244 lines
8.3 KiB
PHP
244 lines
8.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Jobs\Middleware\EnsureQueuedExecutionLegitimate;
|
|
use App\Jobs\Middleware\TrackOperationRun;
|
|
use App\Models\OperationRun;
|
|
use App\Services\Operations\QueuedExecutionLegitimacyGate;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\Operations\ExecutionAuthorityMode;
|
|
use App\Support\Operations\ExecutionDenialReasonCode;
|
|
use App\Support\Operations\QueuedExecutionContext;
|
|
use App\Support\Operations\QueuedExecutionLegitimacyDecision;
|
|
|
|
it('blocks before track middleware can mark the run running', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'user_id' => (int) $user->getKey(),
|
|
'type' => 'inventory_sync',
|
|
'status' => OperationRunStatus::Queued->value,
|
|
'outcome' => OperationRunOutcome::Pending->value,
|
|
]);
|
|
|
|
$context = new QueuedExecutionContext(
|
|
run: $run,
|
|
operationType: 'inventory_sync',
|
|
workspaceId: (int) $tenant->workspace_id,
|
|
tenant: $tenant,
|
|
initiator: $user,
|
|
authorityMode: ExecutionAuthorityMode::ActorBound,
|
|
requiredCapability: null,
|
|
providerConnectionId: null,
|
|
targetScope: [
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'provider_connection_id' => null,
|
|
],
|
|
);
|
|
|
|
$decision = QueuedExecutionLegitimacyDecision::deny(
|
|
context: $context,
|
|
checks: [
|
|
'workspace_scope' => 'passed',
|
|
'tenant_scope' => 'passed',
|
|
'capability' => 'failed',
|
|
'tenant_operability' => 'not_applicable',
|
|
'execution_prerequisites' => 'not_applicable',
|
|
],
|
|
reasonCode: ExecutionDenialReasonCode::MissingCapability,
|
|
);
|
|
|
|
app()->instance(QueuedExecutionLegitimacyGate::class, new class($decision)
|
|
{
|
|
public function __construct(private readonly QueuedExecutionLegitimacyDecision $decision) {}
|
|
|
|
public function evaluate(OperationRun $run): QueuedExecutionLegitimacyDecision
|
|
{
|
|
return $this->decision;
|
|
}
|
|
});
|
|
|
|
$ensure = new EnsureQueuedExecutionLegitimate;
|
|
$track = new TrackOperationRun;
|
|
$executed = false;
|
|
$job = new class($run)
|
|
{
|
|
public function __construct(public OperationRun $operationRun) {}
|
|
};
|
|
|
|
$response = $ensure->handle($job, function ($job) use (&$executed, $track) {
|
|
return $track->handle($job, function () use (&$executed): string {
|
|
$executed = true;
|
|
|
|
return 'ran';
|
|
});
|
|
});
|
|
|
|
$run->refresh();
|
|
|
|
expect($response)->toBeNull()
|
|
->and($executed)->toBeFalse()
|
|
->and($run->status)->toBe(OperationRunStatus::Completed->value)
|
|
->and($run->outcome)->toBe(OperationRunOutcome::Blocked->value)
|
|
->and($run->started_at)->toBeNull()
|
|
->and($run->context['blocked_by'] ?? null)->toBe('queued_execution_legitimacy')
|
|
->and($run->context['execution_legitimacy']['reason_code'] ?? null)->toBe('missing_capability');
|
|
});
|
|
|
|
it('marks legitimate execution running before completing it', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'user_id' => (int) $user->getKey(),
|
|
'type' => 'inventory_sync',
|
|
'status' => OperationRunStatus::Queued->value,
|
|
'outcome' => OperationRunOutcome::Pending->value,
|
|
]);
|
|
|
|
$context = new QueuedExecutionContext(
|
|
run: $run,
|
|
operationType: 'inventory_sync',
|
|
workspaceId: (int) $tenant->workspace_id,
|
|
tenant: $tenant,
|
|
initiator: $user,
|
|
authorityMode: ExecutionAuthorityMode::ActorBound,
|
|
requiredCapability: null,
|
|
providerConnectionId: null,
|
|
targetScope: [
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'provider_connection_id' => null,
|
|
],
|
|
);
|
|
|
|
$decision = QueuedExecutionLegitimacyDecision::allow(
|
|
context: $context,
|
|
checks: [
|
|
'workspace_scope' => 'passed',
|
|
'tenant_scope' => 'passed',
|
|
'capability' => 'passed',
|
|
'tenant_operability' => 'passed',
|
|
'execution_prerequisites' => 'not_applicable',
|
|
],
|
|
);
|
|
|
|
app()->instance(QueuedExecutionLegitimacyGate::class, new class($decision)
|
|
{
|
|
public function __construct(private readonly QueuedExecutionLegitimacyDecision $decision) {}
|
|
|
|
public function evaluate(OperationRun $run): QueuedExecutionLegitimacyDecision
|
|
{
|
|
return $this->decision;
|
|
}
|
|
});
|
|
|
|
$ensure = new EnsureQueuedExecutionLegitimate;
|
|
$track = new TrackOperationRun;
|
|
$executed = false;
|
|
$job = new class($run)
|
|
{
|
|
public function __construct(public OperationRun $operationRun) {}
|
|
};
|
|
|
|
$response = $ensure->handle($job, function ($job) use (&$executed, $track) {
|
|
return $track->handle($job, function () use (&$executed): string {
|
|
$executed = true;
|
|
|
|
return 'ran';
|
|
});
|
|
});
|
|
|
|
$run->refresh();
|
|
|
|
expect($response)->toBe('ran')
|
|
->and($executed)->toBeTrue()
|
|
->and($run->status)->toBe(OperationRunStatus::Completed->value)
|
|
->and($run->outcome)->toBe(OperationRunOutcome::Succeeded->value)
|
|
->and($run->started_at)->not->toBeNull()
|
|
->and($run->completed_at)->not->toBeNull();
|
|
});
|
|
|
|
it('persists write-gate denials as blocked before track middleware runs', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'user_id' => (int) $user->getKey(),
|
|
'type' => 'restore.execute',
|
|
'status' => OperationRunStatus::Queued->value,
|
|
'outcome' => OperationRunOutcome::Pending->value,
|
|
]);
|
|
|
|
$context = new QueuedExecutionContext(
|
|
run: $run,
|
|
operationType: 'restore.execute',
|
|
workspaceId: (int) $tenant->workspace_id,
|
|
tenant: $tenant,
|
|
initiator: $user,
|
|
authorityMode: ExecutionAuthorityMode::ActorBound,
|
|
requiredCapability: null,
|
|
providerConnectionId: null,
|
|
targetScope: [
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'provider_connection_id' => null,
|
|
],
|
|
);
|
|
|
|
$decision = QueuedExecutionLegitimacyDecision::deny(
|
|
context: $context,
|
|
checks: [
|
|
'workspace_scope' => 'passed',
|
|
'tenant_scope' => 'passed',
|
|
'capability' => 'passed',
|
|
'tenant_operability' => 'passed',
|
|
'execution_prerequisites' => 'failed',
|
|
],
|
|
reasonCode: ExecutionDenialReasonCode::WriteGateBlocked,
|
|
);
|
|
|
|
app()->instance(QueuedExecutionLegitimacyGate::class, new class($decision)
|
|
{
|
|
public function __construct(private readonly QueuedExecutionLegitimacyDecision $decision) {}
|
|
|
|
public function evaluate(OperationRun $run): QueuedExecutionLegitimacyDecision
|
|
{
|
|
return $this->decision;
|
|
}
|
|
});
|
|
|
|
$ensure = new EnsureQueuedExecutionLegitimate;
|
|
$track = new TrackOperationRun;
|
|
$executed = false;
|
|
$job = new class($run)
|
|
{
|
|
public function __construct(public OperationRun $operationRun) {}
|
|
};
|
|
|
|
$response = $ensure->handle($job, function ($job) use (&$executed, $track) {
|
|
return $track->handle($job, function () use (&$executed): string {
|
|
$executed = true;
|
|
|
|
return 'ran';
|
|
});
|
|
});
|
|
|
|
$run->refresh();
|
|
|
|
expect($response)->toBeNull()
|
|
->and($executed)->toBeFalse()
|
|
->and($run->status)->toBe(OperationRunStatus::Completed->value)
|
|
->and($run->outcome)->toBe(OperationRunOutcome::Blocked->value)
|
|
->and($run->started_at)->toBeNull()
|
|
->and($run->context['reason_code'] ?? null)->toBe('write_gate_blocked')
|
|
->and($run->context['execution_legitimacy']['reason_code'] ?? null)->toBe('write_gate_blocked');
|
|
});
|