview;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\TenantReviews\TenantReviewRegisterService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\BackupHealth\TenantBackupHealthAssessment;
|
||||
use App\Support\BackupHealth\TenantBackupHealthResolver;
|
||||
use App\Support\Navigation\CanonicalNavigationContext;
|
||||
use App\Support\OperationRunLinks;
|
||||
use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
|
||||
use App\Support\PortfolioTriage\TenantTriageReviewStateResolver;
|
||||
use App\Support\RestoreSafety\RestoreSafetyResolver;
|
||||
use App\Support\Tenants\TenantRecoveryTriagePresentation;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
final readonly class GovernanceInboxSectionBuilder
|
||||
{
|
||||
private const PREVIEW_LIMIT = 3;
|
||||
|
||||
/**
|
||||
* @var list<string>
|
||||
*/
|
||||
private const FAMILY_ORDER = [
|
||||
'assigned_findings',
|
||||
'intake_findings',
|
||||
'stale_operations',
|
||||
'alert_delivery_failures',
|
||||
'review_follow_up',
|
||||
];
|
||||
|
||||
public function __construct(
|
||||
private TenantBackupHealthResolver $backupHealthResolver,
|
||||
private RestoreSafetyResolver $restoreSafetyResolver,
|
||||
private TenantTriageReviewStateResolver $tenantTriageReviewStateResolver,
|
||||
private TenantReviewRegisterService $tenantReviewRegisterService,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
* @param array<int, Tenant> $visibleFindingTenants
|
||||
* @param array<int, Tenant> $reviewTenants
|
||||
* @return array{
|
||||
* sections: list<array<string, mixed>>,
|
||||
* available_families: list<array{key: string, label: string, count: int}>,
|
||||
* family_counts: array<string, int>,
|
||||
* total_count: int,
|
||||
* }
|
||||
*/
|
||||
public function build(
|
||||
User $user,
|
||||
Workspace $workspace,
|
||||
array $authorizedTenants,
|
||||
array $visibleFindingTenants,
|
||||
array $reviewTenants,
|
||||
bool $canViewAlerts,
|
||||
?Tenant $selectedTenant = null,
|
||||
?string $selectedFamily = null,
|
||||
?CanonicalNavigationContext $navigationContext = null,
|
||||
): array {
|
||||
$authorizedTenantsById = $this->indexTenants($authorizedTenants);
|
||||
$visibleFindingTenantsById = $this->indexTenants($visibleFindingTenants);
|
||||
$reviewTenantsById = $this->indexTenants($reviewTenants);
|
||||
|
||||
$allSections = [];
|
||||
$availableFamilies = [];
|
||||
$familyCounts = [];
|
||||
|
||||
if ($visibleFindingTenantsById !== []) {
|
||||
$assignedSection = $this->assignedFindingsSection(
|
||||
user: $user,
|
||||
visibleFindingTenants: $visibleFindingTenantsById,
|
||||
selectedTenant: $selectedTenant,
|
||||
navigationContext: $navigationContext,
|
||||
);
|
||||
$allSections[$assignedSection['key']] = $assignedSection;
|
||||
$availableFamilies[] = [
|
||||
'key' => $assignedSection['key'],
|
||||
'label' => $assignedSection['label'],
|
||||
'count' => $assignedSection['count'],
|
||||
];
|
||||
$familyCounts[$assignedSection['key']] = $assignedSection['count'];
|
||||
|
||||
$intakeSection = $this->intakeFindingsSection(
|
||||
visibleFindingTenants: $visibleFindingTenantsById,
|
||||
selectedTenant: $selectedTenant,
|
||||
navigationContext: $navigationContext,
|
||||
);
|
||||
$allSections[$intakeSection['key']] = $intakeSection;
|
||||
$availableFamilies[] = [
|
||||
'key' => $intakeSection['key'],
|
||||
'label' => $intakeSection['label'],
|
||||
'count' => $intakeSection['count'],
|
||||
];
|
||||
$familyCounts[$intakeSection['key']] = $intakeSection['count'];
|
||||
}
|
||||
|
||||
if ($authorizedTenantsById !== []) {
|
||||
$operationsSection = $this->operationsSection(
|
||||
workspace: $workspace,
|
||||
authorizedTenants: $authorizedTenantsById,
|
||||
selectedTenant: $selectedTenant,
|
||||
navigationContext: $navigationContext,
|
||||
);
|
||||
$allSections[$operationsSection['key']] = $operationsSection;
|
||||
$availableFamilies[] = [
|
||||
'key' => $operationsSection['key'],
|
||||
'label' => $operationsSection['label'],
|
||||
'count' => $operationsSection['count'],
|
||||
];
|
||||
$familyCounts[$operationsSection['key']] = $operationsSection['count'];
|
||||
}
|
||||
|
||||
if ($canViewAlerts) {
|
||||
$alertsSection = $this->alertsSection(
|
||||
workspace: $workspace,
|
||||
authorizedTenants: $authorizedTenantsById,
|
||||
selectedTenant: $selectedTenant,
|
||||
navigationContext: $navigationContext,
|
||||
);
|
||||
$allSections[$alertsSection['key']] = $alertsSection;
|
||||
$availableFamilies[] = [
|
||||
'key' => $alertsSection['key'],
|
||||
'label' => $alertsSection['label'],
|
||||
'count' => $alertsSection['count'],
|
||||
];
|
||||
$familyCounts[$alertsSection['key']] = $alertsSection['count'];
|
||||
}
|
||||
|
||||
if ($reviewTenantsById !== []) {
|
||||
$reviewSection = $this->reviewFollowUpSection(
|
||||
user: $user,
|
||||
workspace: $workspace,
|
||||
reviewTenants: $reviewTenantsById,
|
||||
selectedTenant: $selectedTenant,
|
||||
navigationContext: $navigationContext,
|
||||
);
|
||||
$allSections[$reviewSection['key']] = $reviewSection;
|
||||
$availableFamilies[] = [
|
||||
'key' => $reviewSection['key'],
|
||||
'label' => $reviewSection['label'],
|
||||
'count' => $reviewSection['count'],
|
||||
];
|
||||
$familyCounts[$reviewSection['key']] = $reviewSection['count'];
|
||||
}
|
||||
|
||||
$sections = [];
|
||||
|
||||
foreach (self::FAMILY_ORDER as $familyKey) {
|
||||
$section = $allSections[$familyKey] ?? null;
|
||||
|
||||
if (! is_array($section)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($selectedFamily !== null) {
|
||||
if ($familyKey === $selectedFamily) {
|
||||
$sections[] = $section;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((int) ($section['count'] ?? 0) > 0) {
|
||||
$sections[] = $section;
|
||||
}
|
||||
}
|
||||
|
||||
return [
|
||||
'sections' => $sections,
|
||||
'available_families' => $availableFamilies,
|
||||
'family_counts' => $familyCounts,
|
||||
'total_count' => array_sum($familyCounts),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $tenants
|
||||
* @return array<int, Tenant>
|
||||
*/
|
||||
private function indexTenants(array $tenants): array
|
||||
{
|
||||
$indexed = [];
|
||||
|
||||
foreach ($tenants as $tenant) {
|
||||
$indexed[(int) $tenant->getKey()] = $tenant;
|
||||
}
|
||||
|
||||
return $indexed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $visibleFindingTenants
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function assignedFindingsSection(
|
||||
User $user,
|
||||
array $visibleFindingTenants,
|
||||
?Tenant $selectedTenant,
|
||||
?CanonicalNavigationContext $navigationContext,
|
||||
): array {
|
||||
$baseQuery = $this->assignedFindingsQuery($user, $visibleFindingTenants, $selectedTenant);
|
||||
$count = (clone $baseQuery)->count();
|
||||
$overdueCount = (clone $baseQuery)
|
||||
->whereNotNull('due_at')
|
||||
->where('due_at', '<', now())
|
||||
->count();
|
||||
$entries = $this->orderedAssignedFindingsQuery(clone $baseQuery)
|
||||
->limit(self::PREVIEW_LIMIT)
|
||||
->get()
|
||||
->map(fn (Finding $finding): array => $this->findingEntry($finding, 'assigned_findings', $navigationContext, 10))
|
||||
->all();
|
||||
|
||||
return [
|
||||
'key' => 'assigned_findings',
|
||||
'label' => 'Assigned findings',
|
||||
'count' => $count,
|
||||
'summary' => $this->assignedFindingsSummary($count, $overdueCount),
|
||||
'dominant_action_label' => 'Open my findings',
|
||||
'dominant_action_url' => $this->appendQuery(
|
||||
MyFindingsInbox::getUrl(
|
||||
panel: 'admin',
|
||||
parameters: array_filter([
|
||||
'tenant' => $selectedTenant?->external_id,
|
||||
], static fn (mixed $value): bool => is_string($value) && $value !== ''),
|
||||
),
|
||||
$navigationContext?->toQuery() ?? [],
|
||||
),
|
||||
'entries' => $entries,
|
||||
'empty_state' => $selectedTenant instanceof Tenant
|
||||
? 'No assigned findings match this tenant filter right now.'
|
||||
: 'No assigned findings are visible right now.',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $visibleFindingTenants
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function intakeFindingsSection(
|
||||
array $visibleFindingTenants,
|
||||
?Tenant $selectedTenant,
|
||||
?CanonicalNavigationContext $navigationContext,
|
||||
): array {
|
||||
$baseQuery = $this->intakeFindingsQuery($visibleFindingTenants, $selectedTenant);
|
||||
$count = (clone $baseQuery)->count();
|
||||
$needsTriageCount = (clone $baseQuery)
|
||||
->whereIn('status', [Finding::STATUS_NEW, Finding::STATUS_REOPENED])
|
||||
->count();
|
||||
$entries = $this->orderedIntakeFindingsQuery(clone $baseQuery)
|
||||
->limit(self::PREVIEW_LIMIT)
|
||||
->get()
|
||||
->map(fn (Finding $finding): array => $this->findingEntry($finding, 'intake_findings', $navigationContext, 20))
|
||||
->all();
|
||||
|
||||
return [
|
||||
'key' => 'intake_findings',
|
||||
'label' => 'Findings intake',
|
||||
'count' => $count,
|
||||
'summary' => $this->intakeFindingsSummary($count, $needsTriageCount),
|
||||
'dominant_action_label' => 'Open findings intake',
|
||||
'dominant_action_url' => $this->appendQuery(
|
||||
FindingsIntakeQueue::getUrl(
|
||||
panel: 'admin',
|
||||
parameters: array_filter([
|
||||
'tenant' => $selectedTenant?->external_id,
|
||||
'view' => $needsTriageCount > 0 ? 'needs_triage' : null,
|
||||
], static fn (mixed $value): bool => $value !== null && $value !== ''),
|
||||
),
|
||||
$navigationContext?->toQuery() ?? [],
|
||||
),
|
||||
'entries' => $entries,
|
||||
'empty_state' => $selectedTenant instanceof Tenant
|
||||
? 'No intake findings match this tenant filter right now.'
|
||||
: 'No intake findings are visible right now.',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function operationsSection(
|
||||
Workspace $workspace,
|
||||
array $authorizedTenants,
|
||||
?Tenant $selectedTenant,
|
||||
?CanonicalNavigationContext $navigationContext,
|
||||
): array {
|
||||
$terminalQuery = $this->terminalOperationsQuery($workspace, $authorizedTenants, $selectedTenant);
|
||||
$staleQuery = $this->staleOperationsQuery($workspace, $authorizedTenants, $selectedTenant);
|
||||
$terminalCount = (clone $terminalQuery)->count();
|
||||
$staleCount = (clone $staleQuery)->count();
|
||||
$entries = array_merge(
|
||||
(clone $terminalQuery)->latest('completed_at')->latest('id')->limit(self::PREVIEW_LIMIT)->get()->all(),
|
||||
(clone $staleQuery)->latest('created_at')->latest('id')->limit(self::PREVIEW_LIMIT)->get()->all(),
|
||||
);
|
||||
$entries = collect($entries)
|
||||
->unique(fn (OperationRun $run): int => (int) $run->getKey())
|
||||
->sortBy([
|
||||
fn (OperationRun $run): int => $run->problemClass() === OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP ? 0 : 1,
|
||||
fn (OperationRun $run): int => -1 * (int) $run->getKey(),
|
||||
])
|
||||
->take(self::PREVIEW_LIMIT)
|
||||
->map(fn (OperationRun $run): array => $this->operationEntry($run, $navigationContext))
|
||||
->values()
|
||||
->all();
|
||||
$dominantProblemClass = $terminalCount > 0
|
||||
? OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP
|
||||
: OperationRun::PROBLEM_CLASS_ACTIVE_STALE_ATTENTION;
|
||||
|
||||
return [
|
||||
'key' => 'stale_operations',
|
||||
'label' => 'Operations follow-up',
|
||||
'count' => $terminalCount + $staleCount,
|
||||
'summary' => $this->operationsSummary($terminalCount, $staleCount),
|
||||
'dominant_action_label' => $terminalCount > 0 ? 'Open terminal follow-up' : 'Open stale operations',
|
||||
'dominant_action_url' => OperationRunLinks::index(
|
||||
tenant: $selectedTenant,
|
||||
context: $navigationContext,
|
||||
problemClass: $dominantProblemClass,
|
||||
),
|
||||
'entries' => $entries,
|
||||
'empty_state' => $selectedTenant instanceof Tenant
|
||||
? 'No stale or terminal follow-up operations match this tenant filter right now.'
|
||||
: 'No stale or terminal follow-up operations are visible right now.',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function alertsSection(
|
||||
Workspace $workspace,
|
||||
array $authorizedTenants,
|
||||
?Tenant $selectedTenant,
|
||||
?CanonicalNavigationContext $navigationContext,
|
||||
): array {
|
||||
$baseQuery = $this->alertsQuery($workspace, $authorizedTenants, $selectedTenant);
|
||||
$count = (clone $baseQuery)->count();
|
||||
$entries = (clone $baseQuery)
|
||||
->latest('created_at')
|
||||
->latest('id')
|
||||
->limit(self::PREVIEW_LIMIT)
|
||||
->get()
|
||||
->map(fn (AlertDelivery $delivery): array => $this->alertEntry($delivery, $navigationContext))
|
||||
->all();
|
||||
|
||||
return [
|
||||
'key' => 'alert_delivery_failures',
|
||||
'label' => 'Alert delivery failures',
|
||||
'count' => $count,
|
||||
'summary' => $this->alertsSummary($count),
|
||||
'dominant_action_label' => 'Open alert deliveries',
|
||||
'dominant_action_url' => $this->appendQuery(
|
||||
AlertDeliveryResource::getUrl(panel: 'admin'),
|
||||
array_replace_recursive(
|
||||
$navigationContext?->toQuery() ?? [],
|
||||
[
|
||||
'tableFilters' => array_filter([
|
||||
'status' => ['value' => AlertDelivery::STATUS_FAILED],
|
||||
'tenant_id' => $selectedTenant instanceof Tenant
|
||||
? ['value' => (string) $selectedTenant->getKey()]
|
||||
: null,
|
||||
], static fn (mixed $value): bool => $value !== null),
|
||||
],
|
||||
),
|
||||
),
|
||||
'entries' => $entries,
|
||||
'empty_state' => $selectedTenant instanceof Tenant
|
||||
? 'No failed alert deliveries match this tenant filter right now.'
|
||||
: 'No failed alert deliveries are visible right now.',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $reviewTenants
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function reviewFollowUpSection(
|
||||
User $user,
|
||||
Workspace $workspace,
|
||||
array $reviewTenants,
|
||||
?Tenant $selectedTenant,
|
||||
?CanonicalNavigationContext $navigationContext,
|
||||
): array {
|
||||
$tenantIds = $selectedTenant instanceof Tenant
|
||||
? [(int) $selectedTenant->getKey()]
|
||||
: array_keys($reviewTenants);
|
||||
$backupHealthByTenant = $this->backupHealthResolver->assessMany($tenantIds);
|
||||
$recoveryEvidenceByTenant = $this->restoreSafetyResolver->dashboardRecoveryEvidenceForTenants($tenantIds, $backupHealthByTenant);
|
||||
$resolved = $this->tenantTriageReviewStateResolver->resolveMany(
|
||||
workspaceId: (int) $workspace->getKey(),
|
||||
tenantIds: $tenantIds,
|
||||
backupHealthByTenant: $backupHealthByTenant,
|
||||
recoveryEvidenceByTenant: $recoveryEvidenceByTenant,
|
||||
);
|
||||
$latestPublishedReviews = $this->tenantReviewRegisterService
|
||||
->latestPublishedQuery($user, $workspace)
|
||||
->get()
|
||||
->keyBy('tenant_id')
|
||||
->all();
|
||||
|
||||
$rawEntries = [];
|
||||
|
||||
foreach ($tenantIds as $tenantId) {
|
||||
$tenant = $reviewTenants[$tenantId] ?? null;
|
||||
$rows = $resolved['rows'][$tenantId] ?? null;
|
||||
|
||||
if (! $tenant instanceof Tenant || ! is_array($rows)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach ([PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, PortfolioArrivalContextToken::FAMILY_RECOVERY_EVIDENCE] as $family) {
|
||||
$row = $rows[$family] ?? null;
|
||||
|
||||
if (! is_array($row) || ($row['current_concern_present'] ?? false) !== true) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$derivedState = $row['derived_state'] ?? null;
|
||||
|
||||
if (! in_array($derivedState, [
|
||||
TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
|
||||
TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW,
|
||||
], true)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$rawEntries[] = $this->reviewEntry(
|
||||
tenant: $tenant,
|
||||
family: $family,
|
||||
row: $row,
|
||||
latestPublishedReview: $latestPublishedReviews[$tenantId] ?? null,
|
||||
navigationContext: $navigationContext,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
usort($rawEntries, function (array $left, array $right): int {
|
||||
$leftRank = (int) ($left['urgency_rank'] ?? 0);
|
||||
$rightRank = (int) ($right['urgency_rank'] ?? 0);
|
||||
|
||||
if ($leftRank !== $rightRank) {
|
||||
return $leftRank <=> $rightRank;
|
||||
}
|
||||
|
||||
return strcmp((string) ($left['headline'] ?? ''), (string) ($right['headline'] ?? ''));
|
||||
});
|
||||
|
||||
$followUpCount = collect($rawEntries)
|
||||
->where('status_label', 'Follow-up needed')
|
||||
->count();
|
||||
$changedCount = collect($rawEntries)
|
||||
->where('status_label', 'Changed since review')
|
||||
->count();
|
||||
|
||||
return [
|
||||
'key' => 'review_follow_up',
|
||||
'label' => 'Review follow-up',
|
||||
'count' => count($rawEntries),
|
||||
'summary' => $this->reviewSummary($followUpCount, $changedCount),
|
||||
'dominant_action_label' => 'Open review follow-up',
|
||||
'dominant_action_url' => $selectedTenant instanceof Tenant
|
||||
? $this->appendQuery(CustomerReviewWorkspace::tenantPrefilterUrl($selectedTenant), $navigationContext?->toQuery() ?? [])
|
||||
: $this->appendQuery(TenantResource::getUrl(panel: 'admin'), array_replace_recursive(
|
||||
$navigationContext?->toQuery() ?? [],
|
||||
[
|
||||
'backup_posture' => [
|
||||
TenantBackupHealthAssessment::POSTURE_ABSENT,
|
||||
TenantBackupHealthAssessment::POSTURE_STALE,
|
||||
TenantBackupHealthAssessment::POSTURE_DEGRADED,
|
||||
],
|
||||
'recovery_evidence' => [
|
||||
TenantRecoveryTriagePresentation::RECOVERY_EVIDENCE_WEAKENED,
|
||||
TenantRecoveryTriagePresentation::RECOVERY_EVIDENCE_UNVALIDATED,
|
||||
],
|
||||
'review_state' => [
|
||||
TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
|
||||
TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW,
|
||||
],
|
||||
'triage_sort' => TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
|
||||
],
|
||||
)),
|
||||
'entries' => array_slice($rawEntries, 0, self::PREVIEW_LIMIT),
|
||||
'empty_state' => $selectedTenant instanceof Tenant
|
||||
? 'No review follow-up is visible for this tenant filter right now.'
|
||||
: 'No review follow-up is visible right now.',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $visibleFindingTenants
|
||||
*/
|
||||
private function assignedFindingsQuery(User $user, array $visibleFindingTenants, ?Tenant $selectedTenant): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
$tenantIds = $selectedTenant instanceof Tenant
|
||||
? [(int) $selectedTenant->getKey()]
|
||||
: array_keys($visibleFindingTenants);
|
||||
|
||||
return Finding::query()
|
||||
->with(['tenant', 'ownerUser:id,name', 'assigneeUser:id,name'])
|
||||
->withSubjectDisplayName()
|
||||
->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->where('assignee_user_id', (int) $user->getKey())
|
||||
->whereIn('status', Finding::openStatusesForQuery());
|
||||
}
|
||||
|
||||
private function orderedAssignedFindingsQuery(\Illuminate\Database\Eloquent\Builder $query): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
return $query
|
||||
->orderByRaw(
|
||||
'case when due_at is not null and due_at < ? then 0 when reopened_at is not null then 1 else 2 end asc',
|
||||
[now()],
|
||||
)
|
||||
->orderByRaw('case when due_at is null then 1 else 0 end asc')
|
||||
->orderBy('due_at')
|
||||
->orderByDesc('id');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $visibleFindingTenants
|
||||
*/
|
||||
private function intakeFindingsQuery(array $visibleFindingTenants, ?Tenant $selectedTenant): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
$tenantIds = $selectedTenant instanceof Tenant
|
||||
? [(int) $selectedTenant->getKey()]
|
||||
: array_keys($visibleFindingTenants);
|
||||
|
||||
return Finding::query()
|
||||
->with(['tenant', 'ownerUser:id,name', 'assigneeUser:id,name'])
|
||||
->withSubjectDisplayName()
|
||||
->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->whereNull('assignee_user_id')
|
||||
->whereIn('status', Finding::openStatusesForQuery());
|
||||
}
|
||||
|
||||
private function orderedIntakeFindingsQuery(\Illuminate\Database\Eloquent\Builder $query): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
return $query
|
||||
->orderByRaw(
|
||||
"case
|
||||
when due_at is not null and due_at < ? then 0
|
||||
when status = ? then 1
|
||||
when status = ? then 2
|
||||
else 3
|
||||
end asc",
|
||||
[now(), Finding::STATUS_REOPENED, Finding::STATUS_NEW],
|
||||
)
|
||||
->orderByRaw('case when due_at is null then 1 else 0 end asc')
|
||||
->orderBy('due_at')
|
||||
->orderByDesc('id');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
*/
|
||||
private function terminalOperationsQuery(Workspace $workspace, array $authorizedTenants, ?Tenant $selectedTenant): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
return $this->operationsBaseQuery($workspace, $authorizedTenants, $selectedTenant)
|
||||
->terminalFollowUp();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
*/
|
||||
private function staleOperationsQuery(Workspace $workspace, array $authorizedTenants, ?Tenant $selectedTenant): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
return $this->operationsBaseQuery($workspace, $authorizedTenants, $selectedTenant)
|
||||
->activeStaleAttention();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
*/
|
||||
private function operationsBaseQuery(Workspace $workspace, array $authorizedTenants, ?Tenant $selectedTenant): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
$tenantIds = array_keys($authorizedTenants);
|
||||
|
||||
return OperationRun::query()
|
||||
->with('tenant')
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where(function ($query) use ($selectedTenant, $tenantIds): void {
|
||||
if ($selectedTenant instanceof Tenant) {
|
||||
$query->where('tenant_id', (int) $selectedTenant->getKey());
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$query
|
||||
->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->orWhereNull('tenant_id');
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, Tenant> $authorizedTenants
|
||||
*/
|
||||
private function alertsQuery(Workspace $workspace, array $authorizedTenants, ?Tenant $selectedTenant): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
$tenantIds = array_keys($authorizedTenants);
|
||||
|
||||
return AlertDelivery::query()
|
||||
->with('tenant')
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('status', AlertDelivery::STATUS_FAILED)
|
||||
->where(function ($query) use ($selectedTenant, $tenantIds): void {
|
||||
if ($selectedTenant instanceof Tenant) {
|
||||
$query->where('tenant_id', (int) $selectedTenant->getKey());
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$query
|
||||
->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->orWhereNull('tenant_id');
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function findingEntry(Finding $finding, string $familyKey, ?CanonicalNavigationContext $navigationContext, int $baseUrgencyRank): array
|
||||
{
|
||||
$sublineParts = array_values(array_filter([
|
||||
$finding->owner_user_id !== null ? 'Owner: '.FindingResource::accountableOwnerDisplayFor($finding) : null,
|
||||
FindingExceptionResource::relativeTimeDescription($finding->due_at) ?? FindingResource::dueAttentionLabelFor($finding),
|
||||
$finding->reopened_at !== null ? 'Reopened' : null,
|
||||
]));
|
||||
|
||||
return [
|
||||
'family_key' => $familyKey,
|
||||
'source_model' => Finding::class,
|
||||
'source_key' => (string) $finding->getKey(),
|
||||
'tenant_id' => $finding->tenant ? (int) $finding->tenant->getKey() : null,
|
||||
'tenant_label' => $finding->tenant?->name,
|
||||
'headline' => $finding->resolvedSubjectDisplayName() ?? 'Finding #'.$finding->getKey(),
|
||||
'subline' => $sublineParts === [] ? null : implode(' • ', $sublineParts),
|
||||
'urgency_rank' => $baseUrgencyRank
|
||||
+ ($finding->due_at?->isPast() === true ? 0 : 1)
|
||||
+ ($finding->reopened_at !== null ? 0 : 1),
|
||||
'status_label' => Str::of((string) $finding->status)->replace('_', ' ')->title()->value(),
|
||||
'destination_url' => $this->appendQuery(
|
||||
FindingResource::getUrl('view', ['record' => $finding], panel: 'tenant', tenant: $finding->tenant),
|
||||
$navigationContext?->toQuery() ?? [],
|
||||
),
|
||||
'back_label' => $navigationContext?->backLinkLabel ?? 'Back to governance inbox',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function operationEntry(OperationRun $run, ?CanonicalNavigationContext $navigationContext): array
|
||||
{
|
||||
$problemClass = $run->problemClass();
|
||||
|
||||
return [
|
||||
'family_key' => 'stale_operations',
|
||||
'source_model' => OperationRun::class,
|
||||
'source_key' => (string) $run->getKey(),
|
||||
'tenant_id' => $run->tenant ? (int) $run->tenant->getKey() : null,
|
||||
'tenant_label' => $run->tenant?->name,
|
||||
'headline' => $problemClass === OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP
|
||||
? 'Terminal follow-up operation'
|
||||
: 'Stale active operation',
|
||||
'subline' => OperationRunLinks::identifier($run),
|
||||
'urgency_rank' => $problemClass === OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP ? 0 : 1,
|
||||
'status_label' => $problemClass === OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP
|
||||
? 'Terminal follow-up'
|
||||
: 'Stale',
|
||||
'destination_url' => OperationRunLinks::tenantlessView($run, $navigationContext),
|
||||
'back_label' => $navigationContext?->backLinkLabel ?? 'Back to governance inbox',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function alertEntry(AlertDelivery $delivery, ?CanonicalNavigationContext $navigationContext): array
|
||||
{
|
||||
$payload = is_array($delivery->payload) ? $delivery->payload : [];
|
||||
$headline = is_string($payload['title'] ?? null) && $payload['title'] !== ''
|
||||
? (string) $payload['title']
|
||||
: 'Failed alert delivery';
|
||||
$sublineParts = array_values(array_filter([
|
||||
is_string($delivery->last_error_message) && $delivery->last_error_message !== ''
|
||||
? $delivery->last_error_message
|
||||
: null,
|
||||
is_string($delivery->event_type) && $delivery->event_type !== ''
|
||||
? $delivery->event_type
|
||||
: null,
|
||||
]));
|
||||
|
||||
return [
|
||||
'family_key' => 'alert_delivery_failures',
|
||||
'source_model' => AlertDelivery::class,
|
||||
'source_key' => (string) $delivery->getKey(),
|
||||
'tenant_id' => $delivery->tenant ? (int) $delivery->tenant->getKey() : null,
|
||||
'tenant_label' => $delivery->tenant?->name,
|
||||
'headline' => $headline,
|
||||
'subline' => $sublineParts === [] ? null : implode(' • ', $sublineParts),
|
||||
'urgency_rank' => 0,
|
||||
'status_label' => 'Failed',
|
||||
'destination_url' => $this->appendQuery(
|
||||
AlertDeliveryResource::getUrl('view', ['record' => $delivery], panel: 'admin'),
|
||||
$navigationContext?->toQuery() ?? [],
|
||||
),
|
||||
'back_label' => $navigationContext?->backLinkLabel ?? 'Back to governance inbox',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $row
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function reviewEntry(
|
||||
Tenant $tenant,
|
||||
string $family,
|
||||
array $row,
|
||||
mixed $latestPublishedReview,
|
||||
?CanonicalNavigationContext $navigationContext,
|
||||
): array {
|
||||
$state = (string) ($row['derived_state'] ?? TenantTriageReview::DERIVED_STATE_NOT_REVIEWED);
|
||||
$familyLabel = $family === PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH
|
||||
? 'Backup health'
|
||||
: 'Recovery evidence';
|
||||
$headline = $state === TenantTriageReview::STATE_FOLLOW_UP_NEEDED
|
||||
? $familyLabel.' needs review follow-up'
|
||||
: $familyLabel.' changed since review';
|
||||
$sublineParts = array_values(array_filter([
|
||||
is_string($row['reviewed_by_user_name'] ?? null) && $row['reviewed_by_user_name'] !== ''
|
||||
? 'Last review: '.$row['reviewed_by_user_name']
|
||||
: null,
|
||||
isset($row['reviewed_at']) && $row['reviewed_at'] !== null
|
||||
? 'Reviewed '.optional($row['reviewed_at'])->toDateTimeString()
|
||||
: null,
|
||||
]));
|
||||
$destinationUrl = $latestPublishedReview !== null
|
||||
? TenantReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview], $tenant, 'tenant')
|
||||
: CustomerReviewWorkspace::tenantPrefilterUrl($tenant);
|
||||
|
||||
return [
|
||||
'family_key' => 'review_follow_up',
|
||||
'source_model' => TenantTriageReview::class,
|
||||
'source_key' => (string) $tenant->getKey().':'.$family,
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'tenant_label' => $tenant->name,
|
||||
'headline' => $headline,
|
||||
'subline' => $sublineParts === [] ? null : implode(' • ', $sublineParts),
|
||||
'urgency_rank' => $state === TenantTriageReview::STATE_FOLLOW_UP_NEEDED ? 0 : 1,
|
||||
'status_label' => $state === TenantTriageReview::STATE_FOLLOW_UP_NEEDED
|
||||
? 'Follow-up needed'
|
||||
: 'Changed since review',
|
||||
'destination_url' => $this->appendQuery($destinationUrl, $navigationContext?->toQuery() ?? []),
|
||||
'back_label' => $navigationContext?->backLinkLabel ?? 'Back to governance inbox',
|
||||
];
|
||||
}
|
||||
|
||||
private function assignedFindingsSummary(int $count, int $overdueCount): string
|
||||
{
|
||||
if ($count === 0) {
|
||||
return 'No assigned findings are visible in the current scope.';
|
||||
}
|
||||
|
||||
if ($overdueCount > 0) {
|
||||
return sprintf(
|
||||
'%d assigned finding%s remain open. %d %s overdue.',
|
||||
$count,
|
||||
$count === 1 ? '' : 's',
|
||||
$overdueCount,
|
||||
$overdueCount === 1 ? 'is' : 'are',
|
||||
);
|
||||
}
|
||||
|
||||
return sprintf(
|
||||
'%d assigned finding%s remain open in the visible scope.',
|
||||
$count,
|
||||
$count === 1 ? '' : 's',
|
||||
);
|
||||
}
|
||||
|
||||
private function intakeFindingsSummary(int $count, int $needsTriageCount): string
|
||||
{
|
||||
if ($count === 0) {
|
||||
return 'No intake findings are visible in the current scope.';
|
||||
}
|
||||
|
||||
return sprintf(
|
||||
'%d unassigned finding%s remain in intake. %d still need first triage.',
|
||||
$count,
|
||||
$count === 1 ? '' : 's',
|
||||
$needsTriageCount,
|
||||
);
|
||||
}
|
||||
|
||||
private function operationsSummary(int $terminalCount, int $staleCount): string
|
||||
{
|
||||
if ($terminalCount + $staleCount === 0) {
|
||||
return 'No stale or terminal follow-up operations are visible in the current scope.';
|
||||
}
|
||||
|
||||
if ($terminalCount > 0 && $staleCount > 0) {
|
||||
return sprintf(
|
||||
'%d terminal follow-up operation%s and %d stale active run%s need monitoring attention.',
|
||||
$terminalCount,
|
||||
$terminalCount === 1 ? '' : 's',
|
||||
$staleCount,
|
||||
$staleCount === 1 ? '' : 's',
|
||||
);
|
||||
}
|
||||
|
||||
if ($terminalCount > 0) {
|
||||
return sprintf(
|
||||
'%d terminal follow-up operation%s need monitoring attention.',
|
||||
$terminalCount,
|
||||
$terminalCount === 1 ? '' : 's',
|
||||
);
|
||||
}
|
||||
|
||||
return sprintf(
|
||||
'%d stale active run%s need monitoring attention.',
|
||||
$staleCount,
|
||||
$staleCount === 1 ? '' : 's',
|
||||
);
|
||||
}
|
||||
|
||||
private function alertsSummary(int $count): string
|
||||
{
|
||||
if ($count === 0) {
|
||||
return 'No failed alert deliveries are visible in the current scope.';
|
||||
}
|
||||
|
||||
return sprintf(
|
||||
'%d failed alert delivery attempt%s remain visible in this workspace.',
|
||||
$count,
|
||||
$count === 1 ? '' : 's',
|
||||
);
|
||||
}
|
||||
|
||||
private function reviewSummary(int $followUpCount, int $changedCount): string
|
||||
{
|
||||
$total = $followUpCount + $changedCount;
|
||||
|
||||
if ($total === 0) {
|
||||
return 'No review follow-up is visible in the current scope.';
|
||||
}
|
||||
|
||||
return sprintf(
|
||||
'%d review concern%s need attention. %d marked follow-up needed and %d changed since review.',
|
||||
$total,
|
||||
$total === 1 ? '' : 's',
|
||||
$followUpCount,
|
||||
$changedCount,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $query
|
||||
*/
|
||||
private function appendQuery(string $url, array $query): string
|
||||
{
|
||||
if ($query === []) {
|
||||
return $url;
|
||||
}
|
||||
|
||||
$separator = str_contains($url, '?') ? '&' : '?';
|
||||
|
||||
return $url.$separator.http_build_query($query);
|
||||
}
|
||||
}
|
||||
@ -17,6 +17,13 @@ final class OperationalControlCatalog
|
||||
'operation_types' => ['restore.execute'],
|
||||
'affected_surfaces' => ['tenant.restore_runs.create'],
|
||||
],
|
||||
'ai.execution' => [
|
||||
'key' => 'ai.execution',
|
||||
'label' => 'AI execution',
|
||||
'supported_scopes' => ['global'],
|
||||
'operation_types' => ['ai.execution'],
|
||||
'affected_surfaces' => ['governed_ai.execution'],
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Governance\PlatformVocabularyGlossary;
|
||||
use App\Support\Links\RequiredPermissionsLinks;
|
||||
use App\Support\ReasonTranslation\ReasonPresenter;
|
||||
@ -147,6 +148,43 @@ public function knowledgeSource(): array
|
||||
return $this->catalog->knowledgeSource();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* use_case_key: string,
|
||||
* source_family: string,
|
||||
* data_classifications: list<string>,
|
||||
* operational_metadata: array{version: int, topic_count: int},
|
||||
* topics: list<array{
|
||||
* topic_key: string,
|
||||
* surface_families: list<string>,
|
||||
* headline: string,
|
||||
* short_explanation: string,
|
||||
* troubleshooting_steps: list<string>,
|
||||
* safe_next_action: string,
|
||||
* glossary_terms: list<string>,
|
||||
* docs_links: list<array{label: string, kind: string, url: ?string, resolver: ?string}>
|
||||
* }>
|
||||
* }
|
||||
*/
|
||||
public function aiProductKnowledgeAnswerDraftSource(): array
|
||||
{
|
||||
$source = $this->knowledgeSource();
|
||||
|
||||
return [
|
||||
'use_case_key' => 'product_knowledge.answer_draft',
|
||||
'source_family' => 'product_knowledge',
|
||||
'data_classifications' => [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
'operational_metadata' => [
|
||||
'version' => (int) $source['version'],
|
||||
'topic_count' => (int) $source['topic_count'],
|
||||
],
|
||||
'topics' => $source['topics'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed>|null $verificationReport
|
||||
*/
|
||||
|
||||
@ -5,6 +5,9 @@
|
||||
namespace App\Support\Settings;
|
||||
|
||||
use App\Models\Finding;
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Support\Ai\AiPolicyMode;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Entitlements\WorkspacePlanProfileCatalog;
|
||||
|
||||
final class SettingsRegistry
|
||||
@ -18,6 +21,34 @@ public function __construct()
|
||||
{
|
||||
$this->definitions = [];
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
type: 'string',
|
||||
systemDefault: AiPolicyMode::Disabled->value,
|
||||
rules: ['required', 'string', 'in:disabled,private_only'],
|
||||
normalizer: static fn (mixed $value): string => strtolower(trim((string) $value)),
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: LocaleResolver::SETTING_DOMAIN,
|
||||
key: LocaleResolver::SETTING_DEFAULT_LOCALE,
|
||||
type: 'string',
|
||||
systemDefault: null,
|
||||
rules: [
|
||||
'nullable',
|
||||
'string',
|
||||
'in:'.implode(',', LocaleResolver::supportedLocales()),
|
||||
],
|
||||
normalizer: static function (mixed $value): ?string {
|
||||
if ($value === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return LocaleResolver::normalize($value);
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'backup',
|
||||
key: 'retention_keep_last_default',
|
||||
@ -304,6 +335,44 @@ static function (string $attribute, mixed $value, \Closure $fail): void {
|
||||
return $normalized === '' ? null : $normalized;
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_STATE,
|
||||
type: 'string',
|
||||
systemDefault: null,
|
||||
rules: [
|
||||
'nullable',
|
||||
'string',
|
||||
'in:'.implode(',', WorkspaceCommercialLifecycleResolver::stateIds()),
|
||||
],
|
||||
normalizer: static function (mixed $value): ?string {
|
||||
if ($value === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = strtolower(trim((string) $value));
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: WorkspaceCommercialLifecycleResolver::SETTING_COMMERCIAL_LIFECYCLE_REASON,
|
||||
type: 'string',
|
||||
systemDefault: null,
|
||||
rules: ['nullable', 'string', 'max:500'],
|
||||
normalizer: static function (mixed $value): ?string {
|
||||
if ($value === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim((string) $value);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
},
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -19,6 +19,7 @@
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Navigation\RelatedNavigationResolver;
|
||||
use App\Support\OperationRunLinks;
|
||||
use App\Support\OpsUx\GovernanceRunDiagnosticSummaryBuilder;
|
||||
@ -133,6 +134,39 @@ public function forOperationRun(OperationRun $run, ?User $actor = null): array
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* use_case_key: string,
|
||||
* source_family: string,
|
||||
* data_classifications: list<string>,
|
||||
* summary: array{
|
||||
* headline: string,
|
||||
* dominant_issue: string,
|
||||
* freshness_state: string,
|
||||
* completeness_note: ?string,
|
||||
* redaction_note: string,
|
||||
* generated_from: string
|
||||
* },
|
||||
* redaction: array{mode: string, markers: list<string>},
|
||||
* notes: list<string>
|
||||
* }
|
||||
*/
|
||||
public function aiSupportDiagnosticsSummaryDraftSource(Tenant $tenant, ?User $actor = null): array
|
||||
{
|
||||
$bundle = $this->forTenant($tenant, $actor);
|
||||
|
||||
return [
|
||||
'use_case_key' => 'support_diagnostics.summary_draft',
|
||||
'source_family' => 'support_diagnostics',
|
||||
'data_classifications' => [
|
||||
AiDataClassification::RedactedSupportSummary->value,
|
||||
],
|
||||
'summary' => $bundle['summary'],
|
||||
'redaction' => $bundle['redaction'],
|
||||
'notes' => $bundle['notes'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param list<array<string, mixed>> $sections
|
||||
* @return array<string, mixed>
|
||||
|
||||
@ -749,12 +749,17 @@ public static function spec195ResidualSurfaceInventory(): array
|
||||
'discoveryState' => 'outside_primary_discovery',
|
||||
'closureDecision' => 'harmless_special_case',
|
||||
'reasonCategory' => 'read_mostly_context_detail',
|
||||
'explicitReason' => 'The workspace directory detail page is a read-mostly drilldown that exposes context and links, not a declaration-backed mutable system workbench.',
|
||||
'explicitReason' => 'The workspace directory detail page is a read-mostly drilldown with one bounded, capability-gated commercial lifecycle mutation added by spec 251; it is still not a declaration-backed mutable system workbench.',
|
||||
'evidence' => [
|
||||
[
|
||||
'kind' => 'feature_livewire_test',
|
||||
'reference' => 'tests/Feature/System/Spec195/SystemDirectoryResidualSurfaceTest.php',
|
||||
'proves' => 'The workspace detail page stays capability-gated and renders contextual tenant and run links without mutating actions.',
|
||||
'proves' => 'The workspace detail page stays capability-gated and renders contextual tenant and run links while remaining outside the primary declaration-backed table contract.',
|
||||
],
|
||||
[
|
||||
'kind' => 'feature_livewire_test',
|
||||
'reference' => 'tests/Feature/System/ViewWorkspaceEntitlementsTest.php',
|
||||
'proves' => 'The commercial lifecycle mutation is separately capability-gated, confirmation-protected, rationale-required, and audited.',
|
||||
],
|
||||
[
|
||||
'kind' => 'authorization_test',
|
||||
|
||||
@ -8,6 +8,8 @@ final class WorkspaceResolver
|
||||
{
|
||||
public function resolve(string $value): ?Workspace
|
||||
{
|
||||
$value = $this->normalizeRouteValue($value);
|
||||
|
||||
$workspace = Workspace::query()
|
||||
->where('slug', $value)
|
||||
->first();
|
||||
@ -22,4 +24,37 @@ public function resolve(string $value): ?Workspace
|
||||
|
||||
return Workspace::query()->whereKey((int) $value)->first();
|
||||
}
|
||||
|
||||
private function normalizeRouteValue(string $value): string
|
||||
{
|
||||
$value = trim($value);
|
||||
|
||||
if (! str_starts_with($value, '{')) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$decoded = json_decode($value, true);
|
||||
|
||||
if (! is_array($decoded)) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$slug = $decoded['slug'] ?? null;
|
||||
|
||||
if (is_string($slug) && $slug !== '') {
|
||||
return $slug;
|
||||
}
|
||||
|
||||
$id = $decoded['id'] ?? null;
|
||||
|
||||
if (is_int($id)) {
|
||||
return (string) $id;
|
||||
}
|
||||
|
||||
if (is_string($id) && ctype_digit($id)) {
|
||||
return $id;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
use Illuminate\Foundation\Configuration\Exceptions;
|
||||
use Illuminate\Foundation\Configuration\Middleware;
|
||||
|
||||
use App\Http\Middleware\ApplyResolvedLocale;
|
||||
use App\Http\Middleware\SuppressDebugbarForSmokeRequests;
|
||||
use App\Http\Middleware\UseSystemSessionCookieForLivewireRequests;
|
||||
|
||||
@ -24,7 +25,12 @@
|
||||
UseSystemSessionCookieForLivewireRequests::class,
|
||||
]);
|
||||
|
||||
$middleware->web(append: [
|
||||
ApplyResolvedLocale::class,
|
||||
]);
|
||||
|
||||
$middleware->alias([
|
||||
'apply-resolved-locale' => ApplyResolvedLocale::class,
|
||||
'ensure-correct-guard' => \App\Http\Middleware\EnsureCorrectGuard::class,
|
||||
'ensure-platform-capability' => \App\Http\Middleware\EnsurePlatformCapability::class,
|
||||
'ensure-workspace-member' => \App\Http\Middleware\EnsureWorkspaceMember::class,
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('users', function (Blueprint $table): void {
|
||||
$table->string('preferred_locale', 8)
|
||||
->nullable()
|
||||
->after('last_workspace_id')
|
||||
->index();
|
||||
});
|
||||
}
|
||||
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('users', function (Blueprint $table): void {
|
||||
$table->dropColumn('preferred_locale');
|
||||
});
|
||||
}
|
||||
};
|
||||
88
apps/platform/lang/de/baseline-compare.php
Normal file
88
apps/platform/lang/de/baseline-compare.php
Normal file
@ -0,0 +1,88 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
return [
|
||||
'duplicate_warning_title' => 'Warnung',
|
||||
'duplicate_warning_body_plural' => ':count Policies in diesem Tenant verwenden generische Anzeigenamen, dadurch entstehen :ambiguous_count mehrdeutige Subjekte. :app kann sie nicht sicher mit der Baseline abgleichen.',
|
||||
'duplicate_warning_body_singular' => ':count Policy in diesem Tenant verwendet einen generischen Anzeigenamen, dadurch entsteht :ambiguous_count mehrdeutiges Subjekt. :app kann es nicht sicher mit der Baseline abgleichen.',
|
||||
'stat_assigned_baseline' => 'Zugewiesene Baseline',
|
||||
'stat_total_findings' => 'Findings gesamt',
|
||||
'stat_last_compared' => 'Zuletzt verglichen',
|
||||
'stat_last_compared_never' => 'Nie',
|
||||
'stat_error' => 'Fehler',
|
||||
'badge_snapshot' => 'Snapshot #:id',
|
||||
'badge_coverage_ok' => 'Abdeckung: OK',
|
||||
'badge_coverage_warnings' => 'Abdeckung: Warnungen',
|
||||
'badge_fidelity' => 'Fidelity: :level',
|
||||
'badge_evidence_gaps' => 'Evidence Gaps: :count',
|
||||
'evidence_gaps_tooltip' => 'Wichtigste Gaps: :summary',
|
||||
'evidence_gap_details_heading' => 'Evidence-Gap-Details',
|
||||
'evidence_gap_details_description' => 'Durchsuchen Sie aufgezeichnete Gap-Subjekte nach Grund, Governed Subject, Subjektklasse, Ergebnis, nächster Aktion oder Subject Key, bevor Sie Rohdiagnosen verwenden.',
|
||||
'evidence_gap_search_label' => 'Gap-Details suchen',
|
||||
'evidence_gap_search_placeholder' => 'Nach Grund, Typ, Klasse, Ergebnis, Aktion oder Subject Key suchen',
|
||||
'evidence_gap_search_help' => 'Filtert über Grund, Governed Subject, Subjektklasse, Ergebnis, nächste Aktion und Subject Key.',
|
||||
'evidence_gap_bucket_help_ambiguous_match' => 'Mehrere Inventory-Datensätze passten zum gleichen Policy-Subjekt. Prüfen Sie das Mapping.',
|
||||
'evidence_gap_bucket_help_policy_record_missing' => 'Der erwartete Policy-Datensatz wurde im Baseline-Snapshot nicht gefunden. Prüfen Sie, ob die Policy im Tenant noch existiert.',
|
||||
'evidence_gap_bucket_help_inventory_record_missing' => 'Für diese Subjekte konnte kein Inventory-Datensatz gefunden werden. Prüfen Sie, ob der Inventory Sync aktuell ist.',
|
||||
'evidence_gap_bucket_help_foundation_not_policy_backed' => 'Diese Subjekte existieren in der Foundation-Schicht, sind aber nicht durch eine verwaltete Policy abgedeckt. Prüfen Sie, ob eine Policy erstellt werden sollte.',
|
||||
'evidence_gap_bucket_help_capture_failed' => 'Evidence Capture ist für diese Subjekte fehlgeschlagen. Wiederholen Sie den Vergleich oder prüfen Sie die Graph-Konnektivität.',
|
||||
'evidence_gap_bucket_help_default' => 'Diese Subjekte wurden beim Vergleich markiert. Prüfen Sie die betroffenen Zeilen.',
|
||||
'evidence_gap_reason' => 'Grund',
|
||||
'evidence_gap_reason_affected' => ':count betroffen',
|
||||
'evidence_gap_reason_recorded' => ':count aufgezeichnet',
|
||||
'evidence_gap_reason_missing_detail' => ':count ohne Detail',
|
||||
'evidence_gap_structural' => 'Strukturell: :count',
|
||||
'evidence_gap_operational' => 'Operativ: :count',
|
||||
'evidence_gap_transient' => 'Temporär: :count',
|
||||
'evidence_gap_bucket_structural' => ':count strukturell',
|
||||
'evidence_gap_bucket_operational' => ':count operativ',
|
||||
'evidence_gap_bucket_transient' => ':count temporär',
|
||||
'evidence_gap_missing_details_title' => 'Für diesen Run wurden keine Detailzeilen aufgezeichnet',
|
||||
'evidence_gap_missing_details_body' => 'Evidence Gaps wurden für diesen Compare Run gezählt, aber Details auf Subjektebene wurden nicht gespeichert. Prüfen Sie Rohdiagnosen oder wiederholen Sie den Vergleich.',
|
||||
'evidence_gap_missing_reason_body' => ':count betroffene Subjekte wurden für diesen Grund gezählt, aber Detailzeilen wurden nicht aufgezeichnet.',
|
||||
'evidence_gap_legacy_title' => 'Legacy-Development-Gap-Payload erkannt',
|
||||
'evidence_gap_legacy_body' => 'Dieser Run verwendet noch die retired breite Grundform. Erzeugen Sie den Run neu oder bereinigen Sie alte lokale Development-Payloads.',
|
||||
'evidence_gap_diagnostics_heading' => 'Baseline-Compare-Evidence',
|
||||
'evidence_gap_diagnostics_description' => 'Rohdiagnosen bleiben für Support und tiefere Fehlersuche nach Operator-Zusammenfassung und Detailansicht verfügbar.',
|
||||
'evidence_gap_policy_type' => 'Governed Subject',
|
||||
'evidence_gap_subject_class' => 'Subjektklasse',
|
||||
'evidence_gap_outcome' => 'Ergebnis',
|
||||
'evidence_gap_next_action' => 'Nächste Aktion',
|
||||
'evidence_gap_subject_key' => 'Subject Key',
|
||||
'evidence_gap_table_empty_heading' => 'Keine aufgezeichneten Gap-Zeilen passen zu dieser Ansicht',
|
||||
'evidence_gap_table_empty_description' => 'Passen Sie Suche oder Filter an, um andere betroffene Subjekte zu prüfen.',
|
||||
'comparing_indicator' => 'Vergleich läuft...',
|
||||
'no_findings_all_clear' => 'Kein bestätigter Drift im letzten Vergleich',
|
||||
'no_findings_coverage_warnings' => 'Kein Drift angezeigt, aber Coverage limitiert diesen Vergleich',
|
||||
'no_findings_evidence_gaps' => 'Kein Drift angezeigt, aber Evidence Gaps müssen geprüft werden',
|
||||
'no_findings_default' => 'Aktuell sind keine Drift Findings sichtbar',
|
||||
'coverage_warning_title' => 'Vergleich mit Warnungen abgeschlossen',
|
||||
'coverage_unproven_body' => 'Coverage Proof fehlte oder war nicht lesbar. Findings wurden aus Sicherheitsgründen unterdrückt.',
|
||||
'coverage_incomplete_body' => 'Findings wurden für :count Policy :types wegen unvollständiger Coverage übersprungen.',
|
||||
'coverage_uncovered_label' => 'Nicht abgedeckt: :list',
|
||||
'failed_title' => 'Vergleich fehlgeschlagen',
|
||||
'failed_body_default' => 'Der letzte Baseline-Vergleich ist fehlgeschlagen. Prüfen Sie die Run-Details oder wiederholen Sie ihn.',
|
||||
'critical_drift_title' => 'Kritischer Drift erkannt',
|
||||
'critical_drift_body' => 'Der aktuelle Tenant-Zustand weicht von Baseline :profile ab. :count High-Severity :findings erfordern sofortige Aufmerksamkeit.',
|
||||
'empty_no_tenant' => 'Kein Tenant ausgewählt',
|
||||
'empty_no_assignment' => 'Keine Baseline zugewiesen',
|
||||
'empty_no_snapshot' => 'Kein Snapshot verfügbar',
|
||||
'findings_description' => 'Die Tenant-Konfiguration weicht vom Baseline-Profil ab.',
|
||||
'rbac_summary_title' => 'Intune-RBAC-Rollendefinitionen',
|
||||
'rbac_summary_description' => 'Rollenzuweisungen sind in diesem Baseline-Compare-Release nicht enthalten.',
|
||||
'rbac_summary_compared' => 'Verglichen',
|
||||
'rbac_summary_unchanged' => 'Unverändert',
|
||||
'rbac_summary_modified' => 'Geändert',
|
||||
'rbac_summary_missing' => 'Fehlend',
|
||||
'rbac_summary_unexpected' => 'Unerwartet',
|
||||
'no_drift_title' => 'Kein Drift erkannt',
|
||||
'no_drift_body' => 'Der letzte Vergleich hat keinen bestätigten Drift für das zugewiesene Baseline-Profil aufgezeichnet.',
|
||||
'coverage_warnings_title' => 'Coverage-Warnungen',
|
||||
'coverage_warnings_body' => 'Der letzte Vergleich wurde mit Warnungen abgeschlossen und erzeugte keine bestätigten Drift Findings. Aktualisieren Sie Evidence, bevor Sie dies als Entwarnung werten.',
|
||||
'idle_title' => 'Bereit zum Vergleich',
|
||||
'button_view_run' => 'Run anzeigen',
|
||||
'button_view_failed_run' => 'Fehlgeschlagenen Run anzeigen',
|
||||
'button_view_findings' => 'Alle Findings anzeigen',
|
||||
'button_review_last_run' => 'Letzten Run prüfen',
|
||||
];
|
||||
31
apps/platform/lang/de/findings.php
Normal file
31
apps/platform/lang/de/findings.php
Normal file
@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
return [
|
||||
'drift' => [
|
||||
'rbac_role_definition' => 'Intune-RBAC-Rollendefinitions-Drift',
|
||||
],
|
||||
'subject_types' => [
|
||||
'policy' => 'Policy',
|
||||
'intuneRoleDefinition' => 'Intune-RBAC-Rollendefinition',
|
||||
],
|
||||
'rbac' => [
|
||||
'detail_heading' => 'Intune-RBAC-Rollendefinitions-Drift',
|
||||
'detail_subheading' => 'Rollenzuweisungen sind nicht enthalten. RBAC-Restore wird nicht unterstützt.',
|
||||
'metadata_only' => 'Nur Metadaten geändert',
|
||||
'permission_change' => 'Berechtigung geändert',
|
||||
'missing' => 'Im aktuellen Tenant fehlend',
|
||||
'unexpected' => 'Unerwartet im aktuellen Tenant',
|
||||
'changed_fields' => 'Geänderte Felder',
|
||||
'baseline' => 'Baseline',
|
||||
'current' => 'Aktuell',
|
||||
'absent' => 'Nicht vorhanden',
|
||||
'role_source' => 'Rollenquelle',
|
||||
'permission_blocks' => 'Berechtigungsblöcke',
|
||||
'built_in' => 'Integriert',
|
||||
'custom' => 'Benutzerdefiniert',
|
||||
'assignments_excluded' => 'Rollenzuweisungen sind in diesem Baseline-Compare-Release nicht enthalten.',
|
||||
'restore_unsupported' => 'RBAC-Restore wird in diesem Release nicht unterstützt.',
|
||||
],
|
||||
];
|
||||
230
apps/platform/lang/de/localization.php
Normal file
230
apps/platform/lang/de/localization.php
Normal file
@ -0,0 +1,230 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
return [
|
||||
'locales' => [
|
||||
'en' => 'Englisch',
|
||||
'de' => 'Deutsch',
|
||||
],
|
||||
'source' => [
|
||||
'explicit_override' => 'Sitzungsüberschreibung',
|
||||
'user_preference' => 'persönliche Einstellung',
|
||||
'workspace_default' => 'Workspace-Standard',
|
||||
'workspace_override' => 'Workspace-Überschreibung',
|
||||
'system_default' => 'Systemstandard',
|
||||
],
|
||||
'shell' => [
|
||||
'language' => 'Sprache',
|
||||
'current_language' => 'Aktuelle Sprache',
|
||||
'language_source' => 'Quelle: :source',
|
||||
'temporary_override' => 'Temporäre Überschreibung',
|
||||
'switch_language' => 'Sprache wechseln',
|
||||
'clear_override' => 'Geerbte Sprache verwenden',
|
||||
'personal_preference' => 'Persönliche Einstellung',
|
||||
'save_preference' => 'Einstellung speichern',
|
||||
'inherit_workspace' => 'Workspace-Standard verwenden',
|
||||
'workspace' => 'Workspace',
|
||||
'choose_workspace' => 'Workspace auswählen',
|
||||
'switch_workspace' => 'Workspace wechseln',
|
||||
'workspace_home' => 'Workspace-Start',
|
||||
'tenant_scope' => 'Tenant-Kontext',
|
||||
'select_tenant' => 'Tenant auswählen',
|
||||
'selected_tenant' => 'Ausgewählter Tenant',
|
||||
'no_tenant_selected' => 'Kein Tenant ausgewählt',
|
||||
'switch_tenant' => 'Tenant wechseln',
|
||||
'clear_tenant_scope' => 'Tenant-Kontext löschen',
|
||||
'context_unavailable' => 'Kontext nicht verfügbar',
|
||||
'context_unavailable_workspace' => 'Der angeforderte Kontext konnte nicht wiederhergestellt werden. Die Shell zeigt stattdessen einen gültigen Workspace-Kontext.',
|
||||
'context_unavailable_no_workspace' => 'Wählen Sie einen Workspace aus, um mit einem gültigen Admin-Kontext fortzufahren.',
|
||||
'no_active_tenants' => 'In diesem Workspace sind keine aktiven Tenants für den Standardbetrieb verfügbar.',
|
||||
'view_managed_tenants' => 'Managed Tenants anzeigen',
|
||||
'workspace_wide_available' => 'Kein Tenant ausgewählt. Workspace-weite Seiten bleiben verfügbar; ein Tenant setzt nur den normalen aktiven Betriebskontext.',
|
||||
'search_tenants' => 'Tenants suchen...',
|
||||
'choose_workspace_first' => 'Wählen Sie zuerst einen Workspace aus.',
|
||||
],
|
||||
'workspace' => [
|
||||
'title' => 'Workspace-Einstellungen',
|
||||
'save' => 'Speichern',
|
||||
'reset' => 'Zurücksetzen',
|
||||
'no_manage_permission' => 'Sie haben keine Berechtigung zum Verwalten der Workspace-Einstellungen.',
|
||||
'no_workspace_override' => 'Keine Workspace-Überschreibung zum Zurücksetzen vorhanden.',
|
||||
'last_modified_by' => ':description - Zuletzt geändert von :user, :time.',
|
||||
'section' => 'Lokalisierung',
|
||||
'section_description' => 'Workspace-Standard für Benutzer ohne persönliche Spracheinstellung.',
|
||||
'default_locale_label' => 'Standardsprache',
|
||||
'default_locale_placeholder' => 'Nicht gesetzt (verwendet Systemstandard)',
|
||||
'default_locale_helper_unset' => 'Nicht gesetzt. Effektive Sprache: :locale (:source).',
|
||||
'default_locale_helper_set' => 'Effektive Sprache: :locale.',
|
||||
],
|
||||
'auth' => [
|
||||
'microsoft_not_configured' => 'Microsoft-Anmeldung ist nicht konfiguriert.',
|
||||
'sign_in_microsoft' => 'Mit Microsoft anmelden',
|
||||
'tenant_admin_membership_required' => 'Tenant-Admin-Zugriff erfordert eine Tenant-Mitgliedschaft.',
|
||||
],
|
||||
'navigation' => [
|
||||
'findings' => 'Findings',
|
||||
'settings' => 'Einstellungen',
|
||||
'integrations' => 'Integrationen',
|
||||
'manage_workspaces' => 'Workspaces verwalten',
|
||||
'operations' => 'Operationen',
|
||||
'audit_log' => 'Audit-Log',
|
||||
'alerts' => 'Alerts',
|
||||
'governance' => 'Governance',
|
||||
'monitoring' => 'Monitoring',
|
||||
'dashboard' => 'Dashboard',
|
||||
],
|
||||
'dashboard' => [
|
||||
'tenant_title' => 'Tenant-Dashboard',
|
||||
'system_title' => 'System-Dashboard',
|
||||
'request_support' => 'Support anfragen',
|
||||
'support_request_heading' => 'Support anfragen',
|
||||
'support_request_description' => 'Teilen Sie eine kurze Zusammenfassung. TenantAtlas fügt redaktionell bereinigten Kontext aus bestehenden Datensätzen hinzu.',
|
||||
'submit_request' => 'Anfrage senden',
|
||||
'included_context' => 'Enthaltener Kontext',
|
||||
'severity' => 'Schweregrad',
|
||||
'summary' => 'Zusammenfassung',
|
||||
'reproduction_notes' => 'Reproduktionshinweise',
|
||||
'contact_name' => 'Kontaktname',
|
||||
'contact_email' => 'Kontakt-E-Mail',
|
||||
'support_request_submitted' => 'Supportanfrage gesendet',
|
||||
'open_support_diagnostics' => 'Supportdiagnosen öffnen',
|
||||
'support_diagnostics' => 'Supportdiagnosen',
|
||||
'support_diagnostics_description' => 'Redaktionell bereinigter Tenant-Kontext aus bestehenden Datensätzen.',
|
||||
'close' => 'Schließen',
|
||||
'time_window' => 'Zeitfenster',
|
||||
'window' => 'Fenster',
|
||||
'enter_break_glass' => 'Break-Glass-Modus aktivieren',
|
||||
'exit_break_glass' => 'Break-Glass beenden',
|
||||
'recovery_mode_enabled' => 'Wiederherstellungsmodus aktiviert',
|
||||
'recovery_mode_ended' => 'Wiederherstellungsmodus beendet',
|
||||
],
|
||||
'review' => [
|
||||
'reporting' => 'Berichte',
|
||||
'customer_reviews' => 'Kundenreviews',
|
||||
'customer_review_workspace' => 'Kundenreview-Workspace',
|
||||
'customer_safe_review_workspace' => 'Kundensicherer Review-Workspace',
|
||||
'customer_workspace_intro' => 'Prüfen Sie den zuletzt veröffentlichten kundensicheren Status für jeden berechtigten Tenant, ohne den aktuellen Workspace-Kontext zu verlassen.',
|
||||
'customer_workspace_canonical_note' => 'Eine Zeile öffnet die bestehende Tenant-Review-Detailseite, damit Evidence, Review-Packs und auditfähige Nachweise auf ihren kanonischen tenantbezogenen Oberflächen bleiben.',
|
||||
'reviews' => 'Reviews',
|
||||
'clear_filters' => 'Filter löschen',
|
||||
'tenant' => 'Tenant',
|
||||
'latest_review' => 'Letztes Review',
|
||||
'key_findings' => 'Wichtige Findings',
|
||||
'accepted_risks' => 'Akzeptierte Risiken',
|
||||
'published' => 'Veröffentlicht',
|
||||
'review_pack' => 'Review-Pack',
|
||||
'open_latest_review' => 'Letztes Review öffnen',
|
||||
'download_review_pack' => 'Review-Pack herunterladen',
|
||||
'no_entitled_tenants' => 'Keine berechtigten Tenants passen zu dieser Ansicht',
|
||||
'clear_filters_description' => 'Löschen Sie die aktuellen Filter, um zum vollständigen Kundenreview-Workspace für Ihre berechtigten Tenants zurückzukehren.',
|
||||
'adjust_filters_description' => 'Passen Sie die Filter an, um zum vollständigen Kundenreview-Workspace für Ihre berechtigten Tenants zurückzukehren.',
|
||||
'no_published_review' => 'Kein veröffentlichtes Review',
|
||||
'no_published_review_available' => 'Noch kein veröffentlichtes Review verfügbar',
|
||||
'no_findings_recorded' => 'Im veröffentlichten Review sind keine Findings erfasst.',
|
||||
'findings_count_summary' => ':count Findings im veröffentlichten Review zusammengefasst.',
|
||||
'findings_count_with_outcomes' => ':count Findings. Terminale Ergebnisse: :outcomes.',
|
||||
'no_accepted_risks_recorded' => 'Keine akzeptierten Risiken erfasst.',
|
||||
'accepted_risks_need_follow_up' => ':warnings akzeptierte Risiken benötigen Governance-Nacharbeit (:total gesamt).',
|
||||
'accepted_risks_governed' => ':count akzeptierte Risiken sind governed.',
|
||||
'accepted_risks_on_record' => ':count akzeptierte Risiken sind erfasst.',
|
||||
'unavailable' => 'Nicht verfügbar',
|
||||
'available' => 'Verfügbar',
|
||||
'outcome_summary' => 'Ergebniszusammenfassung',
|
||||
'review' => 'Review',
|
||||
'review_date' => 'Review-Datum',
|
||||
'completeness' => 'Vollständigkeit',
|
||||
'evidence_snapshot' => 'Evidence-Snapshot',
|
||||
'current_export' => 'Aktueller Export',
|
||||
'executive_posture' => 'Executive-Status',
|
||||
'sections' => 'Abschnitte',
|
||||
'details' => 'Details',
|
||||
'export_executive_pack' => 'Executive-Pack exportieren',
|
||||
'outcome' => 'Ergebnis',
|
||||
'export' => 'Export',
|
||||
'next_step' => 'Nächster Schritt',
|
||||
'no_tenant_reviews_yet' => 'Noch keine Tenant-Reviews',
|
||||
'create_first_review_description' => 'Erstellen Sie das erste Review aus einem verankerten Evidence-Snapshot, um die wiederkehrende Review-Historie für diesen Tenant zu starten.',
|
||||
'create_first_review' => 'Erstes Review erstellen',
|
||||
'create_review' => 'Review erstellen',
|
||||
'evidence_basis' => 'Evidence-Basis',
|
||||
'evidence_basis_helper' => 'Wählen Sie den verankerten Evidence-Snapshot für dieses Review.',
|
||||
'unable_create_missing_context' => 'Review kann nicht erstellt werden - Kontext fehlt.',
|
||||
'select_valid_evidence_snapshot' => 'Wählen Sie einen gültigen Evidence-Snapshot aus.',
|
||||
'unable_create_review' => 'Review kann nicht erstellt werden',
|
||||
'review_already_available' => 'Review bereits verfügbar',
|
||||
'review_already_available_body' => 'Ein passendes veränderbares Review ist für diese Evidence-Basis bereits vorhanden.',
|
||||
'view_review' => 'Review anzeigen',
|
||||
'open_operation' => 'Operation öffnen',
|
||||
'review_composing_background' => 'Das Review wird im Hintergrund zusammengestellt.',
|
||||
'unable_export_missing_context' => 'Review kann nicht exportiert werden - Kontext fehlt.',
|
||||
'export_already_queued_body' => 'Ein Executive-Pack-Export ist für dieses Review bereits eingereiht oder läuft.',
|
||||
'executive_pack_export_unavailable' => 'Executive-Pack-Export nicht verfügbar',
|
||||
'unable_export_executive_pack' => 'Executive-Pack kann nicht exportiert werden',
|
||||
'executive_pack_already_available' => 'Executive-Pack bereits verfügbar',
|
||||
'executive_pack_already_available_body' => 'Ein passendes Executive-Pack ist für dieses Review bereits vorhanden.',
|
||||
'view_pack' => 'Pack anzeigen',
|
||||
'executive_pack_generating_background' => 'Das Executive-Pack wird im Hintergrund erstellt.',
|
||||
'review_explanation' => 'Review-Erklärung',
|
||||
'reason_owner' => 'Reason Owner',
|
||||
'platform_core' => 'Platform Core',
|
||||
'platform_reason_family' => 'Platform-Reason-Familie',
|
||||
'compatibility' => 'Kompatibilität',
|
||||
'highlights' => 'Highlights',
|
||||
'next_actions' => 'Nächste Aktionen',
|
||||
'related_context' => 'Verwandter Kontext',
|
||||
'publication_readiness' => 'Veröffentlichungsreife',
|
||||
'ready_for_publication' => 'Dieses Review ist bereit für Veröffentlichung und Executive-Pack-Export.',
|
||||
'internal_only' => 'Dieses Review ist aktuell nur für interne Nutzung geeignet.',
|
||||
'needs_follow_up' => 'Dieses Review benötigt vor der Veröffentlichung noch Nacharbeit.',
|
||||
'key_entries' => 'Wichtige Einträge',
|
||||
'entry' => 'Eintrag',
|
||||
'follow_up' => 'Follow-up',
|
||||
'diagnostics' => 'Diagnosen',
|
||||
'result_meaning' => 'Ergebnisbedeutung',
|
||||
'result_trust' => 'Ergebnisvertrauen',
|
||||
'artifact_truth' => 'Artifact Truth',
|
||||
'no_action_needed' => 'Keine Aktion erforderlich',
|
||||
'count' => 'Anzahl',
|
||||
'guidance' => 'Orientierung',
|
||||
'findings' => 'Findings',
|
||||
'reports' => 'Berichte',
|
||||
'operations' => 'Operationen',
|
||||
'pending_verification' => 'Verifizierung ausstehend',
|
||||
'verified_cleared' => 'Verifiziert bereinigt',
|
||||
'terminal_outcomes' => 'Terminale Ergebnisse',
|
||||
'pending' => 'Ausstehend',
|
||||
'operation' => 'Operation',
|
||||
'operation_description' => 'Prüfen Sie die letzte Review-Zusammenstellung oder den Aktualisierungslauf.',
|
||||
'executive_pack' => 'Executive-Pack',
|
||||
'view_executive_pack' => 'Executive-Pack anzeigen',
|
||||
'executive_pack_description' => 'Öffnet den aktuellen Export, der zu diesem Review gehört.',
|
||||
'customer_workspace' => 'Kunden-Workspace',
|
||||
'open_customer_workspace' => 'Kunden-Workspace öffnen',
|
||||
'customer_workspace_description' => 'Öffnet den kundensicheren Review-Workspace mit Filter auf diesen Tenant.',
|
||||
'view_evidence_snapshot' => 'Evidence-Snapshot anzeigen',
|
||||
'evidence_snapshot_description' => 'Zur Evidence-Basis hinter diesem Review zurückkehren.',
|
||||
],
|
||||
'findings' => [
|
||||
'all' => 'Alle',
|
||||
'needs_action' => 'Handlungsbedarf',
|
||||
'overdue' => 'Überfällig',
|
||||
'risk_accepted' => 'Risiko akzeptiert',
|
||||
'resolved' => 'Gelöst',
|
||||
'actions' => 'Aktionen',
|
||||
'open_approval_queue' => 'Freigabewarteschlange öffnen',
|
||||
],
|
||||
'notifications' => [
|
||||
'locale_override_saved' => 'Sprachüberschreibung angewendet.',
|
||||
'locale_override_cleared' => 'Sprachüberschreibung gelöscht.',
|
||||
'user_preference_saved' => 'Spracheinstellung gespeichert.',
|
||||
'user_preference_cleared' => 'Spracheinstellung gelöscht.',
|
||||
'workspace_settings_saved' => 'Workspace-Einstellungen gespeichert',
|
||||
'workspace_settings_unchanged' => 'Keine Einstellungsänderungen zu speichern',
|
||||
'workspace_setting_reset' => 'Workspace-Einstellung auf Standard zurückgesetzt',
|
||||
'setting_already_default' => 'Einstellung verwendet bereits den Standard',
|
||||
],
|
||||
'validation' => [
|
||||
'unsupported_locale' => 'Wählen Sie eine unterstützte Sprache.',
|
||||
],
|
||||
];
|
||||
230
apps/platform/lang/en/localization.php
Normal file
230
apps/platform/lang/en/localization.php
Normal file
@ -0,0 +1,230 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
return [
|
||||
'locales' => [
|
||||
'en' => 'English',
|
||||
'de' => 'German',
|
||||
],
|
||||
'source' => [
|
||||
'explicit_override' => 'session override',
|
||||
'user_preference' => 'personal preference',
|
||||
'workspace_default' => 'workspace default',
|
||||
'workspace_override' => 'workspace override',
|
||||
'system_default' => 'system default',
|
||||
],
|
||||
'shell' => [
|
||||
'language' => 'Language',
|
||||
'current_language' => 'Current language',
|
||||
'language_source' => 'Source: :source',
|
||||
'temporary_override' => 'Temporary override',
|
||||
'switch_language' => 'Switch language',
|
||||
'clear_override' => 'Use inherited language',
|
||||
'personal_preference' => 'Personal preference',
|
||||
'save_preference' => 'Save preference',
|
||||
'inherit_workspace' => 'Use workspace default',
|
||||
'workspace' => 'Workspace',
|
||||
'choose_workspace' => 'Choose workspace',
|
||||
'switch_workspace' => 'Switch workspace',
|
||||
'workspace_home' => 'Workspace Home',
|
||||
'tenant_scope' => 'Tenant scope',
|
||||
'select_tenant' => 'Select tenant',
|
||||
'selected_tenant' => 'Selected tenant',
|
||||
'no_tenant_selected' => 'No tenant selected',
|
||||
'switch_tenant' => 'Switch tenant',
|
||||
'clear_tenant_scope' => 'Clear tenant scope',
|
||||
'context_unavailable' => 'Context unavailable',
|
||||
'context_unavailable_workspace' => 'The requested scope could not be restored. The shell is showing a valid workspace state instead.',
|
||||
'context_unavailable_no_workspace' => 'Choose a workspace to continue with a valid admin context.',
|
||||
'no_active_tenants' => 'No active tenants are available for the standard operating context in this workspace.',
|
||||
'view_managed_tenants' => 'View managed tenants',
|
||||
'workspace_wide_available' => 'No tenant selected. Workspace-wide pages remain available, and choosing a tenant only sets the normal active operating context.',
|
||||
'search_tenants' => 'Search tenants...',
|
||||
'choose_workspace_first' => 'Choose a workspace first.',
|
||||
],
|
||||
'workspace' => [
|
||||
'title' => 'Workspace settings',
|
||||
'save' => 'Save',
|
||||
'reset' => 'Reset',
|
||||
'no_manage_permission' => 'You do not have permission to manage workspace settings.',
|
||||
'no_workspace_override' => 'No workspace override to reset.',
|
||||
'last_modified_by' => ':description - Last modified by :user, :time.',
|
||||
'section' => 'Localization settings',
|
||||
'section_description' => 'Workspace default used by users without a personal language preference.',
|
||||
'default_locale_label' => 'Default language',
|
||||
'default_locale_placeholder' => 'Unset (uses system default)',
|
||||
'default_locale_helper_unset' => 'Unset. Effective language: :locale (:source).',
|
||||
'default_locale_helper_set' => 'Effective language: :locale.',
|
||||
],
|
||||
'auth' => [
|
||||
'microsoft_not_configured' => 'Microsoft sign-in is not configured.',
|
||||
'sign_in_microsoft' => 'Sign in with Microsoft',
|
||||
'tenant_admin_membership_required' => 'Tenant Admin access requires a tenant membership.',
|
||||
],
|
||||
'navigation' => [
|
||||
'findings' => 'Findings',
|
||||
'settings' => 'Settings',
|
||||
'integrations' => 'Integrations',
|
||||
'manage_workspaces' => 'Manage workspaces',
|
||||
'operations' => 'Operations',
|
||||
'audit_log' => 'Audit Log',
|
||||
'alerts' => 'Alerts',
|
||||
'governance' => 'Governance',
|
||||
'monitoring' => 'Monitoring',
|
||||
'dashboard' => 'Dashboard',
|
||||
],
|
||||
'dashboard' => [
|
||||
'tenant_title' => 'Tenant dashboard',
|
||||
'system_title' => 'System dashboard',
|
||||
'request_support' => 'Request support',
|
||||
'support_request_heading' => 'Request support',
|
||||
'support_request_description' => 'Share a concise summary and TenantAtlas will attach redacted context from existing records.',
|
||||
'submit_request' => 'Submit request',
|
||||
'included_context' => 'Included context',
|
||||
'severity' => 'Severity',
|
||||
'summary' => 'Summary',
|
||||
'reproduction_notes' => 'Reproduction notes',
|
||||
'contact_name' => 'Contact name',
|
||||
'contact_email' => 'Contact email',
|
||||
'support_request_submitted' => 'Support request submitted',
|
||||
'open_support_diagnostics' => 'Open support diagnostics',
|
||||
'support_diagnostics' => 'Support diagnostics',
|
||||
'support_diagnostics_description' => 'Redacted tenant context from existing records.',
|
||||
'close' => 'Close',
|
||||
'time_window' => 'Time window',
|
||||
'window' => 'Window',
|
||||
'enter_break_glass' => 'Enter break-glass mode',
|
||||
'exit_break_glass' => 'Exit break-glass',
|
||||
'recovery_mode_enabled' => 'Recovery mode enabled',
|
||||
'recovery_mode_ended' => 'Recovery mode ended',
|
||||
],
|
||||
'review' => [
|
||||
'reporting' => 'Reporting',
|
||||
'customer_reviews' => 'Customer reviews',
|
||||
'customer_review_workspace' => 'Customer Review Workspace',
|
||||
'customer_safe_review_workspace' => 'Customer-safe review workspace',
|
||||
'customer_workspace_intro' => 'Review the latest published customer-safe posture for each entitled tenant without leaving the current workspace context.',
|
||||
'customer_workspace_canonical_note' => 'Opening a row returns to the existing tenant review detail so evidence, review packs, and audit-aware proof remain on their canonical tenant-scoped surfaces.',
|
||||
'reviews' => 'Reviews',
|
||||
'clear_filters' => 'Clear filters',
|
||||
'tenant' => 'Tenant',
|
||||
'latest_review' => 'Latest review',
|
||||
'key_findings' => 'Key findings',
|
||||
'accepted_risks' => 'Accepted risks',
|
||||
'published' => 'Published',
|
||||
'review_pack' => 'Review pack',
|
||||
'open_latest_review' => 'Open latest review',
|
||||
'download_review_pack' => 'Download review pack',
|
||||
'no_entitled_tenants' => 'No entitled tenants match this view',
|
||||
'clear_filters_description' => 'Clear the current filters to return to the full customer review workspace for your entitled tenants.',
|
||||
'adjust_filters_description' => 'Adjust filters to return to the full customer review workspace for your entitled tenants.',
|
||||
'no_published_review' => 'No published review',
|
||||
'no_published_review_available' => 'No published review available yet',
|
||||
'no_findings_recorded' => 'No findings recorded in the published review.',
|
||||
'findings_count_summary' => ':count findings summarized in the published review.',
|
||||
'findings_count_with_outcomes' => ':count findings. Terminal outcomes: :outcomes.',
|
||||
'no_accepted_risks_recorded' => 'No accepted risks recorded.',
|
||||
'accepted_risks_need_follow_up' => ':warnings accepted risks need governance follow-up (:total total).',
|
||||
'accepted_risks_governed' => ':count accepted risks are governed.',
|
||||
'accepted_risks_on_record' => ':count accepted risks are on record.',
|
||||
'unavailable' => 'Unavailable',
|
||||
'available' => 'Available',
|
||||
'outcome_summary' => 'Outcome summary',
|
||||
'review' => 'Review',
|
||||
'review_date' => 'Review date',
|
||||
'completeness' => 'Completeness',
|
||||
'evidence_snapshot' => 'Evidence snapshot',
|
||||
'current_export' => 'Current export',
|
||||
'executive_posture' => 'Executive posture',
|
||||
'sections' => 'Sections',
|
||||
'details' => 'Details',
|
||||
'export_executive_pack' => 'Export executive pack',
|
||||
'outcome' => 'Outcome',
|
||||
'export' => 'Export',
|
||||
'next_step' => 'Next step',
|
||||
'no_tenant_reviews_yet' => 'No tenant reviews yet',
|
||||
'create_first_review_description' => 'Create the first review from an anchored evidence snapshot to start the recurring review history for this tenant.',
|
||||
'create_first_review' => 'Create first review',
|
||||
'create_review' => 'Create review',
|
||||
'evidence_basis' => 'Evidence basis',
|
||||
'evidence_basis_helper' => 'Choose the anchored evidence snapshot for this review.',
|
||||
'unable_create_missing_context' => 'Unable to create review - missing context.',
|
||||
'select_valid_evidence_snapshot' => 'Select a valid evidence snapshot.',
|
||||
'unable_create_review' => 'Unable to create review',
|
||||
'review_already_available' => 'Review already available',
|
||||
'review_already_available_body' => 'A matching mutable review already exists for this evidence basis.',
|
||||
'view_review' => 'View review',
|
||||
'open_operation' => 'Open operation',
|
||||
'review_composing_background' => 'The review is being composed in the background.',
|
||||
'unable_export_missing_context' => 'Unable to export review - missing context.',
|
||||
'export_already_queued_body' => 'An executive pack export is already queued or running for this review.',
|
||||
'executive_pack_export_unavailable' => 'Executive pack export unavailable',
|
||||
'unable_export_executive_pack' => 'Unable to export executive pack',
|
||||
'executive_pack_already_available' => 'Executive pack already available',
|
||||
'executive_pack_already_available_body' => 'A matching executive pack already exists for this review.',
|
||||
'view_pack' => 'View pack',
|
||||
'executive_pack_generating_background' => 'The executive pack is being generated in the background.',
|
||||
'review_explanation' => 'Review explanation',
|
||||
'reason_owner' => 'Reason owner',
|
||||
'platform_core' => 'Platform core',
|
||||
'platform_reason_family' => 'Platform reason family',
|
||||
'compatibility' => 'Compatibility',
|
||||
'highlights' => 'Highlights',
|
||||
'next_actions' => 'Next actions',
|
||||
'related_context' => 'Related context',
|
||||
'publication_readiness' => 'Publication readiness',
|
||||
'ready_for_publication' => 'This review is ready for publication and executive-pack export.',
|
||||
'internal_only' => 'This review is currently safe for internal use only.',
|
||||
'needs_follow_up' => 'This review still needs follow-up before publication.',
|
||||
'key_entries' => 'Key entries',
|
||||
'entry' => 'Entry',
|
||||
'follow_up' => 'Follow-up',
|
||||
'diagnostics' => 'Diagnostics',
|
||||
'result_meaning' => 'Result meaning',
|
||||
'result_trust' => 'Result trust',
|
||||
'artifact_truth' => 'Artifact truth',
|
||||
'no_action_needed' => 'No action needed',
|
||||
'count' => 'Count',
|
||||
'guidance' => 'Guidance',
|
||||
'findings' => 'Findings',
|
||||
'reports' => 'Reports',
|
||||
'operations' => 'Operations',
|
||||
'pending_verification' => 'Pending verification',
|
||||
'verified_cleared' => 'Verified cleared',
|
||||
'terminal_outcomes' => 'Terminal outcomes',
|
||||
'pending' => 'Pending',
|
||||
'operation' => 'Operation',
|
||||
'operation_description' => 'Inspect the latest review composition or refresh run.',
|
||||
'executive_pack' => 'Executive pack',
|
||||
'view_executive_pack' => 'View executive pack',
|
||||
'executive_pack_description' => 'Open the current export that belongs to this review.',
|
||||
'customer_workspace' => 'Customer workspace',
|
||||
'open_customer_workspace' => 'Open customer workspace',
|
||||
'customer_workspace_description' => 'Open the customer-safe review workspace prefiltered to this tenant.',
|
||||
'view_evidence_snapshot' => 'View evidence snapshot',
|
||||
'evidence_snapshot_description' => 'Return to the evidence basis behind this review.',
|
||||
],
|
||||
'findings' => [
|
||||
'all' => 'All',
|
||||
'needs_action' => 'Needs action',
|
||||
'overdue' => 'Overdue',
|
||||
'risk_accepted' => 'Risk accepted',
|
||||
'resolved' => 'Resolved',
|
||||
'actions' => 'Actions',
|
||||
'open_approval_queue' => 'Open approval queue',
|
||||
],
|
||||
'notifications' => [
|
||||
'locale_override_saved' => 'Language override applied.',
|
||||
'locale_override_cleared' => 'Language override cleared.',
|
||||
'user_preference_saved' => 'Language preference saved.',
|
||||
'user_preference_cleared' => 'Language preference cleared.',
|
||||
'workspace_settings_saved' => 'Workspace settings saved',
|
||||
'workspace_settings_unchanged' => 'No settings changes to save',
|
||||
'workspace_setting_reset' => 'Workspace setting reset to default',
|
||||
'setting_already_default' => 'Setting already uses default',
|
||||
],
|
||||
'validation' => [
|
||||
'unsupported_locale' => 'Choose a supported language.',
|
||||
],
|
||||
];
|
||||
@ -37,7 +37,7 @@
|
||||
$compressedOutcome['primaryLabel'] ?? null,
|
||||
$state['primaryLabel'] ?? null,
|
||||
$operatorExplanation['headline'] ?? null,
|
||||
'Artifact truth',
|
||||
__('localization.review.artifact_truth'),
|
||||
]);
|
||||
$primaryReason = $firstArtifactTruthText([
|
||||
$compressedOutcome['primaryReason'] ?? null,
|
||||
@ -49,7 +49,7 @@
|
||||
$compressedOutcome['nextActionText'] ?? null,
|
||||
data_get($operatorExplanation, 'nextAction.text'),
|
||||
$state['nextActionLabel'] ?? null,
|
||||
'No action needed',
|
||||
__('localization.review.no_action_needed'),
|
||||
]);
|
||||
$diagnosticsSummary = $firstArtifactTruthText([
|
||||
$compressedOutcome['diagnosticsSummary'] ?? null,
|
||||
@ -81,7 +81,7 @@
|
||||
|
||||
if ($evaluationSpec && $evaluationSpec->label !== 'Unknown') {
|
||||
$summaryFacts->push([
|
||||
'label' => 'Result meaning',
|
||||
'label' => __('localization.review.result_meaning'),
|
||||
'value' => $evaluationSpec->label,
|
||||
'badge' => BadgeCatalog::summaryData($evaluationSpec),
|
||||
]);
|
||||
@ -89,7 +89,7 @@
|
||||
|
||||
if ($trustSpec && $trustSpec->label !== 'Unknown') {
|
||||
$summaryFacts->push([
|
||||
'label' => 'Result trust',
|
||||
'label' => __('localization.review.result_trust'),
|
||||
'value' => $trustSpec->label,
|
||||
'badge' => BadgeCatalog::summaryData($trustSpec),
|
||||
]);
|
||||
@ -133,7 +133,7 @@
|
||||
|
||||
<div class="rounded-xl border border-gray-200 bg-white p-4 shadow-sm dark:border-gray-800 dark:bg-gray-900">
|
||||
<div class="text-xs font-semibold uppercase tracking-[0.16em] text-gray-500 dark:text-gray-400">
|
||||
Diagnostics
|
||||
{{ __('localization.review.diagnostics') }}
|
||||
</div>
|
||||
|
||||
<div class="mt-3 space-y-2">
|
||||
@ -164,7 +164,7 @@
|
||||
|
||||
<div class="rounded-md border border-gray-100 bg-gray-50 px-3 py-2 dark:border-gray-800 dark:bg-gray-950/60">
|
||||
<div class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">
|
||||
{{ $count['label'] ?? 'Count' }}
|
||||
{{ $count['label'] ?? __('localization.review.count') }}
|
||||
</div>
|
||||
<div class="mt-1 text-lg font-semibold text-gray-900 dark:text-gray-100">
|
||||
{{ (int) ($count['value'] ?? 0) }}
|
||||
@ -211,7 +211,7 @@
|
||||
|
||||
<dl class="grid gap-3 sm:grid-cols-2 xl:grid-cols-4">
|
||||
<div class="rounded-md border border-gray-100 bg-gray-50 px-3 py-2 dark:border-gray-800 dark:bg-gray-950/60">
|
||||
<dt class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Next step</dt>
|
||||
<dt class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.next_step') }}</dt>
|
||||
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">
|
||||
{{ $nextActionText }}
|
||||
</dd>
|
||||
@ -237,7 +237,7 @@
|
||||
|
||||
@if ($nextSteps !== [])
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Guidance</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.guidance') }}</div>
|
||||
<ul class="space-y-1 text-sm text-gray-700 dark:text-gray-300">
|
||||
@foreach ($nextSteps as $step)
|
||||
@continue(! is_string($step) || trim($step) === '')
|
||||
|
||||
@ -42,14 +42,14 @@
|
||||
|
||||
@if ($entries !== [])
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Key entries</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.key_entries') }}</div>
|
||||
<div class="space-y-2">
|
||||
@foreach ($entries as $entry)
|
||||
@continue(! is_array($entry))
|
||||
|
||||
<div class="rounded-md border border-gray-100 bg-gray-50 px-3 py-3 text-sm dark:border-gray-800 dark:bg-gray-950/60">
|
||||
<div class="font-medium text-gray-900 dark:text-gray-100">
|
||||
{{ $entry['title'] ?? $entry['displayName'] ?? $entry['type'] ?? 'Entry' }}
|
||||
{{ $entry['title'] ?? $entry['displayName'] ?? $entry['type'] ?? __('localization.review.entry') }}
|
||||
</div>
|
||||
|
||||
@php
|
||||
@ -82,7 +82,7 @@
|
||||
|
||||
@if ($nextActions !== [])
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Follow-up</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.follow_up') }}</div>
|
||||
<ul class="space-y-1 text-sm text-gray-700 dark:text-gray-300">
|
||||
@foreach ($nextActions as $action)
|
||||
@continue(! is_string($action) || trim($action) === '')
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
@if ($operatorExplanation !== [])
|
||||
<div class="rounded-lg border border-gray-200 bg-white px-4 py-3 shadow-sm dark:border-gray-800 dark:bg-gray-900/70">
|
||||
<div class="text-sm font-semibold text-gray-950 dark:text-white">
|
||||
{{ $operatorExplanation['headline'] ?? 'Review explanation' }}
|
||||
{{ $operatorExplanation['headline'] ?? __('localization.review.review_explanation') }}
|
||||
</div>
|
||||
|
||||
@if (filled($operatorExplanation['reliabilityStatement'] ?? null))
|
||||
@ -45,13 +45,13 @@
|
||||
@if ($reasonSemantics !== [])
|
||||
<dl class="grid grid-cols-1 gap-3 md:grid-cols-2">
|
||||
<div class="rounded-md border border-gray-100 bg-gray-50 px-3 py-2 dark:border-gray-800 dark:bg-gray-950/60">
|
||||
<dt class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Reason owner</dt>
|
||||
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">{{ $reasonSemantics['owner_label'] ?? 'Platform core' }}</dd>
|
||||
<dt class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.reason_owner') }}</dt>
|
||||
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">{{ $reasonSemantics['owner_label'] ?? __('localization.review.platform_core') }}</dd>
|
||||
</div>
|
||||
|
||||
<div class="rounded-md border border-gray-100 bg-gray-50 px-3 py-2 dark:border-gray-800 dark:bg-gray-950/60">
|
||||
<dt class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Platform reason family</dt>
|
||||
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">{{ $reasonSemantics['family_label'] ?? 'Compatibility' }}</dd>
|
||||
<dt class="text-[11px] font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.platform_reason_family') }}</dt>
|
||||
<dd class="mt-1 text-sm text-gray-900 dark:text-gray-100">{{ $reasonSemantics['family_label'] ?? __('localization.review.compatibility') }}</dd>
|
||||
</div>
|
||||
</dl>
|
||||
@endif
|
||||
@ -74,7 +74,7 @@
|
||||
|
||||
@if ($highlights !== [])
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Highlights</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.highlights') }}</div>
|
||||
<ul class="space-y-1 text-sm text-gray-700 dark:text-gray-300">
|
||||
@foreach ($highlights as $highlight)
|
||||
@continue(! is_string($highlight) || trim($highlight) === '')
|
||||
@ -87,7 +87,7 @@
|
||||
|
||||
@if ($nextActions !== [])
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Next actions</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.next_actions') }}</div>
|
||||
<ul class="space-y-1 text-sm text-gray-700 dark:text-gray-300">
|
||||
@foreach ($nextActions as $action)
|
||||
@continue(! is_string($action) || trim($action) === '')
|
||||
@ -100,7 +100,7 @@
|
||||
|
||||
@if ($contextLinks !== [])
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Related context</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.related_context') }}</div>
|
||||
<div class="grid gap-3 md:grid-cols-3">
|
||||
@foreach ($contextLinks as $link)
|
||||
@php
|
||||
@ -130,11 +130,11 @@
|
||||
@endif
|
||||
|
||||
<div class="space-y-2">
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">Publication readiness</div>
|
||||
<div class="text-xs font-semibold uppercase tracking-wide text-gray-500 dark:text-gray-400">{{ __('localization.review.publication_readiness') }}</div>
|
||||
|
||||
@if ($publishBlockers === [] && $decisionDirection === 'publishable')
|
||||
<div class="rounded-md border border-emerald-100 bg-emerald-50 px-3 py-2 text-sm text-emerald-800 dark:border-emerald-900/40 dark:bg-emerald-950/30 dark:text-emerald-200">
|
||||
This review is ready for publication and executive-pack export.
|
||||
{{ __('localization.review.ready_for_publication') }}
|
||||
</div>
|
||||
@elseif ($publishBlockers !== [])
|
||||
<ul class="space-y-1 text-sm text-amber-800 dark:text-amber-200">
|
||||
@ -146,7 +146,7 @@
|
||||
</ul>
|
||||
@elseif ($decisionDirection === 'internal_only')
|
||||
<div class="rounded-md border border-amber-100 bg-amber-50 px-3 py-2 text-sm text-amber-800 dark:border-amber-900/40 dark:bg-amber-950/30 dark:text-amber-200">
|
||||
<div>This review is currently safe for internal use only.</div>
|
||||
<div>{{ __('localization.review.internal_only') }}</div>
|
||||
|
||||
@if ($publicationNextAction !== null)
|
||||
<div class="mt-1">{{ $publicationNextAction }}</div>
|
||||
@ -154,7 +154,7 @@
|
||||
</div>
|
||||
@else
|
||||
<div class="rounded-md border border-amber-100 bg-amber-50 px-3 py-2 text-sm text-amber-800 dark:border-amber-900/40 dark:bg-amber-950/30 dark:text-amber-200">
|
||||
{{ $publicationNextAction ?? $publicationReason ?? 'This review still needs follow-up before publication.' }}
|
||||
{{ $publicationNextAction ?? $publicationReason ?? __('localization.review.needs_follow_up') }}
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
|
||||
@if (! $isConfigured)
|
||||
<div class="rounded-md bg-amber-50 p-4 text-sm text-amber-900 dark:bg-amber-950/30 dark:text-amber-200">
|
||||
Microsoft sign-in is not configured.
|
||||
{{ __('localization.auth.microsoft_not_configured') }}
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@ -25,11 +25,11 @@
|
||||
:disabled="! $isConfigured"
|
||||
color="primary"
|
||||
>
|
||||
Sign in with Microsoft
|
||||
{{ __('localization.auth.sign_in_microsoft') }}
|
||||
</x-filament::button>
|
||||
|
||||
<div class="text-center text-sm text-gray-500 dark:text-gray-400">
|
||||
Tenant Admin access requires a tenant membership.
|
||||
{{ __('localization.auth.tenant_admin_membership_required') }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -0,0 +1,164 @@
|
||||
<x-filament-panels::page>
|
||||
@php
|
||||
$scope = $this->appliedScope();
|
||||
$sections = $this->sections();
|
||||
$emptyState = $this->calmEmptyState();
|
||||
@endphp
|
||||
|
||||
<x-filament::section>
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="inline-flex w-fit items-center gap-2 rounded-full border border-primary-200 bg-primary-50 px-3 py-1 text-xs font-medium text-primary-700 dark:border-primary-700/60 dark:bg-primary-950/40 dark:text-primary-300">
|
||||
<x-filament::icon icon="heroicon-o-inbox-stack" class="h-3.5 w-3.5" />
|
||||
Governance inbox
|
||||
</div>
|
||||
|
||||
<div class="space-y-1">
|
||||
<h1 class="text-2xl font-semibold tracking-tight text-gray-950 dark:text-white">
|
||||
Governance inbox
|
||||
</h1>
|
||||
|
||||
<p class="max-w-3xl text-sm leading-6 text-gray-600 dark:text-gray-300">
|
||||
This workspace decision surface routes you into the existing findings, operations, alerts, and review surfaces without introducing a second workflow state.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="flex flex-wrap gap-2 text-sm text-gray-600 dark:text-gray-300">
|
||||
@if (filled($scope['workspace_label'] ?? null))
|
||||
<span class="inline-flex items-center rounded-full bg-gray-100 px-3 py-1 text-xs font-medium text-gray-700 dark:bg-gray-800 dark:text-gray-200">
|
||||
Workspace: {{ $scope['workspace_label'] }}
|
||||
</span>
|
||||
@endif
|
||||
|
||||
<span class="inline-flex items-center rounded-full bg-gray-100 px-3 py-1 text-xs font-medium text-gray-700 dark:bg-gray-800 dark:text-gray-200">
|
||||
Scope: {{ $scope['family_label'] ?? 'All attention' }}
|
||||
</span>
|
||||
|
||||
<span class="inline-flex items-center rounded-full bg-gray-100 px-3 py-1 text-xs font-medium text-gray-700 dark:bg-gray-800 dark:text-gray-200">
|
||||
Visible items: {{ $scope['total_count'] ?? 0 }}
|
||||
</span>
|
||||
|
||||
@if (filled($scope['tenant_label'] ?? null))
|
||||
<span class="inline-flex items-center rounded-full bg-warning-50 px-3 py-1 text-xs font-medium text-warning-700 dark:bg-warning-500/10 dark:text-warning-300">
|
||||
Tenant: {{ $scope['tenant_label'] }}
|
||||
</span>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
<div class="flex flex-wrap gap-2">
|
||||
<a
|
||||
href="{{ $this->pageUrl(['family' => null]) }}"
|
||||
class="inline-flex items-center gap-2 rounded-full border px-3 py-1.5 text-sm font-medium transition {{ $this->family === null ? 'border-primary-300 bg-primary-50 text-primary-700 dark:border-primary-700/60 dark:bg-primary-950/40 dark:text-primary-300' : 'border-gray-200 text-gray-700 hover:border-gray-300 dark:border-gray-700 dark:text-gray-200 dark:hover:border-gray-600' }}"
|
||||
>
|
||||
All attention
|
||||
<span class="rounded-full bg-black/5 px-2 py-0.5 text-xs dark:bg-white/10">{{ $scope['total_count'] ?? 0 }}</span>
|
||||
</a>
|
||||
|
||||
@foreach ($this->availableFamilies() as $family)
|
||||
<a
|
||||
href="{{ $this->pageUrl(['family' => $family['key']]) }}"
|
||||
class="inline-flex items-center gap-2 rounded-full border px-3 py-1.5 text-sm font-medium transition {{ $this->isActiveFamily($family['key']) ? 'border-primary-300 bg-primary-50 text-primary-700 dark:border-primary-700/60 dark:bg-primary-950/40 dark:text-primary-300' : 'border-gray-200 text-gray-700 hover:border-gray-300 dark:border-gray-700 dark:text-gray-200 dark:hover:border-gray-600' }}"
|
||||
>
|
||||
{{ $family['label'] }}
|
||||
<span class="rounded-full bg-black/5 px-2 py-0.5 text-xs dark:bg-white/10">{{ $family['count'] }}</span>
|
||||
</a>
|
||||
@endforeach
|
||||
</div>
|
||||
|
||||
@if ($this->hasTenantPrefilter())
|
||||
<div class="flex flex-wrap items-center gap-3 text-sm text-gray-600 dark:text-gray-300">
|
||||
<span>The inbox is currently filtered to one tenant.</span>
|
||||
|
||||
<a href="{{ $this->pageUrl(['tenant' => null]) }}" class="font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
|
||||
Clear tenant filter
|
||||
</a>
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
</x-filament::section>
|
||||
|
||||
@if ($sections === [])
|
||||
<x-filament::section>
|
||||
<div class="flex flex-col gap-4 rounded-2xl border border-dashed border-gray-300 bg-gray-50/60 p-6 dark:border-gray-700 dark:bg-gray-900/40">
|
||||
<div class="space-y-1">
|
||||
<h2 class="text-base font-semibold text-gray-950 dark:text-white">{{ $emptyState['title'] }}</h2>
|
||||
<p class="max-w-2xl text-sm leading-6 text-gray-600 dark:text-gray-300">{{ $emptyState['body'] }}</p>
|
||||
</div>
|
||||
|
||||
@if (filled($emptyState['action_label'] ?? null) && filled($emptyState['action_url'] ?? null))
|
||||
<div>
|
||||
<x-filament::button tag="a" color="gray" href="{{ $emptyState['action_url'] }}">
|
||||
{{ $emptyState['action_label'] }}
|
||||
</x-filament::button>
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
</x-filament::section>
|
||||
@else
|
||||
@foreach ($sections as $section)
|
||||
<x-filament::section>
|
||||
<div class="flex flex-col gap-4">
|
||||
<div class="flex flex-col gap-3 lg:flex-row lg:items-start lg:justify-between">
|
||||
<div class="space-y-2">
|
||||
<div class="flex flex-wrap items-center gap-2">
|
||||
<h2 class="text-base font-semibold text-gray-950 dark:text-white">{{ $section['label'] }}</h2>
|
||||
<span class="inline-flex items-center rounded-full bg-gray-100 px-2.5 py-1 text-xs font-medium text-gray-700 dark:bg-gray-800 dark:text-gray-200">
|
||||
{{ $section['count'] }}
|
||||
</span>
|
||||
</div>
|
||||
|
||||
<p class="max-w-3xl text-sm leading-6 text-gray-600 dark:text-gray-300">{{ $section['summary'] }}</p>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<x-filament::button tag="a" color="gray" href="{{ $section['dominant_action_url'] }}">
|
||||
{{ $section['dominant_action_label'] }}
|
||||
</x-filament::button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@if ($section['count'] === 0)
|
||||
<div class="rounded-2xl border border-dashed border-gray-300 bg-gray-50/60 p-5 text-sm leading-6 text-gray-600 dark:border-gray-700 dark:bg-gray-900/40 dark:text-gray-300">
|
||||
{{ $section['empty_state'] }}
|
||||
</div>
|
||||
@else
|
||||
<ul class="grid gap-3">
|
||||
@foreach ($section['entries'] as $entry)
|
||||
<li class="rounded-2xl border border-gray-200 bg-white p-4 shadow-sm dark:border-gray-800 dark:bg-gray-900/60">
|
||||
<div class="flex flex-col gap-3 lg:flex-row lg:items-start lg:justify-between">
|
||||
<div class="space-y-1.5">
|
||||
@if (filled($entry['tenant_label'] ?? null))
|
||||
<div class="text-xs font-medium uppercase tracking-[0.16em] text-gray-500 dark:text-gray-400">
|
||||
{{ $entry['tenant_label'] }}
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<div class="flex flex-wrap items-center gap-2">
|
||||
<a href="{{ $entry['destination_url'] }}" class="text-sm font-semibold text-gray-950 hover:text-primary-600 dark:text-white dark:hover:text-primary-300">
|
||||
{{ $entry['headline'] }}
|
||||
</a>
|
||||
|
||||
<span class="inline-flex items-center rounded-full bg-gray-100 px-2.5 py-1 text-xs font-medium text-gray-700 dark:bg-gray-800 dark:text-gray-200">
|
||||
{{ $entry['status_label'] }}
|
||||
</span>
|
||||
</div>
|
||||
|
||||
@if (filled($entry['subline'] ?? null))
|
||||
<p class="text-sm leading-6 text-gray-600 dark:text-gray-300">{{ $entry['subline'] }}</p>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<x-filament::button tag="a" color="gray" size="sm" href="{{ $entry['destination_url'] }}">
|
||||
Open source
|
||||
</x-filament::button>
|
||||
</div>
|
||||
</div>
|
||||
</li>
|
||||
@endforeach
|
||||
</ul>
|
||||
@endif
|
||||
</div>
|
||||
</x-filament::section>
|
||||
@endforeach
|
||||
@endif
|
||||
</x-filament-panels::page>
|
||||
@ -0,0 +1,19 @@
|
||||
<x-filament-panels::page>
|
||||
<x-filament::section>
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="text-lg font-semibold text-gray-900 dark:text-gray-100">
|
||||
{{ __('localization.review.customer_safe_review_workspace') }}
|
||||
</div>
|
||||
|
||||
<div class="text-sm text-gray-600 dark:text-gray-300">
|
||||
{{ __('localization.review.customer_workspace_intro') }}
|
||||
</div>
|
||||
|
||||
<div class="text-sm text-gray-600 dark:text-gray-300">
|
||||
{{ __('localization.review.customer_workspace_canonical_note') }}
|
||||
</div>
|
||||
</div>
|
||||
</x-filament::section>
|
||||
|
||||
{{ $this->table }}
|
||||
</x-filament-panels::page>
|
||||
@ -31,8 +31,8 @@
|
||||
@endphp
|
||||
|
||||
@php
|
||||
$tenantLabel = $currentTenantName ?? 'No tenant selected';
|
||||
$workspaceLabel = $workspace?->name ?? 'Choose workspace';
|
||||
$tenantLabel = $currentTenantName ?? __('localization.shell.no_tenant_selected');
|
||||
$workspaceLabel = $workspace?->name ?? __('localization.shell.choose_workspace');
|
||||
$hasActiveTenant = $currentTenantName !== null;
|
||||
$managedTenantsUrl = $workspace
|
||||
? route('admin.workspace.managed-tenants.index', ['workspace' => $workspace])
|
||||
@ -40,7 +40,8 @@
|
||||
$workspaceUrl = $workspace
|
||||
? route('admin.home')
|
||||
: ChooseWorkspace::getUrl(panel: 'admin');
|
||||
$tenantTriggerLabel = $workspace ? $tenantLabel : 'Choose workspace';
|
||||
$tenantTriggerLabel = $workspace ? $tenantLabel : __('localization.shell.choose_workspace');
|
||||
$localePlane = Filament::getCurrentPanel()?->getId() === 'tenant' ? 'tenant' : 'admin';
|
||||
@endphp
|
||||
|
||||
<div class="inline-flex items-center gap-0 rounded-lg border border-gray-200 bg-white text-sm dark:border-white/10 dark:bg-white/5">
|
||||
@ -63,7 +64,7 @@ class="inline-flex items-center gap-1.5 rounded-l-lg px-2.5 py-1.5 font-medium t
|
||||
<x-slot name="trigger">
|
||||
<button
|
||||
type="button"
|
||||
aria-label="{{ $workspace ? 'Tenant scope' : 'Select tenant' }}"
|
||||
aria-label="{{ $workspace ? __('localization.shell.tenant_scope') : __('localization.shell.select_tenant') }}"
|
||||
class="inline-flex items-center gap-1.5 rounded-r-lg px-2 py-1.5 transition hover:bg-gray-50 dark:hover:bg-white/10"
|
||||
>
|
||||
<span class="{{ $workspace && $hasActiveTenant ? 'font-medium text-primary-600 dark:text-primary-400' : 'text-gray-500 dark:text-gray-400' }}">
|
||||
@ -78,12 +79,12 @@ class="inline-flex items-center gap-1.5 rounded-r-lg px-2 py-1.5 transition hove
|
||||
<div class="space-y-3 px-3 py-2" x-data="{ query: '' }">
|
||||
@if ($resolvedContext->showsRecoveryNotice())
|
||||
<div class="rounded-lg border border-amber-200 bg-amber-50 px-3 py-2 text-xs text-amber-800 dark:border-amber-500/30 dark:bg-amber-500/10 dark:text-amber-200">
|
||||
<div class="font-semibold">Context unavailable</div>
|
||||
<div class="font-semibold">{{ __('localization.shell.context_unavailable') }}</div>
|
||||
|
||||
@if ($workspace)
|
||||
<div>The requested scope could not be restored. The shell is showing a valid workspace state instead.</div>
|
||||
<div>{{ __('localization.shell.context_unavailable_workspace') }}</div>
|
||||
@else
|
||||
<div>Choose a workspace to continue with a valid admin context.</div>
|
||||
<div>{{ __('localization.shell.context_unavailable_no_workspace') }}</div>
|
||||
@endif
|
||||
</div>
|
||||
@endif
|
||||
@ -91,7 +92,7 @@ class="inline-flex items-center gap-1.5 rounded-r-lg px-2 py-1.5 transition hove
|
||||
{{-- Workspace section --}}
|
||||
<div class="space-y-1">
|
||||
<div class="text-xs font-semibold uppercase tracking-wider text-gray-400 dark:text-gray-500">
|
||||
Workspace
|
||||
{{ __('localization.shell.workspace') }}
|
||||
</div>
|
||||
|
||||
<div class="flex items-center justify-between rounded-lg bg-gray-50 px-3 py-2 dark:bg-white/5">
|
||||
@ -104,7 +105,7 @@ class="inline-flex items-center gap-1.5 rounded-r-lg px-2 py-1.5 transition hove
|
||||
href="{{ ChooseWorkspace::getUrl(panel: 'admin').'?choose=1' }}"
|
||||
class="text-xs font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300"
|
||||
>
|
||||
Switch workspace
|
||||
{{ __('localization.shell.switch_workspace') }}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -113,7 +114,7 @@ class="text-xs font-medium text-primary-600 hover:text-primary-500 dark:text-pri
|
||||
class="flex items-center gap-2 rounded-lg px-3 py-2 text-sm text-gray-700 transition hover:bg-gray-50 dark:text-gray-300 dark:hover:bg-white/5"
|
||||
>
|
||||
<x-filament::icon icon="heroicon-o-home" class="h-4 w-4 text-gray-400 dark:text-gray-500" />
|
||||
Workspace Home
|
||||
{{ __('localization.shell.workspace_home') }}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -124,7 +125,7 @@ class="flex items-center gap-2 rounded-lg px-3 py-2 text-sm text-gray-700 transi
|
||||
<div class="space-y-2">
|
||||
<div class="flex items-center justify-between">
|
||||
<div class="text-xs font-semibold uppercase tracking-wider text-gray-400 dark:text-gray-500">
|
||||
Selected tenant
|
||||
{{ __('localization.shell.selected_tenant') }}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -137,7 +138,7 @@ class="flex items-center gap-2 rounded-lg px-3 py-2 text-sm text-gray-700 transi
|
||||
href="{{ ChooseTenant::getUrl(panel: 'admin') }}"
|
||||
class="ml-auto text-xs font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300"
|
||||
>
|
||||
Switch tenant
|
||||
{{ __('localization.shell.switch_tenant') }}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -146,7 +147,7 @@ class="ml-auto text-xs font-medium text-primary-600 hover:text-primary-500 dark:
|
||||
@csrf
|
||||
|
||||
<button type="submit" class="w-full rounded-lg px-3 py-1.5 text-left text-xs font-medium text-gray-500 transition hover:bg-gray-50 hover:text-gray-700 dark:text-gray-400 dark:hover:bg-white/5 dark:hover:text-gray-200">
|
||||
Clear tenant scope
|
||||
{{ __('localization.shell.clear_tenant_scope') }}
|
||||
</button>
|
||||
</form>
|
||||
@endif
|
||||
@ -154,23 +155,23 @@ class="ml-auto text-xs font-medium text-primary-600 hover:text-primary-500 dark:
|
||||
@else
|
||||
@if ($tenants->isEmpty())
|
||||
<div class="space-y-2 rounded-lg border border-dashed border-gray-300 px-3 py-3 text-center text-xs text-gray-500 dark:border-gray-600 dark:text-gray-400">
|
||||
<div>No active tenants are available for the standard operating context in this workspace.</div>
|
||||
<div>{{ __('localization.shell.no_active_tenants') }}</div>
|
||||
<a href="{{ $managedTenantsUrl }}" class="inline-flex items-center gap-1 text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
|
||||
<x-filament::icon icon="heroicon-o-arrow-top-right-on-square" class="h-3.5 w-3.5" />
|
||||
View managed tenants
|
||||
{{ __('localization.shell.view_managed_tenants') }}
|
||||
</a>
|
||||
</div>
|
||||
@else
|
||||
@if (! $hasActiveTenant)
|
||||
<div class="rounded-lg bg-gray-50 px-3 py-2 text-xs text-gray-600 dark:bg-white/5 dark:text-gray-400">
|
||||
No tenant selected. Workspace-wide pages remain available, and choosing a tenant only sets the normal active operating context.
|
||||
{{ __('localization.shell.workspace_wide_available') }}
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<input
|
||||
type="text"
|
||||
class="fi-input fi-text-input w-full"
|
||||
placeholder="Search tenants…"
|
||||
placeholder="{{ __('localization.shell.search_tenants') }}"
|
||||
x-model="query"
|
||||
/>
|
||||
|
||||
@ -207,7 +208,7 @@ class="flex w-full items-center gap-2 px-3 py-2 text-left text-sm transition {{
|
||||
@csrf
|
||||
|
||||
<button type="submit" class="w-full rounded-lg px-3 py-1.5 text-left text-xs font-medium text-gray-500 transition hover:bg-gray-50 hover:text-gray-700 dark:text-gray-400 dark:hover:bg-white/5 dark:hover:text-gray-200">
|
||||
Clear tenant scope
|
||||
{{ __('localization.shell.clear_tenant_scope') }}
|
||||
</button>
|
||||
</form>
|
||||
@endif
|
||||
@ -216,10 +217,12 @@ class="flex w-full items-center gap-2 px-3 py-2 text-left text-sm transition {{
|
||||
</div>
|
||||
@else
|
||||
<div class="rounded-lg border border-dashed border-gray-300 px-3 py-3 text-center text-xs text-gray-500 dark:border-gray-600 dark:text-gray-400">
|
||||
Choose a workspace first.
|
||||
{{ __('localization.shell.choose_workspace_first') }}
|
||||
</div>
|
||||
@endif
|
||||
</div>
|
||||
</x-filament::dropdown.list>
|
||||
</x-filament::dropdown>
|
||||
|
||||
@include('filament.partials.locale-switcher', ['plane' => $localePlane, 'showPreference' => true, 'embedded' => true])
|
||||
</div>
|
||||
|
||||
@ -0,0 +1,110 @@
|
||||
@php
|
||||
use App\Models\User;
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
|
||||
$plane = $plane ?? 'admin';
|
||||
$showPreference = (bool) ($showPreference ?? true);
|
||||
$embedded = (bool) ($embedded ?? false);
|
||||
|
||||
/** @var LocaleResolver $localeResolver */
|
||||
$localeResolver = app(LocaleResolver::class);
|
||||
$localeContext = request()->attributes->get(LocaleResolver::REQUEST_ATTRIBUTE);
|
||||
$localeContext = is_array($localeContext) ? $localeContext : $localeResolver->resolve(request(), $plane);
|
||||
$localeOptions = LocaleResolver::localeOptions();
|
||||
$currentLocale = (string) ($localeContext['locale'] ?? 'en');
|
||||
$source = (string) ($localeContext['source'] ?? LocaleResolver::SOURCE_SYSTEM_DEFAULT);
|
||||
$sourceLabel = __('localization.source.'.$source);
|
||||
$user = auth()->user();
|
||||
$preferredLocale = $user instanceof User ? $user->preferred_locale : null;
|
||||
@endphp
|
||||
|
||||
<div class="{{ $embedded ? 'border-l border-gray-200 dark:border-white/10' : 'inline-flex rounded-lg border border-gray-200 bg-white text-sm dark:border-white/10 dark:bg-white/5' }}">
|
||||
<x-filament::dropdown placement="bottom-end" teleport width="sm">
|
||||
<x-slot name="trigger">
|
||||
<button
|
||||
type="button"
|
||||
aria-label="{{ __('localization.shell.language') }}"
|
||||
class="inline-flex items-center gap-1.5 rounded-r-lg px-2 py-1.5 text-sm transition hover:bg-gray-50 dark:hover:bg-white/10"
|
||||
>
|
||||
<x-filament::icon icon="heroicon-o-language" class="h-4 w-4 text-gray-400 dark:text-gray-500" />
|
||||
<span class="font-medium text-gray-700 dark:text-gray-200">{{ strtoupper($currentLocale) }}</span>
|
||||
<x-filament::icon icon="heroicon-m-chevron-down" class="h-3.5 w-3.5 text-gray-400 dark:text-gray-500" />
|
||||
</button>
|
||||
</x-slot>
|
||||
|
||||
<x-filament::dropdown.list>
|
||||
<div class="space-y-3 px-3 py-2">
|
||||
<div class="space-y-1">
|
||||
<div class="text-xs font-semibold uppercase tracking-wider text-gray-400 dark:text-gray-500">
|
||||
{{ __('localization.shell.current_language') }}
|
||||
</div>
|
||||
<div class="rounded-lg bg-gray-50 px-3 py-2 dark:bg-white/5">
|
||||
<div class="text-sm font-medium text-gray-950 dark:text-white">
|
||||
{{ $localeOptions[$currentLocale] ?? strtoupper($currentLocale) }}
|
||||
</div>
|
||||
<div class="text-xs text-gray-500 dark:text-gray-400">
|
||||
{{ __('localization.shell.language_source', ['source' => $sourceLabel]) }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="border-t border-gray-200 dark:border-white/10"></div>
|
||||
|
||||
<form method="POST" action="{{ route('localization.override.update') }}" class="space-y-2">
|
||||
@csrf
|
||||
<label class="text-xs font-semibold uppercase tracking-wider text-gray-400 dark:text-gray-500" for="tenantpilot-locale-override-{{ $plane }}">
|
||||
{{ __('localization.shell.temporary_override') }}
|
||||
</label>
|
||||
<x-filament::input.wrapper class="w-full">
|
||||
<x-filament::input.select
|
||||
id="tenantpilot-locale-override-{{ $plane }}"
|
||||
name="locale"
|
||||
>
|
||||
@foreach ($localeOptions as $locale => $label)
|
||||
<option value="{{ $locale }}" @selected($currentLocale === $locale)>{{ $label }}</option>
|
||||
@endforeach
|
||||
</x-filament::input.select>
|
||||
</x-filament::input.wrapper>
|
||||
<button type="submit" class="w-full rounded-lg bg-primary-600 px-3 py-1.5 text-sm font-medium text-white transition hover:bg-primary-500">
|
||||
{{ __('localization.shell.switch_language') }}
|
||||
</button>
|
||||
</form>
|
||||
|
||||
@if ($source === LocaleResolver::SOURCE_EXPLICIT_OVERRIDE)
|
||||
<form method="POST" action="{{ route('localization.override.clear') }}">
|
||||
@csrf
|
||||
@method('DELETE')
|
||||
<button type="submit" class="w-full rounded-lg px-3 py-1.5 text-left text-xs font-medium text-gray-500 transition hover:bg-gray-50 hover:text-gray-700 dark:text-gray-400 dark:hover:bg-white/5 dark:hover:text-gray-200">
|
||||
{{ __('localization.shell.clear_override') }}
|
||||
</button>
|
||||
</form>
|
||||
@endif
|
||||
|
||||
@if ($showPreference && $user instanceof User)
|
||||
<div class="border-t border-gray-200 dark:border-white/10"></div>
|
||||
|
||||
<form method="POST" action="{{ route('localization.preference.update') }}" class="space-y-2">
|
||||
@csrf
|
||||
<label class="text-xs font-semibold uppercase tracking-wider text-gray-400 dark:text-gray-500" for="tenantpilot-locale-preference-{{ $plane }}">
|
||||
{{ __('localization.shell.personal_preference') }}
|
||||
</label>
|
||||
<x-filament::input.wrapper class="w-full">
|
||||
<x-filament::input.select
|
||||
id="tenantpilot-locale-preference-{{ $plane }}"
|
||||
name="preferred_locale"
|
||||
>
|
||||
<option value="" @selected($preferredLocale === null)>{{ __('localization.shell.inherit_workspace') }}</option>
|
||||
@foreach ($localeOptions as $locale => $label)
|
||||
<option value="{{ $locale }}" @selected($preferredLocale === $locale)>{{ $label }}</option>
|
||||
@endforeach
|
||||
</x-filament::input.select>
|
||||
</x-filament::input.wrapper>
|
||||
<button type="submit" class="w-full rounded-lg px-3 py-1.5 text-sm font-medium text-primary-600 transition hover:bg-primary-50 hover:text-primary-500 dark:text-primary-400 dark:hover:bg-primary-500/10 dark:hover:text-primary-300">
|
||||
{{ __('localization.shell.save_preference') }}
|
||||
</button>
|
||||
</form>
|
||||
@endif
|
||||
</div>
|
||||
</x-filament::dropdown.list>
|
||||
</x-filament::dropdown>
|
||||
</div>
|
||||
@ -1,9 +1,18 @@
|
||||
@php
|
||||
use App\Support\Badges\BadgeCatalog;
|
||||
use App\Support\Badges\BadgeDomain;
|
||||
|
||||
/** @var \App\Models\Workspace $workspace */
|
||||
$workspace = $this->workspace;
|
||||
$customerHealthDecision = $this->customerHealthDecision();
|
||||
$tenants = $this->workspaceTenants();
|
||||
$runs = $this->recentRuns();
|
||||
$commercialLifecycle = $this->workspaceCommercialLifecycleSummary();
|
||||
$commercialBadge = BadgeCatalog::spec(BadgeDomain::CommercialLifecycleState, $commercialLifecycle['state'] ?? null);
|
||||
$commercialActionDecisions = is_array($commercialLifecycle['action_decisions'] ?? null) ? $commercialLifecycle['action_decisions'] : [];
|
||||
$activationLifecycleDecision = $commercialActionDecisions['managed_tenant_activation'] ?? null;
|
||||
$reviewPackLifecycleDecision = $commercialActionDecisions['review_pack_start'] ?? null;
|
||||
$readOnlyLifecycleDecision = $commercialActionDecisions['generated_pack_read'] ?? null;
|
||||
$workspaceEntitlementSummary = $this->workspaceEntitlementSummary();
|
||||
$planProfile = $workspaceEntitlementSummary['plan_profile'] ?? null;
|
||||
$entitlementDecisions = $workspaceEntitlementSummary['decisions'] ?? [];
|
||||
@ -40,6 +49,63 @@
|
||||
@include('filament.system.pages.directory.partials.customer-health-decision-card', ['decision' => $customerHealthDecision])
|
||||
@endif
|
||||
|
||||
<x-filament::section>
|
||||
<x-slot name="heading">
|
||||
Commercial lifecycle
|
||||
</x-slot>
|
||||
|
||||
<div class="grid grid-cols-1 gap-4 sm:grid-cols-2">
|
||||
<div class="rounded-lg bg-gray-50 px-4 py-3 dark:bg-white/5">
|
||||
<p class="text-xs font-semibold uppercase tracking-wider text-gray-500 dark:text-gray-400">Current state</p>
|
||||
<div class="mt-2 flex items-center gap-2">
|
||||
<x-filament::badge :color="$commercialBadge->color" :icon="$commercialBadge->icon">
|
||||
{{ $commercialBadge->label }}
|
||||
</x-filament::badge>
|
||||
<span class="text-sm text-gray-500 dark:text-gray-400">{{ $commercialLifecycle['source_label'] ?? 'default active paid' }}</span>
|
||||
</div>
|
||||
<p class="mt-2 text-sm text-gray-500 dark:text-gray-400">{{ $commercialLifecycle['description'] ?? 'Commercial lifecycle state controls expansion and review-pack starts.' }}</p>
|
||||
</div>
|
||||
|
||||
<div class="rounded-lg bg-gray-50 px-4 py-3 dark:bg-white/5">
|
||||
<p class="text-xs font-semibold uppercase tracking-wider text-gray-500 dark:text-gray-400">Lifecycle rationale</p>
|
||||
<p class="mt-1 text-base font-semibold text-gray-950 dark:text-white">{{ $commercialLifecycle['rationale'] ?? 'No explicit rationale recorded.' }}</p>
|
||||
<p class="mt-1 text-sm text-gray-500 dark:text-gray-400">
|
||||
{{ $commercialLifecycle['last_changed_by'] ?? 'System default' }}
|
||||
@if (($commercialLifecycle['last_changed_at'] ?? null) instanceof \Carbon\CarbonInterface)
|
||||
· {{ $commercialLifecycle['last_changed_at']->diffForHumans() }}
|
||||
@endif
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="mt-4 space-y-3">
|
||||
@foreach ([
|
||||
'Managed tenant activation' => $activationLifecycleDecision,
|
||||
'Review-pack starts' => $reviewPackLifecycleDecision,
|
||||
'Read-only history and downloads' => $readOnlyLifecycleDecision,
|
||||
] as $label => $decision)
|
||||
@if (is_array($decision))
|
||||
<div class="rounded-lg border border-gray-200 px-4 py-3 dark:border-white/10">
|
||||
<div class="flex items-start justify-between gap-4">
|
||||
<div>
|
||||
<p class="text-sm font-semibold text-gray-950 dark:text-white">{{ $label }}</p>
|
||||
<p class="mt-1 text-sm text-gray-500 dark:text-gray-400">{{ $decision['message'] ?? 'No lifecycle decision message available.' }}</p>
|
||||
</div>
|
||||
<x-filament::badge :color="match ($decision['outcome'] ?? null) {
|
||||
'block' => 'danger',
|
||||
'warn' => 'warning',
|
||||
'allow_read_only' => 'info',
|
||||
default => 'success',
|
||||
}">
|
||||
{{ str_replace('_', ' ', (string) ($decision['outcome'] ?? 'allow')) }}
|
||||
</x-filament::badge>
|
||||
</div>
|
||||
</div>
|
||||
@endif
|
||||
@endforeach
|
||||
</div>
|
||||
</x-filament::section>
|
||||
|
||||
@if (is_array($planProfile) && is_array($managedTenantDecision) && is_array($reviewPackDecision))
|
||||
<x-filament::section>
|
||||
<x-slot name="heading">
|
||||
|
||||
@ -11,6 +11,8 @@
|
||||
/** @var bool $canManage */
|
||||
/** @var bool $generationBlocked */
|
||||
/** @var ?string $generationBlockReason */
|
||||
/** @var ?string $generationWarningReason */
|
||||
/** @var ?string $customerWorkspaceUrl */
|
||||
/** @var ?string $downloadUrl */
|
||||
/** @var ?string $failedReason */
|
||||
/** @var ?string $failedReasonDetail */
|
||||
@ -32,6 +34,12 @@
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if ($canManage && ! $generationBlocked && $generationWarningReason)
|
||||
<div class="mb-3 rounded-lg border border-warning-200 bg-warning-50 px-3 py-2 text-sm text-warning-800 dark:border-warning-500/30 dark:bg-warning-500/10 dark:text-warning-200">
|
||||
{{ $generationWarningReason }}
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if (! $pack)
|
||||
{{-- State 1: No pack --}}
|
||||
<div class="flex flex-col items-center gap-3 py-4 text-center">
|
||||
@ -215,5 +223,18 @@
|
||||
@endif
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if ($canView && $customerWorkspaceUrl)
|
||||
<div class="mt-3 flex items-center gap-2">
|
||||
<x-filament::button
|
||||
size="sm"
|
||||
color="gray"
|
||||
tag="a"
|
||||
:href="$customerWorkspaceUrl"
|
||||
>
|
||||
Customer workspace
|
||||
</x-filament::button>
|
||||
</div>
|
||||
@endif
|
||||
</x-filament::section>
|
||||
</div>
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
use App\Http\Controllers\AdminConsentCallbackController;
|
||||
use App\Http\Controllers\Auth\EntraController;
|
||||
use App\Http\Controllers\ClearTenantContextController;
|
||||
use App\Http\Controllers\LocalizationController;
|
||||
use App\Http\Controllers\OpenFindingExceptionsQueueController;
|
||||
use App\Http\Controllers\RbacDelegatedAuthController;
|
||||
use App\Http\Controllers\ReviewPackDownloadController;
|
||||
@ -67,6 +68,21 @@
|
||||
->middleware('throttle:entra-callback')
|
||||
->name('auth.entra.callback');
|
||||
|
||||
Route::middleware(['web'])->group(function (): void {
|
||||
Route::get('/localization/context', [LocalizationController::class, 'context'])
|
||||
->name('localization.context');
|
||||
|
||||
Route::post('/localization/override', [LocalizationController::class, 'updateOverride'])
|
||||
->name('localization.override.update');
|
||||
|
||||
Route::delete('/localization/override', [LocalizationController::class, 'clearOverride'])
|
||||
->name('localization.override.clear');
|
||||
});
|
||||
|
||||
Route::middleware(['web', 'auth', 'ensure-correct-guard:web'])
|
||||
->post('/users/me/locale-preference', [LocalizationController::class, 'updateUserPreference'])
|
||||
->name('localization.preference.update');
|
||||
|
||||
$makeSmokeCookie = static fn () => cookie()->make(
|
||||
SuppressDebugbarForSmokeRequests::COOKIE_NAME,
|
||||
SuppressDebugbarForSmokeRequests::COOKIE_VALUE,
|
||||
|
||||
@ -0,0 +1,100 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
pest()->browser()->timeout(20_000);
|
||||
|
||||
beforeEach(function (): void {
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
it('smokes the customer review workspace handoff from tenant review detail', function (): void {
|
||||
$tenantPublished = Tenant::factory()->create(['name' => 'Published Tenant']);
|
||||
[$user, $tenantPublished] = createUserWithTenant(
|
||||
tenant: $tenantPublished,
|
||||
role: 'owner',
|
||||
workspaceRole: 'manager',
|
||||
);
|
||||
|
||||
$tenantWithoutPublished = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantPublished->workspace_id,
|
||||
'name' => 'No Published Tenant',
|
||||
]);
|
||||
|
||||
createUserWithTenant(
|
||||
tenant: $tenantWithoutPublished,
|
||||
user: $user,
|
||||
role: 'owner',
|
||||
workspaceRole: 'manager',
|
||||
);
|
||||
|
||||
$publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
|
||||
$noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
|
||||
|
||||
$publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
|
||||
$publishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
|
||||
$internalOnlyReview->forceFill([
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
])->save();
|
||||
|
||||
Storage::disk('exports')->put('review-packs/customer-review-workspace-smoke.zip', 'PK-test');
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenantPublished->getKey(),
|
||||
'workspace_id' => (int) $tenantPublished->workspace_id,
|
||||
'tenant_review_id' => (int) $publishedReview->getKey(),
|
||||
'evidence_snapshot_id' => (int) $publishedSnapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => 'review-packs/customer-review-workspace-smoke.zip',
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $tenantPublished->workspace_id,
|
||||
WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
|
||||
(string) $tenantPublished->workspace_id => (int) $tenantPublished->getKey(),
|
||||
],
|
||||
]);
|
||||
|
||||
visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview], $tenantPublished))
|
||||
->waitForText('Related context')
|
||||
->assertSee('Open customer workspace')
|
||||
->assertNoJavaScriptErrors()
|
||||
->assertNoConsoleLogs()
|
||||
->click('Open customer workspace')
|
||||
->waitForText('Customer-safe review workspace')
|
||||
->assertSee('Clear filters')
|
||||
->assertSee('Open latest review')
|
||||
->assertDontSee('Publish review')
|
||||
->assertDontSee('Refresh review')
|
||||
->click('Clear filters')
|
||||
->waitForText('No published review available yet')
|
||||
->assertSee('No published review available yet')
|
||||
->click('Open latest review')
|
||||
->waitForText('Outcome summary')
|
||||
->assertDontSee('Publish review')
|
||||
->assertDontSee('Refresh review')
|
||||
->assertDontSee('Create next review')
|
||||
->assertDontSee('Export executive pack')
|
||||
->assertDontSee('Archive review')
|
||||
->assertNoJavaScriptErrors()
|
||||
->assertNoConsoleLogs();
|
||||
});
|
||||
@ -10,10 +10,14 @@
|
||||
use App\Models\EvidenceSnapshotItem;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\StoredReport;
|
||||
use App\Models\Tenant;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\Evidence\EvidenceCompletenessState;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\Ui\GovernanceActions\GovernanceActionCatalog;
|
||||
@ -68,6 +72,23 @@ function evidenceSnapshotHeaderActions(Testable $component): array
|
||||
return $instance->getCachedHeaderActions();
|
||||
}
|
||||
|
||||
function suspendEvidenceSnapshotWorkspace(Tenant $tenant): void
|
||||
{
|
||||
app(SettingsWriter::class)->updateWorkspaceCommercialLifecycle(
|
||||
actor: PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]),
|
||||
workspace: $tenant->workspace,
|
||||
state: WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY,
|
||||
reason: 'Evidence read-only preservation test',
|
||||
);
|
||||
}
|
||||
|
||||
it('renders the evidence list page for an authorized user', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
@ -207,6 +228,36 @@ function evidenceSnapshotHeaderActions(Testable $component): array
|
||||
->toContain('operation_run', 'review_pack');
|
||||
});
|
||||
|
||||
it('keeps evidence snapshot detail accessible for readonly members while suspended read-only', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
$snapshot = EvidenceSnapshot::query()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'status' => EvidenceSnapshotStatus::Active->value,
|
||||
'completeness_state' => EvidenceCompletenessState::Complete->value,
|
||||
'summary' => ['finding_count' => 2],
|
||||
'generated_at' => now(),
|
||||
]);
|
||||
|
||||
suspendEvidenceSnapshotWorkspace($tenant);
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $tenant, panel: 'tenant'))
|
||||
->assertOk();
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(ViewEvidenceSnapshot::class, ['record' => $snapshot->getKey()])
|
||||
->assertActionVisible('refresh_evidence')
|
||||
->assertActionDisabled('refresh_evidence')
|
||||
->assertActionVisible('expire_snapshot')
|
||||
->assertActionDisabled('expire_snapshot');
|
||||
});
|
||||
|
||||
it('shows artifact truth and next-step guidance for degraded evidence snapshots', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Resources\FindingResource;
|
||||
use Illuminate\Support\Facades\App;
|
||||
|
||||
it('resolves first-wave governance labels from the active locale', function (): void {
|
||||
App::setLocale('de');
|
||||
|
||||
expect(__('localization.dashboard.tenant_title'))->toBe('Tenant-Dashboard')
|
||||
->and(FindingResource::getNavigationGroup())->toBe('Governance')
|
||||
->and(__('localization.findings.needs_action'))->toBe('Handlungsbedarf')
|
||||
->and(__('baseline-compare.stat_total_findings'))->toBe('Findings gesamt')
|
||||
->and(__('findings.rbac.detail_heading'))->toBe('Intune-RBAC-Rollendefinitions-Drift');
|
||||
});
|
||||
@ -0,0 +1,99 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Governance\GovernanceInbox;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Auth\WorkspaceCapabilityResolver;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
|
||||
use function Pest\Laravel\mock;
|
||||
|
||||
it('redirects governance inbox visits without workspace context into the existing workspace chooser flow', function (): void {
|
||||
$user = User::factory()->create();
|
||||
|
||||
$workspaceA = Workspace::factory()->create();
|
||||
$workspaceB = Workspace::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspaceA->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspaceB->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin'))
|
||||
->assertRedirect('/admin/choose-workspace');
|
||||
});
|
||||
|
||||
it('returns 404 for users outside the active workspace on the governance inbox route', function (): void {
|
||||
$user = User::factory()->create();
|
||||
$workspace = Workspace::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) Workspace::factory()->create()->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin'))
|
||||
->assertNotFound();
|
||||
});
|
||||
|
||||
it('returns 403 for workspace members with no qualifying family visibility anywhere', function (): void {
|
||||
$user = User::factory()->create();
|
||||
$workspace = Workspace::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
mock(WorkspaceCapabilityResolver::class, function ($mock): void {
|
||||
$mock->shouldReceive('isMember')->andReturnTrue();
|
||||
$mock->shouldReceive('can')->andReturnFalse();
|
||||
});
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin'))
|
||||
->assertForbidden();
|
||||
});
|
||||
|
||||
it('allows readonly tenant members to open the governance inbox through operations-family visibility', function (): void {
|
||||
$tenant = Tenant::factory()->create(['status' => 'active']);
|
||||
[$user, $tenant] = createUserWithTenant($tenant, role: 'readonly', workspaceRole: 'readonly');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin'))
|
||||
->assertOk()
|
||||
->assertSee('Governance inbox');
|
||||
});
|
||||
|
||||
it('returns 404 for explicit tenant filters outside the actor scope', function (): void {
|
||||
$visibleTenant = Tenant::factory()->create(['status' => 'active']);
|
||||
[$user, $visibleTenant] = createUserWithTenant($visibleTenant, role: 'readonly', workspaceRole: 'readonly');
|
||||
|
||||
$hiddenTenant = Tenant::factory()->create([
|
||||
'status' => 'active',
|
||||
'workspace_id' => (int) $visibleTenant->workspace_id,
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $visibleTenant->workspace_id])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin').'?tenant_id='.(string) $hiddenTenant->getKey())
|
||||
->assertNotFound();
|
||||
});
|
||||
@ -0,0 +1,64 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Findings\MyFindingsInbox;
|
||||
use App\Filament\Pages\Governance\GovernanceInbox;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\Navigation\CanonicalNavigationContext;
|
||||
use App\Support\OperationRunLinks;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Filament\Facades\Filament;
|
||||
|
||||
it('embeds canonical governance inbox navigation context into source links', function (): void {
|
||||
$tenant = Tenant::factory()->create([
|
||||
'status' => 'active',
|
||||
'name' => 'Alpha Tenant',
|
||||
'external_id' => 'alpha-tenant',
|
||||
]);
|
||||
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner', workspaceRole: 'owner');
|
||||
|
||||
$finding = Finding::factory()
|
||||
->for($tenant)
|
||||
->assignedTo((int) $user->getKey())
|
||||
->create();
|
||||
|
||||
$run = OperationRun::factory()
|
||||
->forTenant($tenant)
|
||||
->create([
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Failed->value,
|
||||
'completed_at' => now()->subMinute(),
|
||||
]);
|
||||
|
||||
$context = new CanonicalNavigationContext(
|
||||
sourceSurface: 'governance.inbox',
|
||||
canonicalRouteName: GovernanceInbox::getRouteName(Filament::getPanel('admin')),
|
||||
backLinkLabel: 'Back to governance inbox',
|
||||
backLinkUrl: GovernanceInbox::getUrl(panel: 'admin'),
|
||||
);
|
||||
|
||||
$response = $this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin'));
|
||||
|
||||
$response->assertOk();
|
||||
|
||||
$expectedMyFindingsUrl = htmlspecialchars(
|
||||
MyFindingsInbox::getUrl(panel: 'admin').'?'.http_build_query($context->toQuery()),
|
||||
ENT_QUOTES,
|
||||
);
|
||||
$expectedOperationUrl = htmlspecialchars(
|
||||
OperationRunLinks::tenantlessView($run, $context),
|
||||
ENT_QUOTES,
|
||||
);
|
||||
|
||||
$response->assertSee($expectedMyFindingsUrl, false)
|
||||
->assertSee($expectedOperationUrl, false)
|
||||
->assertSee((string) $finding->getKey())
|
||||
->assertSee('nav%5Bback_label%5D=Back+to+governance+inbox', false);
|
||||
});
|
||||
@ -0,0 +1,143 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Governance\GovernanceInbox;
|
||||
use App\Models\AlertDelivery;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantTriageReview;
|
||||
use App\Support\BackupHealth\TenantBackupHealthResolver;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
|
||||
use App\Support\PortfolioTriage\TenantTriageReviewFingerprint;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
|
||||
it('renders visible governance attention sections on the governance inbox page', function (): void {
|
||||
$alphaTenant = Tenant::factory()->create([
|
||||
'status' => 'active',
|
||||
'name' => 'Alpha Tenant',
|
||||
'external_id' => 'alpha-tenant',
|
||||
]);
|
||||
[$user, $alphaTenant] = createUserWithTenant($alphaTenant, role: 'owner', workspaceRole: 'owner');
|
||||
|
||||
$bravoTenant = Tenant::factory()->create([
|
||||
'status' => 'active',
|
||||
'workspace_id' => (int) $alphaTenant->workspace_id,
|
||||
'name' => 'Bravo Tenant',
|
||||
'external_id' => 'bravo-tenant',
|
||||
]);
|
||||
|
||||
$user->tenants()->syncWithoutDetaching([
|
||||
(int) $bravoTenant->getKey() => ['role' => 'owner'],
|
||||
]);
|
||||
|
||||
Finding::factory()
|
||||
->for($alphaTenant)
|
||||
->assignedTo((int) $user->getKey())
|
||||
->ownedBy((int) $user->getKey())
|
||||
->overdueByHours()
|
||||
->create();
|
||||
|
||||
Finding::factory()
|
||||
->for($bravoTenant)
|
||||
->reopened()
|
||||
->create();
|
||||
|
||||
OperationRun::factory()
|
||||
->forTenant($alphaTenant)
|
||||
->create([
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Failed->value,
|
||||
'completed_at' => now()->subMinute(),
|
||||
]);
|
||||
|
||||
AlertDelivery::factory()->create([
|
||||
'tenant_id' => null,
|
||||
'workspace_id' => (int) $alphaTenant->workspace_id,
|
||||
'status' => AlertDelivery::STATUS_FAILED,
|
||||
'payload' => [
|
||||
'title' => 'Delivery failed',
|
||||
'body' => 'A notification destination failed.',
|
||||
],
|
||||
]);
|
||||
|
||||
$backupHealthResolver = app(TenantBackupHealthResolver::class);
|
||||
$fingerprints = app(TenantTriageReviewFingerprint::class);
|
||||
$alphaBackupFingerprint = $fingerprints->forBackupHealth($backupHealthResolver->assess($alphaTenant));
|
||||
|
||||
expect($alphaBackupFingerprint)->not->toBeNull();
|
||||
|
||||
TenantTriageReview::factory()
|
||||
->for($alphaTenant)
|
||||
->followUpNeeded()
|
||||
->create([
|
||||
'workspace_id' => (int) $alphaTenant->workspace_id,
|
||||
'reviewed_by_user_id' => (int) $user->getKey(),
|
||||
'concern_family' => PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH,
|
||||
'review_fingerprint' => $alphaBackupFingerprint['fingerprint'],
|
||||
'review_snapshot' => $alphaBackupFingerprint['snapshot'],
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $alphaTenant->workspace_id])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin'))
|
||||
->assertOk()
|
||||
->assertSee('Assigned findings')
|
||||
->assertSee('Findings intake')
|
||||
->assertSee('Operations follow-up')
|
||||
->assertSee('Alert delivery failures')
|
||||
->assertSee('Review follow-up')
|
||||
->assertSee('Open my findings')
|
||||
->assertSee('Open terminal follow-up')
|
||||
->assertSee('Open alert deliveries')
|
||||
->assertSee('Open review follow-up');
|
||||
});
|
||||
|
||||
it('renders honest empty states for tenant and family filtering on the governance inbox page', function (): void {
|
||||
$alphaTenant = Tenant::factory()->create([
|
||||
'status' => 'active',
|
||||
'name' => 'Alpha Tenant',
|
||||
'external_id' => 'alpha-tenant',
|
||||
]);
|
||||
[$user, $alphaTenant] = createUserWithTenant($alphaTenant, role: 'owner', workspaceRole: 'owner');
|
||||
|
||||
$bravoTenant = Tenant::factory()->create([
|
||||
'status' => 'active',
|
||||
'workspace_id' => (int) $alphaTenant->workspace_id,
|
||||
'name' => 'Bravo Tenant',
|
||||
'external_id' => 'bravo-tenant',
|
||||
]);
|
||||
|
||||
$user->tenants()->syncWithoutDetaching([
|
||||
(int) $bravoTenant->getKey() => ['role' => 'owner'],
|
||||
]);
|
||||
|
||||
Finding::factory()
|
||||
->for($bravoTenant)
|
||||
->assignedTo((int) $user->getKey())
|
||||
->create();
|
||||
|
||||
AlertDelivery::factory()->create([
|
||||
'tenant_id' => null,
|
||||
'workspace_id' => (int) $alphaTenant->workspace_id,
|
||||
'status' => AlertDelivery::STATUS_FAILED,
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $alphaTenant->workspace_id])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin').'?tenant_id='.(string) $alphaTenant->getKey())
|
||||
->assertOk()
|
||||
->assertSee('This tenant filter is hiding other visible attention')
|
||||
->assertSee('Clear tenant filter');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $alphaTenant->workspace_id])
|
||||
->get(GovernanceInbox::getUrl(panel: 'admin').'?tenant_id='.(string) $alphaTenant->getKey().'&family=alert_delivery_failures')
|
||||
->assertOk()
|
||||
->assertSee('Alert delivery failures')
|
||||
->assertSee('No failed alert deliveries match this tenant filter right now.')
|
||||
->assertDontSee('Open my findings');
|
||||
});
|
||||
@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Illuminate\Support\Facades\File;
|
||||
|
||||
it('prevents ai governance surfaces from declaring direct outbound or vendor-specific provider runtime code', function (): void {
|
||||
$root = app_path();
|
||||
|
||||
$files = collect(File::allFiles($root))
|
||||
->map(fn (\SplFileInfo $file): string => str_replace($root.'/', '', $file->getPathname()))
|
||||
->filter(fn (string $relativePath): bool => str_starts_with($relativePath, 'Support/Ai/')
|
||||
|| $relativePath === 'Support/ProductKnowledge/ContextualHelpResolver.php'
|
||||
|| $relativePath === 'Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php')
|
||||
->values();
|
||||
|
||||
$patterns = [
|
||||
'outbound_http' => '/\bHttp::/',
|
||||
'guzzle_client' => '/\bnew\s+Client\b/',
|
||||
'curl_runtime' => '/\bcurl_/i',
|
||||
'openai_vendor' => '/\bOpenAI\b/i',
|
||||
'anthropic_vendor' => '/\bAnthropic\b/i',
|
||||
'gemini_vendor' => '/\bGemini\b/i',
|
||||
'openrouter_vendor' => '/\bOpenRouter\b/i',
|
||||
'chat_completions_runtime' => '/\bChatCompletion\b/i',
|
||||
];
|
||||
|
||||
$hits = [];
|
||||
|
||||
foreach ($files as $relativePath) {
|
||||
$contents = file_get_contents($root.'/'.$relativePath);
|
||||
|
||||
if (! is_string($contents) || $contents === '') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$lines = preg_split('/\R/', $contents) ?: [];
|
||||
|
||||
foreach ($patterns as $label => $pattern) {
|
||||
foreach ($lines as $index => $line) {
|
||||
if (preg_match($pattern, $line) === 1) {
|
||||
$hits[] = $relativePath.':'.($index + 1).' ['.$label.'] '.trim($line);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
expect($hits)->toBeEmpty("AI governance surfaces must stay vendor-neutral and must not perform outbound provider runtime calls directly:\n".implode("\n", $hits));
|
||||
});
|
||||
@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
|
||||
it('renders the admin auth surface in the explicit locale override', function (): void {
|
||||
$this->withSession([LocaleResolver::SESSION_OVERRIDE_KEY => 'de'])
|
||||
->get('/admin/login')
|
||||
->assertSuccessful()
|
||||
->assertSee('Mit Microsoft anmelden')
|
||||
->assertSee('Tenant-Admin-Zugriff erfordert eine Tenant-Mitgliedschaft');
|
||||
});
|
||||
|
||||
it('keeps system plane resolution independent from user and workspace preferences', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
$user->forceFill(['preferred_locale' => 'de'])->save();
|
||||
session()->forget(LocaleResolver::SESSION_OVERRIDE_KEY);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
||||
LocaleResolver::SESSION_OVERRIDE_KEY => null,
|
||||
])
|
||||
->getJson('/localization/context?plane=system')
|
||||
->assertSuccessful()
|
||||
->assertJsonPath('locale', 'en')
|
||||
->assertJsonPath('source', LocaleResolver::SOURCE_SYSTEM_DEFAULT)
|
||||
->assertJsonPath('user_preference_locale', null)
|
||||
->assertJsonPath('workspace_default_locale', null);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
||||
LocaleResolver::SESSION_OVERRIDE_KEY => 'de',
|
||||
])
|
||||
->getJson('/localization/context?plane=system')
|
||||
->assertSuccessful()
|
||||
->assertJsonPath('locale', 'de')
|
||||
->assertJsonPath('source', LocaleResolver::SOURCE_EXPLICIT_OVERRIDE);
|
||||
});
|
||||
@ -0,0 +1,87 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
|
||||
it('allows users to save and clear a personal locale preference over workspace default', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: LocaleResolver::SETTING_DOMAIN,
|
||||
key: LocaleResolver::SETTING_DEFAULT_LOCALE,
|
||||
value: 'de',
|
||||
);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->getJson('/localization/context')
|
||||
->assertSuccessful()
|
||||
->assertJsonPath('locale', 'de')
|
||||
->assertJsonPath('source', LocaleResolver::SOURCE_WORKSPACE_DEFAULT);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->post(route('localization.preference.update'), ['preferred_locale' => 'en'])
|
||||
->assertRedirect();
|
||||
|
||||
expect($user->refresh()->preferred_locale)->toBe('en');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->getJson('/localization/context')
|
||||
->assertSuccessful()
|
||||
->assertJsonPath('locale', 'en')
|
||||
->assertJsonPath('source', LocaleResolver::SOURCE_USER_PREFERENCE);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->post(route('localization.preference.update'), ['preferred_locale' => ''])
|
||||
->assertRedirect();
|
||||
|
||||
expect($user->refresh()->preferred_locale)->toBeNull();
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->getJson('/localization/context')
|
||||
->assertSuccessful()
|
||||
->assertJsonPath('locale', 'de')
|
||||
->assertJsonPath('source', LocaleResolver::SOURCE_WORKSPACE_DEFAULT);
|
||||
});
|
||||
|
||||
it('allows temporary overrides to win until cleared', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
$user->forceFill(['preferred_locale' => 'en'])->save();
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->post(route('localization.override.update'), ['locale' => 'de'])
|
||||
->assertRedirect();
|
||||
|
||||
expect(session(LocaleResolver::SESSION_OVERRIDE_KEY))->toBe('de');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
||||
LocaleResolver::SESSION_OVERRIDE_KEY => 'de',
|
||||
])
|
||||
->getJson('/localization/context')
|
||||
->assertSuccessful()
|
||||
->assertJsonPath('locale', 'de')
|
||||
->assertJsonPath('source', LocaleResolver::SOURCE_EXPLICIT_OVERRIDE);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
||||
LocaleResolver::SESSION_OVERRIDE_KEY => 'de',
|
||||
])
|
||||
->delete(route('localization.override.clear'))
|
||||
->assertRedirect();
|
||||
|
||||
expect(session(LocaleResolver::SESSION_OVERRIDE_KEY))->toBeNull();
|
||||
});
|
||||
@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
|
||||
it('formats locale preference feedback in the resolved locale', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
||||
LocaleResolver::SESSION_OVERRIDE_KEY => 'de',
|
||||
])
|
||||
->post(route('localization.preference.update'), ['preferred_locale' => 'de'])
|
||||
->assertRedirect()
|
||||
->assertSessionHas('status', 'Spracheinstellung gespeichert.');
|
||||
});
|
||||
|
||||
it('formats override feedback in the newly effective locale', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: LocaleResolver::SETTING_DOMAIN,
|
||||
key: LocaleResolver::SETTING_DEFAULT_LOCALE,
|
||||
value: 'de',
|
||||
);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->post(route('localization.override.update'), ['locale' => 'de'])
|
||||
->assertRedirect()
|
||||
->assertSessionHas('status', 'Sprachüberschreibung angewendet.');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
|
||||
LocaleResolver::SESSION_OVERRIDE_KEY => 'en',
|
||||
])
|
||||
->delete(route('localization.override.clear'))
|
||||
->assertRedirect()
|
||||
->assertSessionHas('status', 'Sprachüberschreibung gelöscht.');
|
||||
});
|
||||
@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\AuditLog;
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use Illuminate\Support\Facades\App;
|
||||
|
||||
it('keeps audit action identifiers and machine values invariant while UI locale is German', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
App::setLocale('de');
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: LocaleResolver::SETTING_DOMAIN,
|
||||
key: LocaleResolver::SETTING_DEFAULT_LOCALE,
|
||||
value: 'de',
|
||||
);
|
||||
|
||||
$audit = AuditLog::query()->latest('id')->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit->action)->toBe(AuditActionId::WorkspaceSettingUpdated->value)
|
||||
->and(data_get($audit->metadata, 'domain'))->toBe(LocaleResolver::SETTING_DOMAIN)
|
||||
->and(data_get($audit->metadata, 'key'))->toBe(LocaleResolver::SETTING_DEFAULT_LOCALE)
|
||||
->and(data_get($audit->metadata, 'after_value'))->toBe('de');
|
||||
});
|
||||
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Illuminate\Support\Facades\App;
|
||||
use Illuminate\Support\Facades\Lang;
|
||||
|
||||
it('falls back to English for missing German translation lines', function (): void {
|
||||
Lang::addLines(['localization.fallback_probe' => 'English fallback probe'], 'en');
|
||||
|
||||
App::setFallbackLocale('en');
|
||||
App::setLocale('de');
|
||||
|
||||
expect(__('localization.fallback_probe'))->toBe('English fallback probe');
|
||||
});
|
||||
|
||||
it('does not expose raw translation keys for supported first-wave catalogs', function (): void {
|
||||
App::setLocale('de');
|
||||
|
||||
expect(__('localization.auth.sign_in_microsoft'))->not->toBe('localization.auth.sign_in_microsoft')
|
||||
->and(__('baseline-compare.button_view_findings'))->not->toBe('baseline-compare.button_view_findings')
|
||||
->and(__('findings.rbac.restore_unsupported'))->not->toBe('findings.rbac.restore_unsupported');
|
||||
});
|
||||
@ -0,0 +1,50 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Services\Localization\LocaleResolver;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use Livewire\Livewire;
|
||||
|
||||
it('persists workspace default locale through the existing workspace settings page', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember();
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(WorkspaceSettings::getUrl(panel: 'admin'))
|
||||
->assertSuccessful();
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.localization_default_locale', null)
|
||||
->set('data.localization_default_locale', 'de')
|
||||
->callAction('save')
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.localization_default_locale', 'de');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, LocaleResolver::SETTING_DOMAIN, LocaleResolver::SETTING_DEFAULT_LOCALE))
|
||||
->toBe('de');
|
||||
|
||||
expect(WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', LocaleResolver::SETTING_DOMAIN)
|
||||
->where('key', LocaleResolver::SETTING_DEFAULT_LOCALE)
|
||||
->exists())->toBeTrue();
|
||||
});
|
||||
|
||||
it('keeps workspace default locale authorization aligned to settings capabilities', function (): void {
|
||||
[$workspace, $user] = localizationWorkspaceMember('readonly');
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(WorkspaceSettings::getUrl(panel: 'admin'))
|
||||
->assertSuccessful();
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.localization_default_locale', null)
|
||||
->assertActionVisible('save')
|
||||
->assertActionDisabled('save')
|
||||
->call('save')
|
||||
->assertStatus(403);
|
||||
});
|
||||
@ -5,13 +5,16 @@
|
||||
use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantOnboardingSession;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
@ -21,7 +24,12 @@
|
||||
/**
|
||||
* @return array{workspace: Workspace, user: User, tenant: Tenant, draft: TenantOnboardingSession, component: \Livewire\Features\SupportTesting\Testable}
|
||||
*/
|
||||
function readyOnboardingEntitlementContext(int $activeTenantCount = 0, ?int $limitOverride = null, ?string $overrideReason = null): array
|
||||
function readyOnboardingEntitlementContext(
|
||||
int $activeTenantCount = 0,
|
||||
?int $limitOverride = null,
|
||||
?string $overrideReason = null,
|
||||
?string $commercialState = null,
|
||||
): array
|
||||
{
|
||||
Queue::fake();
|
||||
|
||||
@ -110,6 +118,22 @@ function readyOnboardingEntitlementContext(int $activeTenantCount = 0, ?int $lim
|
||||
}
|
||||
}
|
||||
|
||||
if ($commercialState !== null) {
|
||||
app(SettingsWriter::class)->updateWorkspaceCommercialLifecycle(
|
||||
actor: PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]),
|
||||
workspace: $workspace,
|
||||
state: $commercialState,
|
||||
reason: 'Onboarding entitlement test commercial state',
|
||||
);
|
||||
}
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
$component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
|
||||
@ -188,3 +212,65 @@ function readyOnboardingEntitlementContext(int $activeTenantCount = 0, ?int $lim
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ACTIVE);
|
||||
});
|
||||
|
||||
it('allows onboarding activation while a workspace is in trial', function (): void {
|
||||
$context = readyOnboardingEntitlementContext(
|
||||
activeTenantCount: 0,
|
||||
commercialState: WorkspaceCommercialLifecycleResolver::STATE_TRIAL,
|
||||
);
|
||||
|
||||
$context['component']
|
||||
->assertSee('Activation entitlement')
|
||||
->assertSee('Trial')
|
||||
->call('completeOnboarding');
|
||||
|
||||
$context['tenant']->refresh();
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ACTIVE)
|
||||
->and(AuditLog::query()
|
||||
->where('workspace_id', (int) $context['workspace']->getKey())
|
||||
->where('action', 'managed_tenant_onboarding.activation')
|
||||
->exists())->toBeTrue();
|
||||
});
|
||||
|
||||
it('blocks onboarding activation with a grace commercial-state reason before tenant mutation', function (): void {
|
||||
$context = readyOnboardingEntitlementContext(
|
||||
activeTenantCount: 0,
|
||||
commercialState: WorkspaceCommercialLifecycleResolver::STATE_GRACE,
|
||||
);
|
||||
|
||||
$context['component']
|
||||
->assertSee('Activation entitlement')
|
||||
->assertSee('Grace')
|
||||
->assertSee('New managed-tenant activation is frozen while this workspace is in grace.')
|
||||
->call('completeOnboarding');
|
||||
|
||||
$context['tenant']->refresh();
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ONBOARDING)
|
||||
->and(AuditLog::query()
|
||||
->where('workspace_id', (int) $context['workspace']->getKey())
|
||||
->where('action', 'managed_tenant_onboarding.activation')
|
||||
->exists())->toBeFalse();
|
||||
});
|
||||
|
||||
it('blocks onboarding activation with a suspended read-only commercial-state reason before tenant mutation', function (): void {
|
||||
$context = readyOnboardingEntitlementContext(
|
||||
activeTenantCount: 0,
|
||||
commercialState: WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY,
|
||||
);
|
||||
|
||||
$context['component']
|
||||
->assertSee('Activation entitlement')
|
||||
->assertSee('Suspended / read-only')
|
||||
->assertSee('This workspace is suspended / read-only. New managed-tenant activation is blocked')
|
||||
->call('completeOnboarding');
|
||||
|
||||
$context['tenant']->refresh();
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ONBOARDING)
|
||||
->and(AuditLog::query()
|
||||
->where('workspace_id', (int) $context['workspace']->getKey())
|
||||
->where('action', 'managed_tenant_onboarding.activation')
|
||||
->exists())->toBeFalse();
|
||||
});
|
||||
|
||||
@ -2,14 +2,17 @@
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\System\Pages\Ops\Controls;
|
||||
use App\Filament\Resources\RestoreRunResource;
|
||||
use App\Filament\Resources\RestoreRunResource\Pages\CreateRestoreRun;
|
||||
use App\Models\BackupItem;
|
||||
use App\Models\BackupSet;
|
||||
use App\Models\OperationalControlActivation;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Policy;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use Filament\Facades\Filament;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
@ -131,3 +134,49 @@ function seedRestoreAuthorizationContext(): array
|
||||
->call('create')
|
||||
->assertNotified('Restore execution paused');
|
||||
});
|
||||
|
||||
it('forbids ai execution controls for platform users missing system panel access', function (): void {
|
||||
$user = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::OPS_CONTROLS_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($user, 'platform')
|
||||
->get(Controls::getUrl(panel: 'system'))
|
||||
->assertForbidden();
|
||||
});
|
||||
|
||||
it('forbids ai execution controls for platform users missing ops controls manage', function (): void {
|
||||
$user = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($user, 'platform')
|
||||
->get(Controls::getUrl(panel: 'system'))
|
||||
->assertForbidden();
|
||||
});
|
||||
|
||||
it('shows ai execution controls only to platform users with the existing system control capabilities', function (): void {
|
||||
$user = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::OPS_CONTROLS_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($user, 'platform')
|
||||
->get(Controls::getUrl(panel: 'system'))
|
||||
->assertSuccessful()
|
||||
->assertSee('AI execution');
|
||||
|
||||
Livewire::actingAs($user, 'platform')
|
||||
->test(Controls::class)
|
||||
->assertActionVisible('pause_ai_execution')
|
||||
->assertActionVisible('resume_ai_execution');
|
||||
});
|
||||
@ -27,3 +27,10 @@
|
||||
->toContain(".:/var/www/repo:ro")
|
||||
->toContain('TENANTATLAS_REPO_ROOT: /var/www/repo');
|
||||
});
|
||||
|
||||
it('keeps the local queue service in code-reloading listen mode', function (): void {
|
||||
$compose = file_get_contents(repo_path('docker-compose.yml'));
|
||||
|
||||
expect($compose)->toContain('command: php artisan queue:listen --tries=3 --timeout=300 --sleep=3')
|
||||
->not->toContain('command: php artisan queue:work --tries=3 --timeout=300 --sleep=3 --max-jobs=1000');
|
||||
});
|
||||
|
||||
@ -3,7 +3,13 @@
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
@ -36,12 +42,56 @@ function createReadyPackWithFile(?array $packOverrides = []): array
|
||||
return [$user, $tenant, $pack];
|
||||
}
|
||||
|
||||
function suspendReadyPackWorkspaceForDownloadTest(ReviewPack $pack): void
|
||||
{
|
||||
app(SettingsWriter::class)->updateWorkspaceCommercialLifecycle(
|
||||
actor: PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]),
|
||||
workspace: $pack->workspace,
|
||||
state: WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY,
|
||||
reason: 'Download preservation test',
|
||||
);
|
||||
}
|
||||
|
||||
// ─── Happy Path: Signed URL → 200 ───────────────────────────
|
||||
|
||||
it('downloads a ready pack via signed URL with correct headers', function (): void {
|
||||
[$user, $tenant, $pack] = createReadyPackWithFile();
|
||||
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack);
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack, [
|
||||
'source_surface' => 'customer_review_workspace',
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($user)->get($signedUrl);
|
||||
|
||||
$response->assertOk();
|
||||
$response->assertHeader('X-Review-Pack-SHA256', $pack->sha256);
|
||||
$response->assertDownload();
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::ReviewPackDownloaded->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->resource_type)->toBe('review_pack')
|
||||
->and(data_get($audit?->metadata, 'review_pack_id'))->toBe((int) $pack->getKey())
|
||||
->and(data_get($audit?->metadata, 'source_surface'))->toBe('customer_review_workspace');
|
||||
});
|
||||
|
||||
it('keeps ready pack downloads available while the workspace is suspended read-only', function (): void {
|
||||
[$user, $tenant, $pack] = createReadyPackWithFile();
|
||||
suspendReadyPackWorkspaceForDownloadTest($pack);
|
||||
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack, [
|
||||
'source_surface' => 'suspended_read_only_check',
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($user)->get($signedUrl);
|
||||
|
||||
|
||||
@ -8,16 +8,20 @@
|
||||
use App\Models\EvidenceSnapshot;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\StoredReport;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Evidence\EvidenceSnapshotService;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Support\Facades\Notification;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Livewire\Livewire;
|
||||
|
||||
@ -108,6 +112,23 @@ function disableReviewPackGenerationForWorkspace(Tenant $tenant, User $user, str
|
||||
);
|
||||
}
|
||||
|
||||
function setReviewPackCommercialLifecycleState(Tenant $tenant, string $state, string $reason = 'Review pack commercial lifecycle test'): void
|
||||
{
|
||||
app(SettingsWriter::class)->updateWorkspaceCommercialLifecycle(
|
||||
actor: PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]),
|
||||
workspace: $tenant->workspace,
|
||||
state: $state,
|
||||
reason: $reason,
|
||||
);
|
||||
}
|
||||
|
||||
it('blocks new review pack generation before creating a review pack or operation run when the workspace is not entitled', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
seedEntitlementReviewPackSnapshot($tenant);
|
||||
@ -188,3 +209,86 @@ function disableReviewPackGenerationForWorkspace(Tenant $tenant, User $user, str
|
||||
->assertOk()
|
||||
->assertSee('Download');
|
||||
});
|
||||
|
||||
it('allows review pack generation in trial and active paid states', function (string $state): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
seedEntitlementReviewPackSnapshot($tenant);
|
||||
setReviewPackCommercialLifecycleState($tenant, $state);
|
||||
|
||||
$pack = app(ReviewPackService::class)->generate($tenant, $user);
|
||||
|
||||
expect($pack)->toBeInstanceOf(ReviewPack::class)
|
||||
->and($pack->operation_run_id)->not->toBeNull()
|
||||
->and($pack->status)->toBe(\App\Support\ReviewPackStatus::Queued->value);
|
||||
})->with([
|
||||
'trial' => [WorkspaceCommercialLifecycleResolver::STATE_TRIAL],
|
||||
'active paid' => [WorkspaceCommercialLifecycleResolver::STATE_ACTIVE_PAID],
|
||||
]);
|
||||
|
||||
it('warns but allows review pack generation in grace', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
seedEntitlementReviewPackSnapshot($tenant);
|
||||
setReviewPackCommercialLifecycleState($tenant, WorkspaceCommercialLifecycleResolver::STATE_GRACE, 'Grace period');
|
||||
|
||||
$decision = app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($tenant);
|
||||
|
||||
expect($decision)
|
||||
->toMatchArray([
|
||||
'is_blocked' => false,
|
||||
'is_warning' => true,
|
||||
'outcome' => WorkspaceCommercialLifecycleResolver::OUTCOME_WARN,
|
||||
])
|
||||
->and($decision['warning_reason'])->toContain('grace');
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(TenantReviewPackCard::class, ['record' => $tenant])
|
||||
->assertSee('Workspace is in grace. Review-pack starts remain available');
|
||||
|
||||
$pack = app(ReviewPackService::class)->generate($tenant, $user);
|
||||
|
||||
expect($pack)->toBeInstanceOf(ReviewPack::class)
|
||||
->and(OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->exists())->toBeTrue();
|
||||
});
|
||||
|
||||
it('blocks suspended read-only review pack generation before creating a review pack or operation run and sends no run notifications', function (): void {
|
||||
Notification::fake();
|
||||
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
seedEntitlementReviewPackSnapshot($tenant);
|
||||
setReviewPackCommercialLifecycleState($tenant, WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY, 'Suspension');
|
||||
$initialRunCount = OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count();
|
||||
|
||||
expect(fn (): ReviewPack => app(ReviewPackService::class)->generate($tenant, $user))
|
||||
->toThrow(WorkspaceEntitlementBlockedException::class, 'suspended / read-only');
|
||||
|
||||
expect(ReviewPack::query()->count())->toBe(0)
|
||||
->and(OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count())->toBe($initialRunCount);
|
||||
|
||||
Notification::assertNothingSent();
|
||||
});
|
||||
|
||||
it('does not alter already queued review-pack work when a workspace is suspended later', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
seedEntitlementReviewPackSnapshot($tenant);
|
||||
|
||||
$pack = app(ReviewPackService::class)->generate($tenant, $user);
|
||||
$initialStatus = (string) $pack->fresh()?->status;
|
||||
setReviewPackCommercialLifecycleState($tenant, WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY, 'Later suspension');
|
||||
|
||||
expect($pack->fresh()?->status)->toBe($initialStatus)
|
||||
->and(OperationRun::query()
|
||||
->whereKey((int) $pack->operation_run_id)
|
||||
->exists())->toBeTrue();
|
||||
});
|
||||
|
||||
@ -3,18 +3,23 @@
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Exceptions\ReviewPackEvidenceResolutionException;
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Filament\Widgets\Tenant\TenantReviewPackCard;
|
||||
use App\Jobs\GenerateReviewPackJob;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\StoredReport;
|
||||
use App\Models\Tenant;
|
||||
use App\Notifications\OperationRunCompleted;
|
||||
use App\Notifications\OperationRunQueued;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Evidence\EvidenceSnapshotService;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
@ -157,6 +162,23 @@ function createEvidenceSnapshotForReviewPack(Tenant $tenant): EvidenceSnapshot
|
||||
return $snapshot->load('items');
|
||||
}
|
||||
|
||||
function suspendReviewPackGenerationWorkspaceForGenerationTest(Tenant $tenant): void
|
||||
{
|
||||
app(SettingsWriter::class)->updateWorkspaceCommercialLifecycle(
|
||||
actor: PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]),
|
||||
workspace: $tenant->workspace,
|
||||
state: WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY,
|
||||
reason: 'Generation notification boundary test',
|
||||
);
|
||||
}
|
||||
|
||||
// ─── Happy Path ──────────────────────────────────────────────
|
||||
|
||||
it('generates a review pack end-to-end (happy path)', function (): void {
|
||||
@ -210,6 +232,22 @@ function createEvidenceSnapshotForReviewPack(Tenant $tenant): EvidenceSnapshot
|
||||
Notification::assertSentTo($user, OperationRunCompleted::class);
|
||||
});
|
||||
|
||||
it('does not send queued or terminal run notifications when suspended read-only blocks generation', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant();
|
||||
|
||||
seedTenantWithData($tenant);
|
||||
createEvidenceSnapshotForReviewPack($tenant);
|
||||
suspendReviewPackGenerationWorkspaceForGenerationTest($tenant);
|
||||
|
||||
Notification::fake();
|
||||
|
||||
expect(fn (): ReviewPack => app(ReviewPackService::class)->generate($tenant, $user))
|
||||
->toThrow(WorkspaceEntitlementBlockedException::class, 'suspended / read-only');
|
||||
|
||||
Notification::assertNotSentTo($user, OperationRunQueued::class);
|
||||
Notification::assertNotSentTo($user, OperationRunCompleted::class);
|
||||
});
|
||||
|
||||
// ─── Failure Path ──────────────────────────────────────────────
|
||||
|
||||
it('marks pack as failed when generation throws an exception', function (): void {
|
||||
|
||||
@ -77,11 +77,9 @@ function getReviewPackRbacEmptyStateAction(Testable $component, string $name): ?
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
// Note: download route uses signed middleware, not tenant-scoped RBAC.
|
||||
// Any user with a valid signature can download. This is by design.
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack);
|
||||
|
||||
$this->actingAs($user)->get($signedUrl)->assertOk();
|
||||
$this->actingAs($user)->get($signedUrl)->assertNotFound();
|
||||
});
|
||||
|
||||
// ─── REVIEW_PACK_VIEW Member ────────────────────────────────
|
||||
|
||||
@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('returns 404 for users outside the active workspace on the customer review workspace', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin'))
|
||||
->assertNotFound();
|
||||
});
|
||||
|
||||
it('returns 404 for workspace members that have no tenant review visibility in the active workspace', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin'))
|
||||
->assertNotFound();
|
||||
});
|
||||
|
||||
it('allows entitled workspace members to access the customer review workspace', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin'))
|
||||
->assertOk();
|
||||
});
|
||||
|
||||
it('returns 404 for explicit out-of-scope tenant targeting on the customer review workspace', function (): void {
|
||||
$tenantAllowed = Tenant::factory()->create(['name' => 'Allowed Tenant']);
|
||||
[$user, $tenantAllowed] = createUserWithTenant(tenant: $tenantAllowed, role: 'readonly');
|
||||
|
||||
$tenantDenied = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantAllowed->workspace_id,
|
||||
'name' => 'Denied Tenant',
|
||||
]);
|
||||
$otherOwner = User::factory()->create();
|
||||
createUserWithTenant(tenant: $tenantDenied, user: $otherOwner, role: 'owner');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantAllowed->workspace_id])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin').'?tenant='.(string) $tenantDenied->getKey())
|
||||
->assertNotFound();
|
||||
});
|
||||
@ -0,0 +1,160 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\EvidenceSnapshotResource;
|
||||
use App\Filament\Resources\ReviewPackResource;
|
||||
use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Filament\Widgets\Tenant\TenantReviewPackCard;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantReview;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
beforeEach(function (): void {
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
it('renders a customer workspace link from tenant review detail context', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
|
||||
->assertOk()
|
||||
->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
|
||||
});
|
||||
|
||||
it('adds a customer workspace entry to evidence snapshot related context', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
|
||||
$snapshot = EvidenceSnapshot::query()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'status' => EvidenceSnapshotStatus::Active->value,
|
||||
'summary' => [],
|
||||
'generated_at' => now(),
|
||||
]);
|
||||
|
||||
$entry = collect(EvidenceSnapshotResource::relatedContextEntries($snapshot))
|
||||
->firstWhere('key', 'customer_review_workspace');
|
||||
|
||||
expect($entry)->not->toBeNull()
|
||||
->and($entry['targetUrl'] ?? null)->toBe(CustomerReviewWorkspace::tenantPrefilterUrl($tenant));
|
||||
});
|
||||
|
||||
it('renders a customer workspace link from review pack detail context', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
Storage::disk('exports')->put('review-packs/customer-workspace-link.zip', 'PK-test');
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => 'review-packs/customer-workspace-link.zip',
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(ReviewPackResource::getUrl('view', ['record' => $pack], tenant: $tenant, panel: 'tenant'))
|
||||
->assertOk()
|
||||
->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
|
||||
});
|
||||
|
||||
it('renders a customer workspace launch button on the tenant review pack widget', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
Storage::disk('exports')->put('review-packs/widget-customer-workspace.zip', 'PK-test');
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => 'review-packs/widget-customer-workspace.zip',
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(TenantReviewPackCard::class, ['record' => $tenant])
|
||||
->assertSee('Customer workspace')
|
||||
->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
|
||||
});
|
||||
|
||||
it('keeps the linked tenant review detail read-only for a readonly-capable actor', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::withQueryParams([CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1])
|
||||
->actingAs($user)
|
||||
->test(ViewTenantReview::class, ['record' => $review->getKey()])
|
||||
->assertSee('Outcome summary')
|
||||
->assertActionDoesNotExist('publish_review')
|
||||
->assertActionDoesNotExist('refresh_review')
|
||||
->assertActionDoesNotExist('create_next_review')
|
||||
->assertActionDoesNotExist('export_executive_pack')
|
||||
->assertActionHidden('archive_review');
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::TenantReviewOpened->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->resource_type)->toBe('tenant_review')
|
||||
->and(data_get($audit?->metadata, 'review_id'))->toBe((int) $review->getKey())
|
||||
->and(data_get($audit?->metadata, 'source_surface'))->toBe('customer_review_workspace');
|
||||
});
|
||||
@ -0,0 +1,156 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
function suspendCustomerReviewWorkspacePackAccessWorkspace(Tenant $tenant): void
|
||||
{
|
||||
app(SettingsWriter::class)->updateWorkspaceCommercialLifecycle(
|
||||
actor: PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
PlatformCapabilities::COMMERCIAL_LIFECYCLE_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]),
|
||||
workspace: $tenant->workspace,
|
||||
state: WorkspaceCommercialLifecycleResolver::STATE_SUSPENDED_READ_ONLY,
|
||||
reason: 'Customer review workspace suspended read-only test',
|
||||
);
|
||||
}
|
||||
|
||||
it('shows the ready review-pack action for the latest published review', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'expires_at' => now()->addDay(),
|
||||
]);
|
||||
|
||||
$review->forceFill([
|
||||
'current_export_review_pack_id' => (int) $pack->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionVisible('open_latest_review', $tenant)
|
||||
->assertTableActionVisible('download_review_pack', $tenant)
|
||||
->assertSee('Available');
|
||||
});
|
||||
|
||||
it('keeps customer review workspace and pack actions visible while suspended read-only', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'expires_at' => now()->addDay(),
|
||||
]);
|
||||
|
||||
$review->forceFill([
|
||||
'current_export_review_pack_id' => (int) $pack->getKey(),
|
||||
])->save();
|
||||
|
||||
suspendCustomerReviewWorkspacePackAccessWorkspace($tenant);
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionVisible('open_latest_review', $tenant)
|
||||
->assertTableActionVisible('download_review_pack', $tenant)
|
||||
->assertSee('Available');
|
||||
});
|
||||
|
||||
it('shows an unavailable pack state and hides the download action when no current review pack exists', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
'current_export_review_pack_id' => null,
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionVisible('open_latest_review', $tenant)
|
||||
->assertTableActionHidden('download_review_pack', $tenant)
|
||||
->assertSee('Unavailable');
|
||||
});
|
||||
|
||||
it('hides review and pack actions for tenants without a published review', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
'current_export_review_pack_id' => null,
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionHidden('open_latest_review', $tenant)
|
||||
->assertTableActionHidden('download_review_pack', $tenant)
|
||||
->assertSee('No published review available yet');
|
||||
});
|
||||
@ -0,0 +1,222 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('lists only the latest published review per entitled tenant on the customer review workspace', function (): void {
|
||||
$tenantA = Tenant::factory()->create(['name' => 'Alpha Tenant']);
|
||||
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly');
|
||||
|
||||
$tenantB = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Beta Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
|
||||
|
||||
$tenantDenied = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Denied Tenant',
|
||||
]);
|
||||
$otherOwner = User::factory()->create();
|
||||
createUserWithTenant(tenant: $tenantDenied, user: $otherOwner, role: 'owner');
|
||||
|
||||
$tenantASnapshot = seedTenantReviewEvidence($tenantA);
|
||||
$tenantBSnapshot = seedTenantReviewEvidence($tenantB);
|
||||
$tenantDeniedSnapshot = seedTenantReviewEvidence($tenantDenied);
|
||||
|
||||
$olderPublishedReview = composeTenantReviewForTest($tenantA, $user, $tenantASnapshot);
|
||||
$olderPublishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now()->subDays(3),
|
||||
'published_at' => now()->subDays(3),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$newerInternalReview = $olderPublishedReview->replicate();
|
||||
$newerInternalReview->forceFill([
|
||||
'tenant_id' => (int) $tenantA->getKey(),
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(),
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'generated_at' => now()->subDay(),
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
])->save();
|
||||
|
||||
$latestPublishedReview = $olderPublishedReview->replicate();
|
||||
$latestPublishedReview->forceFill([
|
||||
'tenant_id' => (int) $tenantA->getKey(),
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(),
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now(),
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$betaPublishedReview = composeTenantReviewForTest($tenantB, $user, $tenantBSnapshot);
|
||||
$betaPublishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now()->subHours(2),
|
||||
'published_at' => now()->subHours(2),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$deniedPublishedReview = composeTenantReviewForTest($tenantDenied, $otherOwner, $tenantDeniedSnapshot);
|
||||
$deniedPublishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now()->subHours(3),
|
||||
'published_at' => now()->subHours(3),
|
||||
'published_by_user_id' => (int) $otherOwner->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertCanSeeTableRecords([$tenantA->fresh(), $tenantB->fresh()])
|
||||
->assertCanNotSeeTableRecords([$tenantDenied->fresh()])
|
||||
->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview->fresh()], $tenantA), false)
|
||||
->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $betaPublishedReview->fresh()], $tenantB), false)
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $olderPublishedReview->fresh()], $tenantA), false)
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $newerInternalReview->fresh()], $tenantA), false)
|
||||
->assertDontSee('Publish review')
|
||||
->assertDontSee('Refresh review')
|
||||
->assertDontSee('Create next review')
|
||||
->assertDontSee('Regenerate')
|
||||
->assertDontSee('Expire snapshot')
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $deniedPublishedReview->fresh()], $tenantDenied), false);
|
||||
});
|
||||
|
||||
it('shows entitled tenants without a published review as calm absence rows', function (): void {
|
||||
$tenantPublished = Tenant::factory()->create(['name' => 'Published Tenant']);
|
||||
[$user, $tenantPublished] = createUserWithTenant(tenant: $tenantPublished, role: 'readonly');
|
||||
|
||||
$tenantWithoutPublished = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantPublished->workspace_id,
|
||||
'name' => 'No Published Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantWithoutPublished, user: $user, role: 'readonly');
|
||||
|
||||
$publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
|
||||
$noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
|
||||
|
||||
$publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
|
||||
$publishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now()->subHour(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
|
||||
$internalOnlyReview->forceFill([
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantPublished->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertCanSeeTableRecords([$tenantPublished->fresh(), $tenantWithoutPublished->fresh()])
|
||||
->assertSee('No published review')
|
||||
->assertSee('No published review available yet')
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenantWithoutPublished), false)
|
||||
->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview->fresh()], $tenantPublished), false);
|
||||
});
|
||||
|
||||
it('defaults the customer review workspace to the remembered tenant when tenant context is available', function (): void {
|
||||
$tenantA = Tenant::factory()->create(['name' => 'Alpha Tenant']);
|
||||
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly');
|
||||
|
||||
$tenantB = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Beta Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
|
||||
|
||||
$snapshotA = seedTenantReviewEvidence($tenantA);
|
||||
$snapshotB = seedTenantReviewEvidence($tenantB);
|
||||
|
||||
$reviewA = composeTenantReviewForTest($tenantA, $user, $snapshotA);
|
||||
$reviewA->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now()->subDay(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$reviewB = composeTenantReviewForTest($tenantB, $user, $snapshotB);
|
||||
$reviewB->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
||||
session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [
|
||||
(string) $tenantA->workspace_id => (int) $tenantB->getKey(),
|
||||
]);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertSet('tableFilters.tenant_id.value', (string) $tenantB->getKey())
|
||||
->filterTable('tenant_id', (string) $tenantB->getKey())
|
||||
->assertCanSeeTableRecords([$tenantB->fresh()])
|
||||
->assertCanNotSeeTableRecords([$tenantA->fresh()]);
|
||||
});
|
||||
|
||||
it('prefilters the customer review workspace from an explicit tenant query parameter and accepts external tenant identifiers', function (): void {
|
||||
$tenantA = Tenant::factory()->create(['name' => 'Alpha Tenant']);
|
||||
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly');
|
||||
|
||||
$tenantB = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Beta Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
|
||||
|
||||
$snapshotA = seedTenantReviewEvidence($tenantA);
|
||||
$snapshotB = seedTenantReviewEvidence($tenantB);
|
||||
|
||||
$reviewA = composeTenantReviewForTest($tenantA, $user, $snapshotA);
|
||||
$reviewA->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$reviewB = composeTenantReviewForTest($tenantB, $user, $snapshotB);
|
||||
$reviewB->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now()->subDay(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
||||
|
||||
Livewire::withQueryParams(['tenant' => (string) $tenantA->external_id])
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertSet('tableFilters.tenant_id.value', (string) $tenantA->getKey())
|
||||
->filterTable('tenant_id', (string) $tenantA->getKey())
|
||||
->assertCanSeeTableRecords([$tenantA->fresh()])
|
||||
->assertCanNotSeeTableRecords([$tenantB->fresh()]);
|
||||
});
|
||||
@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Livewire\Livewire;
|
||||
|
||||
/**
|
||||
* @return array{0: Workspace, 1: User}
|
||||
*/
|
||||
function workspaceAiPolicyManager(): array
|
||||
{
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
return [$workspace, $user];
|
||||
}
|
||||
|
||||
it('renders the workspace ai policy section and lets managers save and reset the ai posture', function (): void {
|
||||
[$workspace, $user] = workspaceAiPolicyManager();
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(WorkspaceSettings::getUrl(panel: 'admin'))
|
||||
->assertSuccessful()
|
||||
->assertSee('Workspace AI policy')
|
||||
->assertSee('Disabled')
|
||||
->assertSee('Private only')
|
||||
->assertSee('Approved use cases')
|
||||
->assertSee('Blocked data classifications');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('disabled');
|
||||
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.ai_policy_mode', null)
|
||||
->set('data.ai_policy_mode', 'private_only')
|
||||
->callAction('save')
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', 'private_only');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('private_only');
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', null);
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('disabled');
|
||||
});
|
||||
@ -79,3 +79,76 @@
|
||||
->and(data_get($audit?->metadata, 'before_value'))->toBe(48)
|
||||
->and(data_get($audit?->metadata, 'after_value'))->toBe(30);
|
||||
});
|
||||
|
||||
it('writes a workspace-scoped audit entry when ai policy mode is updated', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
value: 'private_only',
|
||||
);
|
||||
|
||||
$audit = AuditLog::query()->latest('id')->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->workspace_id)->toBe((int) $workspace->getKey())
|
||||
->and($audit?->tenant_id)->toBeNull()
|
||||
->and($audit?->action)->toBe(AuditActionId::WorkspaceSettingUpdated->value)
|
||||
->and(data_get($audit?->metadata, 'domain'))->toBe('ai')
|
||||
->and(data_get($audit?->metadata, 'key'))->toBe('policy_mode')
|
||||
->and(data_get($audit?->metadata, 'scope'))->toBe('workspace')
|
||||
->and(data_get($audit?->metadata, 'before_value'))->toBeNull()
|
||||
->and(data_get($audit?->metadata, 'after_value'))->toBe('private_only');
|
||||
});
|
||||
|
||||
it('writes a workspace-scoped audit entry when ai policy mode is reset', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
$writer = app(SettingsWriter::class);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
value: 'private_only',
|
||||
);
|
||||
|
||||
$writer->resetWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
);
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::WorkspaceSettingReset->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->workspace_id)->toBe((int) $workspace->getKey())
|
||||
->and($audit?->tenant_id)->toBeNull()
|
||||
->and(data_get($audit?->metadata, 'domain'))->toBe('ai')
|
||||
->and(data_get($audit?->metadata, 'key'))->toBe('policy_mode')
|
||||
->and(data_get($audit?->metadata, 'scope'))->toBe('workspace')
|
||||
->and(data_get($audit?->metadata, 'before_value'))->toBe('private_only')
|
||||
->and(data_get($audit?->metadata, 'after_value'))->toBe('disabled');
|
||||
});
|
||||
|
||||
@ -44,6 +44,7 @@ function workspaceManagerUser(): array
|
||||
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.ai_policy_mode', null)
|
||||
->assertSet('data.backup_retention_keep_last_default', null)
|
||||
->assertSet('data.backup_retention_min_floor', null)
|
||||
->assertSet('data.drift_severity_mapping', [])
|
||||
@ -58,6 +59,7 @@ function workspaceManagerUser(): array
|
||||
->assertSet('data.findings_sla_low', null)
|
||||
->assertSet('data.operations_operation_run_retention_days', null)
|
||||
->assertSet('data.operations_stuck_run_threshold_minutes', null)
|
||||
->set('data.ai_policy_mode', 'private_only')
|
||||
->set('data.backup_retention_keep_last_default', 55)
|
||||
->set('data.backup_retention_min_floor', 12)
|
||||
->set('data.drift_severity_mapping', ['drift' => 'critical'])
|
||||
@ -74,6 +76,7 @@ function workspaceManagerUser(): array
|
||||
->set('data.operations_stuck_run_threshold_minutes', 60)
|
||||
->callAction('save')
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', 'private_only')
|
||||
->assertSet('data.backup_retention_keep_last_default', 55)
|
||||
->assertSet('data.backup_retention_min_floor', 12)
|
||||
->assertSet('data.baseline_severity_missing_policy', 'critical')
|
||||
@ -97,6 +100,9 @@ function workspaceManagerUser(): array
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'backup', 'retention_keep_last_default'))
|
||||
->toBe(55);
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('private_only');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'backup', 'retention_min_floor'))
|
||||
->toBe(12);
|
||||
|
||||
@ -142,6 +148,18 @@ function workspaceManagerUser(): array
|
||||
->where('key', 'retention_keep_last_default')
|
||||
->exists())->toBeFalse();
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', null);
|
||||
|
||||
expect(WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', 'ai')
|
||||
->where('key', 'policy_mode')
|
||||
->exists())->toBeFalse();
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('operations_operation_run_retention_days', 'reset_operations_operation_run_retention_days', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Livewire\Livewire;
|
||||
|
||||
@ -12,6 +13,14 @@
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceSetting::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => 'ai',
|
||||
'key' => 'policy_mode',
|
||||
'value' => 'private_only',
|
||||
'updated_by_user_id' => null,
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
$this->actingAs($user)
|
||||
|
||||
@ -30,6 +30,14 @@
|
||||
'updated_by_user_id' => null,
|
||||
]);
|
||||
|
||||
WorkspaceSetting::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => 'ai',
|
||||
'key' => 'policy_mode',
|
||||
'value' => 'private_only',
|
||||
'updated_by_user_id' => null,
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
$this->actingAs($user)
|
||||
@ -38,6 +46,7 @@
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.ai_policy_mode', 'private_only')
|
||||
->assertSet('data.backup_retention_keep_last_default', 27)
|
||||
->assertSet('data.backup_retention_min_floor', null)
|
||||
->assertSet('data.drift_severity_mapping', [])
|
||||
@ -56,6 +65,8 @@
|
||||
->assertActionDisabled('save')
|
||||
->assertFormComponentActionVisible('backup_retention_keep_last_default', 'reset_backup_retention_keep_last_default', [], 'content')
|
||||
->assertFormComponentActionDisabled('backup_retention_keep_last_default', 'reset_backup_retention_keep_last_default', [], 'content')
|
||||
->assertFormComponentActionVisible('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->assertFormComponentActionDisabled('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->assertFormComponentActionVisible('backup_retention_min_floor', 'reset_backup_retention_min_floor', [], 'content')
|
||||
->assertFormComponentActionDisabled('backup_retention_min_floor', 'reset_backup_retention_min_floor', [], 'content')
|
||||
->assertFormComponentActionVisible('drift_severity_mapping', 'reset_drift_severity_mapping', [], 'content')
|
||||
@ -75,6 +86,11 @@
|
||||
->call('save')
|
||||
->assertStatus(403);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->call('resetSetting', 'ai_policy_mode')
|
||||
->assertStatus(403);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->call('resetSetting', 'backup_retention_keep_last_default')
|
||||
@ -88,5 +104,12 @@
|
||||
->where('key', 'retention_keep_last_default')
|
||||
->first();
|
||||
|
||||
expect($setting)->not->toBeNull();
|
||||
$aiSetting = WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', 'ai')
|
||||
->where('key', 'policy_mode')
|
||||
->first();
|
||||
|
||||
expect($setting)->not->toBeNull()
|
||||
->and($aiSetting)->not->toBeNull();
|
||||
});
|
||||
|
||||
@ -0,0 +1,109 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\System\Pages\Ops\Controls;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationalControlActivation;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Facades\Filament;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
beforeEach(function (): void {
|
||||
Filament::setCurrentPanel('system');
|
||||
Filament::bootCurrentPanel();
|
||||
});
|
||||
|
||||
function makeAiControlsManager(): PlatformUser
|
||||
{
|
||||
return PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::OPS_CONTROLS_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
it('pauses and resumes ai execution through the global-only controls card', function (): void {
|
||||
$workspaceA = Workspace::factory()->create(['name' => 'Acme']);
|
||||
$workspaceB = Workspace::factory()->create(['name' => 'Bravo']);
|
||||
|
||||
Tenant::factory()->count(2)->create(['workspace_id' => (int) $workspaceA->getKey()]);
|
||||
Tenant::factory()->count(1)->create(['workspace_id' => (int) $workspaceB->getKey()]);
|
||||
|
||||
$user = makeAiControlsManager();
|
||||
$this->actingAs($user, 'platform');
|
||||
|
||||
$this->get(Controls::getUrl(panel: 'system'))
|
||||
->assertSuccessful()
|
||||
->assertSee("mountAction('pause_ai_execution')", escape: false);
|
||||
|
||||
$component = Livewire::test(Controls::class)
|
||||
->assertActionExists('pause_ai_execution', fn (Action $action): bool => $action->isConfirmationRequired())
|
||||
->assertActionExists('resume_ai_execution', fn (Action $action): bool => $action->isConfirmationRequired())
|
||||
->assertActionExists('view_history_ai_execution', fn (Action $action): bool => $action->getLabel() === 'View AI execution history');
|
||||
|
||||
$summary = $component->instance()->controlSummary('ai.execution');
|
||||
$preview = $component->instance()->scopeImpactPreview('ai.execution', 'global', null);
|
||||
|
||||
expect($summary['label'])->toBe('AI execution')
|
||||
->and($summary['supported_scopes'])->toBe(['global'])
|
||||
->and($summary['effective_state'])->toBe('enabled')
|
||||
->and($preview['summary'])->toContain('AI execution')
|
||||
->and($preview['workspace_count'])->toBe(2)
|
||||
->and($preview['tenant_count'])->toBe(3);
|
||||
|
||||
$component
|
||||
->callAction('pause_ai_execution', data: [
|
||||
'scope_type' => 'global',
|
||||
'reason_text' => 'Paused for AI rollout review.',
|
||||
'expires_at' => now()->addDay()->toDateTimeString(),
|
||||
])
|
||||
->assertNotified('AI execution paused');
|
||||
|
||||
$activation = OperationalControlActivation::query()
|
||||
->forControl('ai.execution')
|
||||
->forGlobalScope()
|
||||
->first();
|
||||
|
||||
expect($activation)->not->toBeNull()
|
||||
->and($activation?->reason_text)->toBe('Paused for AI rollout review.');
|
||||
|
||||
$pausedSummary = $component->instance()->controlSummary('ai.execution');
|
||||
|
||||
expect($pausedSummary['effective_state'])->toBe('paused')
|
||||
->and($pausedSummary['state_label'])->toBe('Paused globally');
|
||||
|
||||
$component
|
||||
->callAction('resume_ai_execution', data: [
|
||||
'scope_type' => 'global',
|
||||
])
|
||||
->assertNotified('AI execution resumed');
|
||||
|
||||
expect(OperationalControlActivation::query()
|
||||
->forControl('ai.execution')
|
||||
->forGlobalScope()
|
||||
->count())->toBe(0);
|
||||
|
||||
$audits = AuditLog::query()
|
||||
->whereIn('action', [
|
||||
AuditActionId::OperationalControlPaused->value,
|
||||
AuditActionId::OperationalControlResumed->value,
|
||||
])
|
||||
->where('metadata->control_key', 'ai.execution')
|
||||
->orderBy('id')
|
||||
->get();
|
||||
|
||||
expect($audits)->toHaveCount(2)
|
||||
->and($audits[0]->workspace_id)->toBeNull()
|
||||
->and($audits[1]->workspace_id)->toBeNull();
|
||||
});
|
||||
@ -5,7 +5,9 @@
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\System\SystemDirectoryLinks;
|
||||
use App\Support\System\SystemOperationRunLinks;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
@ -119,3 +121,38 @@
|
||||
->get('/system/ops/runbooks')
|
||||
->assertSuccessful();
|
||||
});
|
||||
|
||||
it('keeps system workspace detail route semantics separate from commercial business-state blocks', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
|
||||
$this->actingAs(User::factory()->create())
|
||||
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
||||
->assertNotFound();
|
||||
|
||||
auth()->guard('web')->logout();
|
||||
|
||||
$platformWithoutDirectoryView = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($platformWithoutDirectoryView, 'platform')
|
||||
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
||||
->assertForbidden();
|
||||
|
||||
$directoryViewer = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($directoryViewer, 'platform')
|
||||
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
||||
->assertSuccessful()
|
||||
->assertSee('Commercial lifecycle')
|
||||
->assertDontSee('Change commercial state');
|
||||
});
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user