ahmido
440e63edff
## Summary
Implements Spec 145 for tenant action taxonomy and lifecycle-safe visibility.
This PR:
- adds a central tenant action policy surface and supporting value objects
- aligns tenant list, detail, edit, onboarding, and widget surfaces around lifecycle-safe actions
- standardizes operator-facing lifecycle wording around View, Resume onboarding, Archive, Restore, and Complete onboarding
- tightens onboarding and tenant lifecycle authorization semantics, including honest 404 vs 403 behavior
- updates related regression coverage and spec artifacts for Spec 145
- fixes follow-on full-suite regressions uncovered during validation, including onboarding browser flows, provider consent fixtures, workspace redirect DI expectations, and critical table/action/UI expectation drift
## Validation
Executed and passed:
- vendor/bin/sail bin pint --dirty --format agent
- vendor/bin/sail artisan test --compact
Result:
- 2581 passed
- 8 skipped
- 13534 assertions
## Notes
- Base branch: dev
- Feature branch commit: a33a41b
- Filament v5 / Livewire v4 compliance preserved
- No panel provider registration changes; Laravel 12 provider registration remains in bootstrap/providers.php
- No new globally searchable resource behavior added in this slice
- Destructive lifecycle actions remain confirmation-gated and authorization-protected
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #174
190 lines
7.4 KiB
PHP
190 lines
7.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\TenantResource;
|
|
use App\Filament\Resources\TenantResource\Pages\ListTenants;
|
|
use App\Filament\Resources\TenantResource\Pages\ViewTenant;
|
|
use App\Models\AuditLog;
|
|
use App\Models\Tenant;
|
|
use App\Services\Audit\WorkspaceAuditLogger;
|
|
use App\Support\Audit\AuditActionId;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Actions\Action;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('shows resume onboarding instead of archive for draft and onboarding tenants on list and detail surfaces', function (\Closure $tenantFactory): void {
|
|
$tenant = $tenantFactory();
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
|
|
createOnboardingDraft([
|
|
'workspace' => $tenant->workspace,
|
|
'tenant' => $tenant,
|
|
'started_by' => $user,
|
|
'updated_by' => $user,
|
|
'state' => [
|
|
'entra_tenant_id' => (string) $tenant->tenant_id,
|
|
'tenant_name' => (string) $tenant->name,
|
|
],
|
|
]);
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionVisible('view', $tenant)
|
|
->assertTableActionVisible('related_onboarding', $tenant)
|
|
->assertTableActionExists('related_onboarding', fn (Action $action): bool => $action->getLabel() === 'Resume onboarding', $tenant)
|
|
->assertTableActionHidden('archive', $tenant)
|
|
->assertTableActionHidden('restore', $tenant);
|
|
|
|
Filament::setTenant(null, true);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
|
|
->assertActionVisible('related_onboarding')
|
|
->assertActionExists('related_onboarding', fn (Action $action): bool => $action->getLabel() === 'Resume onboarding')
|
|
->assertActionHidden('archive')
|
|
->assertActionHidden('restore');
|
|
})->with([
|
|
'draft' => [fn (): Tenant => Tenant::factory()->draft()->create()],
|
|
'onboarding' => [fn (): Tenant => Tenant::factory()->onboarding()->create()],
|
|
]);
|
|
|
|
it('shows archive only for active tenants on list and detail surfaces', function (): void {
|
|
$tenant = Tenant::factory()->active()->create();
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionVisible('archive', $tenant)
|
|
->assertTableActionHidden('restore', $tenant)
|
|
->assertTableActionHidden('related_onboarding', $tenant);
|
|
|
|
Filament::setTenant(null, true);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
|
|
->assertActionVisible('archive')
|
|
->assertActionHidden('restore');
|
|
});
|
|
|
|
it('shows restore only for archived tenants on list and detail surfaces', function (): void {
|
|
$tenant = Tenant::factory()->archived()->create();
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionVisible('restore', $tenant)
|
|
->assertTableActionHidden('archive', $tenant)
|
|
->assertTableActionHidden('related_onboarding', $tenant);
|
|
|
|
Filament::setTenant(null, true);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
|
|
->assertActionVisible('restore')
|
|
->assertActionHidden('archive')
|
|
->assertActionHidden('related_onboarding');
|
|
});
|
|
|
|
it('keeps lifecycle actions visible but disabled for in-scope members without mutation capability', function (): void {
|
|
$tenant = Tenant::factory()->active()->create();
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'manager');
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListTenants::class)
|
|
->assertTableActionVisible('archive', $tenant)
|
|
->assertTableActionDisabled('archive', $tenant);
|
|
});
|
|
|
|
it('returns 404 on tenant detail routes for non-members regardless of lifecycle state', function (\Closure $tenantFactory): void {
|
|
$tenant = $tenantFactory();
|
|
[$user] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
|
|
$this->actingAs($user)
|
|
->get(TenantResource::getUrl('view', ['record' => $tenant]))
|
|
->assertNotFound();
|
|
})->with([
|
|
'draft' => [fn (): Tenant => Tenant::factory()->draft()->create()],
|
|
'onboarding' => [fn (): Tenant => Tenant::factory()->onboarding()->create()],
|
|
'active' => [fn (): Tenant => Tenant::factory()->active()->create()],
|
|
'archived' => [fn (): Tenant => Tenant::factory()->archived()->create()],
|
|
]);
|
|
|
|
it('keeps tenant detail lifecycle actions bound to the viewed record instead of the selected header tenant', function (): void {
|
|
$selectedTenant = Tenant::factory()->active()->create();
|
|
[$user, $selectedTenant] = createUserWithTenant(tenant: $selectedTenant, role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
|
|
$archivedTenant = Tenant::factory()->archived()->create([
|
|
'workspace_id' => (int) $selectedTenant->workspace_id,
|
|
]);
|
|
|
|
createUserWithTenant(
|
|
tenant: $archivedTenant,
|
|
user: $user,
|
|
role: 'owner',
|
|
workspaceRole: 'owner',
|
|
ensureDefaultMicrosoftProviderConnection: false,
|
|
);
|
|
|
|
Filament::setTenant($selectedTenant, true);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ViewTenant::class, ['record' => $archivedTenant->getRouteKey()])
|
|
->assertActionVisible('restore')
|
|
->assertActionHidden('archive')
|
|
->assertActionHidden('related_onboarding');
|
|
});
|
|
|
|
it('refuses lifecycle-invalid archive and restore mutations without changing tenant state', function (): void {
|
|
$activeTenant = Tenant::factory()->active()->create();
|
|
[$user, $activeTenant] = createUserWithTenant(tenant: $activeTenant, role: 'owner');
|
|
|
|
$onboardingTenant = Tenant::factory()->onboarding()->create([
|
|
'workspace_id' => (int) $activeTenant->workspace_id,
|
|
]);
|
|
|
|
createUserWithTenant(
|
|
tenant: $onboardingTenant,
|
|
user: $user,
|
|
role: 'owner',
|
|
workspaceRole: 'owner',
|
|
ensureDefaultMicrosoftProviderConnection: false,
|
|
);
|
|
|
|
$this->actingAs($user);
|
|
|
|
$auditLogger = app(WorkspaceAuditLogger::class);
|
|
|
|
TenantResource::restoreTenant($activeTenant, $auditLogger);
|
|
TenantResource::archiveTenant($onboardingTenant, $auditLogger);
|
|
|
|
$activeTenant->refresh();
|
|
$onboardingTenant->refresh();
|
|
|
|
expect($activeTenant->trashed())->toBeFalse()
|
|
->and($onboardingTenant->trashed())->toBeFalse()
|
|
->and($onboardingTenant->status)->toBe(Tenant::STATUS_ONBOARDING)
|
|
->and(AuditLog::query()
|
|
->whereIn('action', [
|
|
AuditActionId::TenantArchived->value,
|
|
AuditActionId::TenantRestored->value,
|
|
])
|
|
->whereIn('resource_id', [
|
|
(string) $activeTenant->getKey(),
|
|
(string) $onboardingTenant->getKey(),
|
|
])
|
|
->exists())->toBeFalse();
|
|
});
|