ahmido
ce0615a9c1
## Summary - move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling - update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location - add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation` - integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404` ## Remaining Rollout Checks - validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout - confirm web, queue, and scheduler processes all start from the expected working directory in staging/production - verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #213
91 lines
2.8 KiB
PHP
91 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\System\Pages\Dashboard;
|
|
use App\Filament\System\Pages\RepairWorkspaceOwners;
|
|
use App\Models\AuditLog;
|
|
use App\Models\PlatformUser;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use App\Support\Auth\WorkspaceRole;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function () {
|
|
Filament::setCurrentPanel('system');
|
|
Filament::bootCurrentPanel();
|
|
|
|
Tenant::factory()->create([
|
|
'tenant_id' => null,
|
|
'external_id' => 'platform',
|
|
'name' => 'Platform',
|
|
]);
|
|
|
|
config()->set('tenantpilot.break_glass.enabled', true);
|
|
config()->set('tenantpilot.break_glass.ttl_minutes', 15);
|
|
});
|
|
|
|
it('can assign a workspace owner via break-glass and audits it', function () {
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
PlatformCapabilities::USE_BREAK_GLASS,
|
|
],
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform');
|
|
|
|
$workspace = Workspace::factory()->create();
|
|
$targetUser = User::factory()->create();
|
|
|
|
// Ensure the workspace is in a "broken" state: zero owners.
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => $workspace->getKey(),
|
|
'user_id' => $targetUser->getKey(),
|
|
'role' => WorkspaceRole::Operator->value,
|
|
]);
|
|
|
|
Livewire::test(Dashboard::class)
|
|
->callAction('enter_break_glass', data: [
|
|
'reason' => 'Recover workspace ownership',
|
|
]);
|
|
|
|
Livewire::test(RepairWorkspaceOwners::class)
|
|
->callAction('assign_owner', data: [
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'target_user_id' => (int) $targetUser->getKey(),
|
|
'reason' => 'Fix last owner removed via DB edit',
|
|
]);
|
|
|
|
$membership = WorkspaceMembership::query()
|
|
->where('workspace_id', $workspace->getKey())
|
|
->where('user_id', $targetUser->getKey())
|
|
->firstOrFail();
|
|
|
|
expect($membership->role)->toBe(WorkspaceRole::Owner->value);
|
|
|
|
$audit = AuditLog::query()
|
|
->where('workspace_id', $workspace->getKey())
|
|
->where('action', 'workspace_membership.break_glass.assign_owner')
|
|
->where('status', 'success')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull();
|
|
expect($audit->metadata)->toMatchArray([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'actor_user_id' => (int) $platformUser->getKey(),
|
|
'target_user_id' => (int) $targetUser->getKey(),
|
|
'attempted_role' => WorkspaceRole::Owner->value,
|
|
'source' => 'break_glass',
|
|
]);
|
|
});
|