ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
008beb88c0
TenantAtlas/tests/Feature/Findings/FindingAuditLogTest.php
Ahmed Darrazi 008beb88c0 feat(111): findings workflow + SLA settings
2026-02-25 02:45:20 +01:00

82 lines
3.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\AuditLog;
use App\Models\Finding;
use App\Models\User;
use App\Services\Findings\FindingWorkflowService;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('writes sanitized audit entries for workflow mutations with before and after metadata', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->create([
'status' => Finding::STATUS_NEW,
'evidence_jsonb' => [
'secret_token' => 'should-not-be-audited',
'payload' => ['x' => 'y'],
],
]);
$service = app(FindingWorkflowService::class);
$service->triage($finding, $tenant, $user);
$service->resolve($finding->refresh(), $tenant, $user, 'fixed');
$audit = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('resource_type', 'finding')
->where('resource_id', (string) $finding->getKey())
->where('action', 'finding.resolved')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect((int) $audit->actor_id)->toBe((int) $user->getKey())
->and($audit->actor_email)->toBe($user->email)
->and(data_get($audit->metadata, 'finding_id'))->toBe((int) $finding->getKey())
->and(data_get($audit->metadata, 'before_status'))->toBe(Finding::STATUS_TRIAGED)
->and(data_get($audit->metadata, 'after_status'))->toBe(Finding::STATUS_RESOLVED)
->and(data_get($audit->metadata, 'resolved_reason'))->toBe('fixed')
->and(data_get($audit->metadata, 'before'))->toBeArray()
->and(data_get($audit->metadata, 'after'))->toBeArray()
->and(data_get($audit->metadata, 'evidence_jsonb'))->toBeNull()
->and(data_get($audit->metadata, 'before.evidence_jsonb'))->toBeNull()
->and(data_get($audit->metadata, 'after.evidence_jsonb'))->toBeNull();
});
it('writes assignment audit entries without evidence payloads', function (): void {
[$owner, $tenant] = createUserWithTenant(role: 'owner');
$assignee = User::factory()->create();
createUserWithTenant(tenant: $tenant, user: $assignee, role: 'operator');
$finding = Finding::factory()->for($tenant)->create([
'status' => Finding::STATUS_NEW,
]);
app(FindingWorkflowService::class)->assign(
finding: $finding,
tenant: $tenant,
actor: $owner,
assigneeUserId: (int) $assignee->getKey(),
ownerUserId: (int) $owner->getKey(),
);
$audit = AuditLog::query()
->where('tenant_id', (int) $tenant->getKey())
->where('action', 'finding.assigned')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect(data_get($audit->metadata, 'assignee_user_id'))->toBe((int) $assignee->getKey())
->and(data_get($audit->metadata, 'owner_user_id'))->toBe((int) $owner->getKey())
->and(data_get($audit->metadata, 'before'))->toBeArray()
->and(data_get($audit->metadata, 'after'))->toBeArray()
->and(data_get($audit->metadata, 'before.evidence_jsonb'))->toBeNull()
->and(data_get($audit->metadata, 'after.evidence_jsonb'))->toBeNull();
});
Reference in New Issue View Git Blame Copy Permalink