90 lines
2.8 KiB
PHP
90 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\System\Pages\Dashboard;
|
|
use App\Filament\System\Pages\RepairWorkspaceOwners;
|
|
use App\Models\AuditLog;
|
|
use App\Models\PlatformUser;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use App\Support\Auth\WorkspaceRole;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function () {
|
|
Filament::setCurrentPanel('system');
|
|
Filament::bootCurrentPanel();
|
|
|
|
Tenant::factory()->create([
|
|
'tenant_id' => null,
|
|
'external_id' => 'platform',
|
|
'name' => 'Platform',
|
|
]);
|
|
|
|
config()->set('tenantpilot.break_glass.enabled', true);
|
|
config()->set('tenantpilot.break_glass.ttl_minutes', 15);
|
|
});
|
|
|
|
it('can assign a workspace owner via break-glass and audits it', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::USE_BREAK_GLASS,
|
|
],
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform');
|
|
|
|
$workspace = Workspace::factory()->create();
|
|
$targetUser = User::factory()->create();
|
|
|
|
// Ensure the workspace is in a "broken" state: zero owners.
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => $workspace->getKey(),
|
|
'user_id' => $targetUser->getKey(),
|
|
'role' => WorkspaceRole::Operator->value,
|
|
]);
|
|
|
|
Livewire::test(Dashboard::class)
|
|
->callAction('enter_break_glass', data: [
|
|
'reason' => 'Recover workspace ownership',
|
|
]);
|
|
|
|
Livewire::test(RepairWorkspaceOwners::class)
|
|
->callAction('assign_owner', data: [
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'target_user_id' => (int) $targetUser->getKey(),
|
|
'reason' => 'Fix last owner removed via DB edit',
|
|
]);
|
|
|
|
$membership = WorkspaceMembership::query()
|
|
->where('workspace_id', $workspace->getKey())
|
|
->where('user_id', $targetUser->getKey())
|
|
->firstOrFail();
|
|
|
|
expect($membership->role)->toBe(WorkspaceRole::Owner->value);
|
|
|
|
$audit = AuditLog::query()
|
|
->where('workspace_id', $workspace->getKey())
|
|
->where('action', 'workspace_membership.break_glass.assign_owner')
|
|
->where('status', 'success')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull();
|
|
expect($audit->metadata)->toMatchArray([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'actor_user_id' => (int) $platformUser->getKey(),
|
|
'target_user_id' => (int) $targetUser->getKey(),
|
|
'attempted_role' => WorkspaceRole::Owner->value,
|
|
'source' => 'break_glass',
|
|
]);
|
|
});
|