ahmido
5bcb4f6ab8
## Summary
- add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs
- enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows
- surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer
- add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption
## Testing
- vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php
- vendor/bin/sail bin pint --dirty --format agent
## Manual validation
- validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run}
- validated 404 vs 403 route behavior for non-membership vs in-scope capability denial
- validated initiator-null blocked system-run behavior without creating a user terminal notification
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #179
111 lines
3.6 KiB
PHP
111 lines
3.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Jobs\BulkPolicyDeleteJob;
|
|
use App\Models\Policy;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Services\OperationRunService;
|
|
use App\Services\Operations\BulkSelectionIdentity;
|
|
use Illuminate\Support\Facades\Queue;
|
|
|
|
function runQueuedBulkJobThroughMiddleware(object $job, Closure $terminal): mixed
|
|
{
|
|
$pipeline = array_reduce(
|
|
array_reverse($job->middleware()),
|
|
fn (Closure $next, object $middleware): Closure => fn (object $job): mixed => $middleware->handle($job, $next),
|
|
$terminal,
|
|
);
|
|
|
|
return $pipeline($job);
|
|
}
|
|
|
|
it('stores actor-bound execution metadata when bulk policy delete is queued', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$policies = Policy::factory()->count(2)->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
]);
|
|
|
|
$selection = app(BulkSelectionIdentity::class)->fromIds($policies->pluck('id')->all());
|
|
|
|
$run = app(OperationRunService::class)->enqueueBulkOperation(
|
|
tenant: $tenant,
|
|
type: 'policy.delete',
|
|
targetScope: [
|
|
'entra_tenant_id' => (string) ($tenant->tenant_id ?? $tenant->external_id),
|
|
],
|
|
selectionIdentity: $selection,
|
|
dispatcher: static fn (): null => null,
|
|
initiator: $user,
|
|
extraContext: [
|
|
'policy_count' => $policies->count(),
|
|
],
|
|
);
|
|
|
|
expect($run->context)->toMatchArray([
|
|
'execution_authority_mode' => 'actor_bound',
|
|
'required_capability' => 'tenant.manage',
|
|
'policy_count' => 2,
|
|
])
|
|
->and($run->context['selection']['kind'] ?? null)->toBe('ids')
|
|
->and($run->context['selection']['ids_count'] ?? null)->toBe(2)
|
|
->and($run->context['selection']['ids_hash'] ?? null)->toBeString();
|
|
});
|
|
|
|
it('blocks bulk policy delete before worker fan-out when the initiator loses capability', function (): void {
|
|
Queue::fake();
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$policies = Policy::factory()->count(2)->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
]);
|
|
|
|
$selection = app(BulkSelectionIdentity::class)->fromIds($policies->pluck('id')->all());
|
|
|
|
$run = app(OperationRunService::class)->enqueueBulkOperation(
|
|
tenant: $tenant,
|
|
type: 'policy.delete',
|
|
targetScope: [
|
|
'entra_tenant_id' => (string) ($tenant->tenant_id ?? $tenant->external_id),
|
|
],
|
|
selectionIdentity: $selection,
|
|
dispatcher: static fn (): null => null,
|
|
initiator: $user,
|
|
extraContext: [
|
|
'policy_count' => $policies->count(),
|
|
],
|
|
);
|
|
|
|
$job = new BulkPolicyDeleteJob(
|
|
tenantId: (int) $tenant->getKey(),
|
|
userId: (int) $user->getKey(),
|
|
policyIds: $policies->pluck('id')->all(),
|
|
operationRun: $run,
|
|
);
|
|
|
|
$user->tenantMemberships()->where('tenant_id', $tenant->getKey())->update(['role' => 'readonly']);
|
|
app(CapabilityResolver::class)->clearCache();
|
|
|
|
$terminalInvoked = false;
|
|
|
|
runQueuedBulkJobThroughMiddleware(
|
|
$job,
|
|
function (BulkPolicyDeleteJob $job) use (&$terminalInvoked): void {
|
|
$terminalInvoked = true;
|
|
$job->handle(app(OperationRunService::class));
|
|
},
|
|
);
|
|
|
|
$run->refresh();
|
|
|
|
expect($terminalInvoked)->toBeFalse()
|
|
->and($run->status)->toBe('completed')
|
|
->and($run->outcome)->toBe('blocked')
|
|
->and($run->context['reason_code'] ?? null)->toBe('missing_capability')
|
|
->and($run->context['execution_legitimacy']['target_scope']['tenant_id'] ?? null)->toBe((int) $tenant->getKey());
|
|
|
|
Queue::assertNothingPushed();
|
|
});
|