TenantAtlas/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php

<?php

declare(strict_types=1);

namespace App\Filament\Resources\EvidenceSnapshotResource\Pages;

use App\Filament\Resources\EvidenceSnapshotResource;
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
use App\Models\EvidenceSnapshot;
use App\Models\Tenant;
use App\Models\User;
use App\Services\Audit\WorkspaceAuditLogger;
use App\Services\Evidence\EvidenceSnapshotService;
use App\Support\Audit\AuditActionId;
use App\Support\Auth\Capabilities;
use App\Support\Rbac\UiEnforcement;
use App\Support\Ui\GovernanceActions\GovernanceActionCatalog;
use Filament\Actions;
use Filament\Forms\Components\Textarea;
use Filament\Notifications\Notification;
use Filament\Resources\Pages\ViewRecord;
use Illuminate\Database\Eloquent\Model;

class ViewEvidenceSnapshot extends ViewRecord
{
    protected static string $resource = EvidenceSnapshotResource::class;

    public function mount(int|string $record): void
    {
        parent::mount($record);

        $this->auditCustomerWorkspaceProofOpen();
    }

    protected function resolveRecord(int|string $key): Model
    {
        return EvidenceSnapshotResource::resolveScopedRecordOrFail($key);
    }

    protected function getHeaderActions(): array
    {
        if (EvidenceSnapshotResource::isCustomerWorkspaceFlow()) {
            return [];
        }

        $refreshRule = GovernanceActionCatalog::rule('refresh_evidence');
        $expireRule = GovernanceActionCatalog::rule('expire_snapshot');

        return [
            UiEnforcement::forAction(
                Actions\Action::make('refresh_evidence')
                    ->label($refreshRule->canonicalLabel)
                    ->icon('heroicon-o-arrow-path')
                    ->color('primary')
                    ->requiresConfirmation()
                    ->modalHeading($refreshRule->modalHeading)
                    ->modalDescription($refreshRule->modalDescription)
                    ->action(function () use ($refreshRule): void {
                        $user = auth()->user();

                        if (! $user instanceof User) {
                            abort(403);
                        }

                        app(EvidenceSnapshotService::class)->refresh($this->record, $user);

                        Notification::make()->success()->title($refreshRule->successTitle)->send();
                    }),
            )
                ->requireCapability(Capabilities::EVIDENCE_MANAGE)
                ->apply(),
            UiEnforcement::forAction(
                Actions\Action::make('expire_snapshot')
                    ->label($expireRule->canonicalLabel)
                    ->icon('heroicon-o-x-circle')
                    ->color('danger')
                    ->hidden(fn (): bool => ! EvidenceSnapshotResource::canExpireRecord($this->record))
                    ->requiresConfirmation()
                    ->modalHeading($expireRule->modalHeading)
                    ->modalDescription($expireRule->modalDescription)
                    ->form([
                        Textarea::make('expiration_reason')
                            ->label('Expiry reason')
                            ->rows(4)
                            ->required()
                            ->maxLength(2000),
                    ])
                    ->action(function (array $data) use ($expireRule): void {
                        $user = auth()->user();

                        if (! $user instanceof User) {
                            abort(403);
                        }

                        app(EvidenceSnapshotService::class)->expire(
                            $this->record,
                            $user,
                            (string) ($data['expiration_reason'] ?? ''),
                        );
                        $this->refreshFormData(['status', 'expires_at']);

                        Notification::make()->success()->title($expireRule->successTitle)->send();
                    }),
            )
                ->requireCapability(Capabilities::EVIDENCE_MANAGE)
                ->apply(),
        ];
    }

    private function auditCustomerWorkspaceProofOpen(): void
    {
        if (! EvidenceSnapshotResource::isCustomerWorkspaceFlow()) {
            return;
        }

        $record = $this->record;
        $user = auth()->user();

        if (! $record instanceof EvidenceSnapshot || ! $user instanceof User) {
            return;
        }

        $tenant = $record->tenant;

        if (! $tenant instanceof Tenant) {
            return;
        }

        app(WorkspaceAuditLogger::class)->log(
            workspace: $tenant->workspace,
            action: AuditActionId::EvidenceSnapshotOpened,
            context: [
                'metadata' => [
                    'evidence_snapshot_id' => (int) $record->getKey(),
                    'source_surface' => CustomerReviewWorkspace::SOURCE_SURFACE,
                ],
            ],
            actor: $user,
            resourceType: 'evidence_snapshot',
            resourceId: (string) $record->getKey(),
            targetLabel: sprintf('Evidence snapshot #%d', (int) $record->getKey()),
            tenant: $tenant,
            operationRunId: $record->operation_run_id !== null ? (int) $record->operation_run_id : null,
        );
    }
}