ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
155-tenant-review-layer
TenantAtlas/tests/Feature/Rbac/BackupItemsRelationManagerSemanticsTest.php
ahmido 1f3619bd16 feat: tenant-owned query canon and wrong-tenant guards (#180) 
## Summary
- introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources
- harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access
- add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics

## Included
- Spec 150 package under `specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/`
- shared support classes: `TenantOwnedModelFamilies`, `TenantOwnedQueryScope`, `TenantOwnedRecordResolver`
- shared Filament concern: `InteractsWithTenantOwnedRecords`
- resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups
- additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails

## Validation
- `vendor/bin/sail artisan test --compact` passed
- full suite result: `2733 passed, 8 skipped`
- formatting applied with `vendor/bin/sail bin pint --dirty --format agent`

## Notes
- Livewire v4.0+ compliant via existing Filament v5 stack
- provider registration remains in `bootstrap/providers.php`
- globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled
- destructive actions continue to use confirmation and policy authorization
- no new Filament assets added; existing deployment flow remains unchanged, including `php artisan filament:assets` when registered assets are used

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #180
2026-03-18 08:33:13 +00:00

156 lines
5.4 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\BackupSetResource;
use App\Filament\Resources\BackupSetResource\Pages\EditBackupSet;
use App\Filament\Resources\BackupSetResource\RelationManagers\BackupItemsRelationManager;
use App\Filament\Resources\PolicyVersionResource;
use App\Models\BackupItem;
use App\Models\BackupSet;
use App\Models\OperationRun;
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Models\User;
use App\Models\WorkspaceMembership;
use Filament\Actions\Action;
use Filament\Facades\Filament;
use Illuminate\Support\Facades\Queue;
use Livewire\Livewire;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
it('returns 404 for non-members before capability checks on backup item actions', function (): void {
[$owner, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($owner);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$backupSet = BackupSet::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
$backupItem = BackupItem::factory()->for($backupSet)->for($tenant)->create();
$outsider = User::factory()->create();
WorkspaceMembership::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'user_id' => (int) $outsider->getKey(),
'role' => 'owner',
]);
$this->actingAs($outsider);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$this->get(BackupSetResource::getUrl('view', ['record' => $backupSet], tenant: $tenant))
->assertNotFound();
});
it('keeps actions visible but disabled for members missing capability', function (): void {
[$readonlyUser, $tenant] = createUserWithTenant(role: 'readonly');
$this->actingAs($readonlyUser);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$backupSet = BackupSet::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
$backupItem = BackupItem::factory()->for($backupSet)->for($tenant)->create();
Livewire::test(BackupItemsRelationManager::class, [
'ownerRecord' => $backupSet,
'pageClass' => EditBackupSet::class,
])
->assertTableActionVisible('remove', $backupItem)
->assertTableActionDisabled('remove', $backupItem);
});
it('routes versioned RBAC foundation items to immutable policy version detail', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'external_id' => 'role-def-1',
'policy_type' => 'intuneRoleDefinition',
'platform' => 'all',
'display_name' => 'Current role label',
'last_synced_at' => null,
]);
$version = PolicyVersion::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'policy_id' => (int) $policy->getKey(),
'policy_type' => 'intuneRoleDefinition',
'platform' => 'all',
'snapshot' => [
'displayName' => 'Captured RBAC role',
],
]);
$backupSet = BackupSet::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
$backupItem = BackupItem::factory()->for($backupSet)->for($tenant)->create([
'policy_id' => (int) $policy->getKey(),
'policy_version_id' => (int) $version->getKey(),
'policy_identifier' => 'role-def-1',
'policy_type' => 'intuneRoleDefinition',
'platform' => 'all',
'payload' => [
'displayName' => 'Captured RBAC role',
],
'metadata' => [
'displayName' => 'Captured RBAC role',
],
]);
Livewire::test(BackupItemsRelationManager::class, [
'ownerRecord' => $backupSet,
'pageClass' => EditBackupSet::class,
])
->assertTableColumnFormattedStateSet('policy.display_name', 'Captured RBAC role', $backupItem)
->assertTableActionVisible('view', $backupItem)
->assertTableActionExists('view', function (Action $action) use ($tenant, $version): bool {
return $action->getLabel() === 'View version'
&& $action->getUrl() === PolicyVersionResource::getUrl('view', ['record' => $version], tenant: $tenant);
}, $backupItem);
});
it('returns 404 and queues nothing when a forged foreign-tenant row action record is submitted', function (): void {
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$backupSet = BackupSet::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
$foreignTenant = \App\Models\Tenant::factory()->create();
$foreignBackupSet = BackupSet::factory()->create([
'tenant_id' => (int) $foreignTenant->getKey(),
]);
$foreignBackupItem = BackupItem::factory()->for($foreignBackupSet)->for($foreignTenant)->create();
$component = Livewire::test(BackupItemsRelationManager::class, [
'ownerRecord' => $backupSet,
'pageClass' => EditBackupSet::class,
]);
expect(fn () => $component->instance()->mountTableAction('remove', (string) $foreignBackupItem->getKey()))
->toThrow(NotFoundHttpException::class);
Queue::assertNothingPushed();
expect(OperationRun::query()->where('type', 'backup_set.remove_policies')->exists())->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink