ahmido
cd811cff4f
## Summary - replace broad substring-based masking with a shared exact/path-based secret classifier and workspace-scoped fingerprint hashing - persist protected snapshot metadata on `policy_versions` and keep secret-only changes visible in compare, drift, restore, review, verification, and ops surfaces - add Spec 120 artifacts, audit documentation, and focused Pest regression coverage for snapshot, audit, verification, review-pack, and notification behavior ## Validation - `vendor/bin/sail artisan test --compact tests/Feature/Intune/PolicySnapshotRedactionTest.php tests/Feature/Intune/PolicySnapshotFingerprintIsolationTest.php tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php tests/Feature/OpsUx/OperationRunNotificationRedactionTest.php tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php` - `vendor/bin/sail bin pint --dirty --format agent` ## Spec / checklist status | Checklist | Total | Completed | Incomplete | Status | |-----------|-------|-----------|------------|--------| | requirements.md | 16 | 16 | 0 | ✓ PASS | - `tasks.md`: T001-T032 complete - `tasks.md`: T033 manual quickstart validation is still open and noted for follow-up ## Filament / platform notes - Livewire v4 compliance is unchanged - no panel provider changes; `bootstrap/providers.php` remains the registration location - no new globally searchable resources were introduced, so global search requirements are unchanged - no new destructive Filament actions were added - no new Filament assets were added; no `filament:assets` deployment change is required ## Testing coverage touched - snapshot persistence and fingerprint isolation - compare/drift protected-change evidence - audit, verification, review-pack, ops-failure, and notification sanitization - viewer/read-only Filament presentation updates Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #146
72 lines
1.9 KiB
PHP
72 lines
1.9 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use App\Support\Baselines\PolicyVersionCapturePurpose;
|
|
use App\Support\Concerns\DerivesWorkspaceIdFromTenant;
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
|
use Illuminate\Database\Eloquent\SoftDeletes;
|
|
|
|
class PolicyVersion extends Model
|
|
{
|
|
use DerivesWorkspaceIdFromTenant;
|
|
use HasFactory;
|
|
use SoftDeletes;
|
|
|
|
protected $guarded = [];
|
|
|
|
protected $casts = [
|
|
'snapshot' => 'array',
|
|
'metadata' => 'array',
|
|
'assignments' => 'array',
|
|
'scope_tags' => 'array',
|
|
'secret_fingerprints' => 'array',
|
|
'redaction_version' => 'integer',
|
|
'captured_at' => 'datetime',
|
|
'capture_purpose' => PolicyVersionCapturePurpose::class,
|
|
];
|
|
|
|
public function previous(): ?self
|
|
{
|
|
return $this->policy
|
|
? $this->policy
|
|
->versions()
|
|
->where('version_number', '<', $this->version_number)
|
|
->orderByDesc('version_number')
|
|
->first()
|
|
: null;
|
|
}
|
|
|
|
public function tenant(): BelongsTo
|
|
{
|
|
return $this->belongsTo(Tenant::class);
|
|
}
|
|
|
|
public function policy(): BelongsTo
|
|
{
|
|
return $this->belongsTo(Policy::class);
|
|
}
|
|
|
|
public function operationRun(): BelongsTo
|
|
{
|
|
return $this->belongsTo(OperationRun::class);
|
|
}
|
|
|
|
public function baselineProfile(): BelongsTo
|
|
{
|
|
return $this->belongsTo(BaselineProfile::class);
|
|
}
|
|
|
|
public function scopePruneEligible($query, int $days = 90)
|
|
{
|
|
return $query
|
|
->whereNull('deleted_at')
|
|
->where('captured_at', '<', now()->subDays($days))
|
|
->whereRaw(
|
|
'policy_versions.version_number < (select max(pv2.version_number) from policy_versions pv2 where pv2.policy_id = policy_versions.policy_id and pv2.deleted_at is null)'
|
|
);
|
|
}
|
|
}
|