ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
fix/pest-makeassignment-collision
TenantAtlas/tests/Feature/090/AuditLoggingTest.php
ahmido 90bfe1516e feat(spec-090): action surface contract compliance (#108) 
Implements Spec 090 (Action Surface Contract Compliance & RBAC Hardening).

Highlights:
- Adds/updates action surface declarations and shrinks baseline exemptions.
- Standardizes Filament action grouping/order and empty-state CTAs.
- Enforces RBAC UX semantics (non-member -> 404, member w/o capability -> disabled + tooltip, server-side 403).
- Adds audit logging for successful side-effect actions.
- Fixes Provider Connections list context so header create + row actions resolve tenant correctly.

Tests (focused):
- vendor/bin/sail artisan test --compact tests/Feature/090/
- vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php
- vendor/bin/sail bin pint --dirty

Livewire/Filament:
- Filament v5 + Livewire v4 compliant.
- No panel provider registration changes (Laravel 11+ registration remains in bootstrap/providers.php).

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #108
2026-02-13 01:30:22 +00:00

115 lines
3.4 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\PolicyResource\Pages\ViewPolicy;
use App\Jobs\CapturePolicySnapshotJob;
use App\Models\AuditLog;
use App\Models\Policy;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Queue;
use Livewire\Livewire;
use Tests\TestCase;
final class AuditLoggingTest extends TestCase
{
use RefreshDatabase;
public function test_spec090_writes_an_audit_log_when_capture_snapshot_dispatch_succeeds(): void
{
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
Livewire::test(ViewPolicy::class, ['record' => $policy->getRouteKey()])
->callAction('capture_snapshot', data: [
'include_assignments' => true,
'include_scope_tags' => true,
])
->assertHasNoActionErrors();
Queue::assertPushed(CapturePolicySnapshotJob::class);
$audit = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'policy.capture_snapshot_dispatched')
->latest('id')
->first();
$this->assertNotNull($audit);
$this->assertSame('success', $audit?->status);
$this->assertSame('operation_run', $audit?->resource_type);
$this->assertSame((int) $policy->getKey(), (int) ($audit?->metadata['policy_id'] ?? 0));
}
public function test_spec090_does_not_require_audit_logs_for_denied_capture_snapshot_attempts(): void
{
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'readonly');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
Livewire::test(ViewPolicy::class, ['record' => $policy->getRouteKey()])
->callAction('capture_snapshot', data: [
'include_assignments' => true,
'include_scope_tags' => true,
])
->assertSuccessful();
Queue::assertNothingPushed();
$this->assertSame(
0,
AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'policy.capture_snapshot_dispatched')
->count(),
);
}
public function test_spec090_does_not_require_audit_logs_for_cancelled_capture_snapshot_modals(): void
{
Queue::fake();
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user);
$tenant->makeCurrent();
Filament::setTenant($tenant, true);
$policy = Policy::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
]);
Livewire::test(ViewPolicy::class, ['record' => $policy->getRouteKey()])
->mountAction('capture_snapshot')
->assertSuccessful();
Queue::assertNothingPushed();
$this->assertSame(
0,
AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'policy.capture_snapshot_dispatched')
->count(),
);
}
}
Reference in New Issue View Git Blame Copy Permalink