ahmido
ec9649897a
## Summary - cut over workspace-owned analysis and library surfaces to workspace shell ownership instead of inheriting remembered environment shell context - update the affected findings pages, scope resolution, navigation helpers, and related Blade views to keep environment focus explicit instead of implicit - add and update Spec 320 artifacts plus focused regression coverage for findings navigation context, workspace hub registration, and admin surface scope behavior ## Guardrails - Filament remains on v5 with Livewire v4 compliance unchanged - provider registration remains in apps/platform/bootstrap/providers.php - no new globally searchable resources were introduced or changed - no new destructive actions were introduced or changed - no Filament assets were added or changed, so the deploy requirement for filament:assets is unchanged ## Testing - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingsAssignmentHygieneReportTest.php tests/Feature/Findings/FindingsIntakeQueueNavigationContextTest.php tests/Feature/Findings/FindingsIntakeQueueTest.php tests/Feature/Findings/MyFindingsInboxNavigationContextTest.php tests/Feature/Findings/MyWorkInboxTest.php tests/Feature/Navigation/WorkspaceHubRegistryTest.php tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php tests/Unit/Tenants/AdminSurfaceScopeTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #375
187 lines
7.9 KiB
PHP
187 lines
7.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\User;
|
|
use App\Support\OperateHub\OperateHubShell;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Http\Request;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('keeps workspace hub shell tenantless when an explicit environment filter is present', function (): void {
|
|
$rememberedEnvironment = ManagedEnvironment::factory()->active()->create(['name' => 'Remembered ManagedEnvironment']);
|
|
[$user, $rememberedEnvironment] = createUserWithTenant(tenant: $rememberedEnvironment, role: 'owner');
|
|
|
|
$hintedTenant = ManagedEnvironment::factory()->active()->create([
|
|
'workspace_id' => (int) $rememberedEnvironment->workspace_id,
|
|
'name' => 'Hinted ManagedEnvironment',
|
|
]);
|
|
|
|
createUserWithTenant(tenant: $hintedTenant, user: $user, role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant(null, true);
|
|
|
|
$workspaceId = (int) $rememberedEnvironment->workspace_id;
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, $workspaceId);
|
|
session()->put(WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY, [
|
|
(string) $workspaceId => (int) $rememberedEnvironment->getKey(),
|
|
]);
|
|
|
|
$request = Request::create(route('admin.operations.index', [
|
|
'workspace' => $workspaceId,
|
|
'environment_id' => (int) $hintedTenant->getKey(),
|
|
]));
|
|
$request->setLaravelSession(app('session.store'));
|
|
$request->setUserResolver(static fn () => $user);
|
|
|
|
$route = app('router')->getRoutes()->match($request);
|
|
$request->setRouteResolver(static fn () => $route);
|
|
|
|
$resolved = app(OperateHubShell::class)->resolvedContext($request);
|
|
|
|
expect($resolved->workspace?->getKey())->toBe($workspaceId)
|
|
->and($resolved->tenant)->toBeNull()
|
|
->and($resolved->tenantSource)->toBe('none')
|
|
->and($resolved->state)->toBe('tenantless_workspace');
|
|
});
|
|
|
|
it('does not resolve cross-workspace environment filters as shell tenant context on workspace hubs', function (): void {
|
|
$workspaceTenant = ManagedEnvironment::factory()->active()->create(['name' => 'Current Workspace ManagedEnvironment']);
|
|
[$user, $workspaceTenant] = createUserWithTenant(tenant: $workspaceTenant, role: 'owner');
|
|
|
|
$foreignTenant = ManagedEnvironment::factory()->active()->create(['name' => 'Foreign ManagedEnvironment']);
|
|
createUserWithTenant(tenant: $foreignTenant, user: User::factory()->create(), role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant(null, true);
|
|
|
|
$workspaceId = (int) $workspaceTenant->workspace_id;
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, $workspaceId);
|
|
|
|
$request = Request::create(route('admin.operations.index', [
|
|
'workspace' => $workspaceId,
|
|
'environment_id' => (int) $foreignTenant->getKey(),
|
|
]));
|
|
$request->setLaravelSession(app('session.store'));
|
|
$request->setUserResolver(static fn () => $user);
|
|
|
|
$route = app('router')->getRoutes()->match($request);
|
|
$request->setRouteResolver(static fn () => $route);
|
|
|
|
$resolved = app(OperateHubShell::class)->resolvedContext($request);
|
|
|
|
expect($resolved->workspace?->getKey())->toBe($workspaceId)
|
|
->and($resolved->tenant)->toBeNull()
|
|
->and($resolved->state)->toBe('tenantless_workspace')
|
|
->and($resolved->recoveryReason)->toBeNull();
|
|
});
|
|
|
|
it('keeps workspace owned analysis surfaces tenantless when a remembered environment exists', function (string $path): void {
|
|
$rememberedEnvironment = ManagedEnvironment::factory()->active()->create(['name' => 'Remembered ManagedEnvironment']);
|
|
[$user, $rememberedEnvironment] = createUserWithTenant(tenant: $rememberedEnvironment, role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant(null, true);
|
|
|
|
$workspaceId = (int) $rememberedEnvironment->workspace_id;
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, $workspaceId);
|
|
session()->put(WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY, [
|
|
(string) $workspaceId => (int) $rememberedEnvironment->getKey(),
|
|
]);
|
|
|
|
$request = Request::create($path);
|
|
$request->setLaravelSession(app('session.store'));
|
|
$request->setUserResolver(static fn () => $user);
|
|
|
|
$resolved = app(OperateHubShell::class)->resolvedContext($request);
|
|
|
|
expect($resolved->workspace?->getKey())->toBe($workspaceId)
|
|
->and($resolved->tenant)->toBeNull()
|
|
->and($resolved->tenantSource)->toBe('none')
|
|
->and($resolved->state)->toBe('tenantless_workspace');
|
|
})->with([
|
|
'baseline profiles list' => ['/admin/baseline-profiles'],
|
|
'baseline profiles detail' => ['/admin/baseline-profiles/42'],
|
|
'baseline profiles edit' => ['/admin/baseline-profiles/42/edit'],
|
|
'baseline profiles compare matrix' => ['/admin/baseline-profiles/42/compare-matrix'],
|
|
'baseline snapshots list' => ['/admin/baseline-snapshots'],
|
|
'baseline snapshots detail' => ['/admin/baseline-snapshots/42'],
|
|
'my findings' => ['/admin/findings/my-work'],
|
|
'findings intake' => ['/admin/findings/intake'],
|
|
'findings hygiene' => ['/admin/findings/hygiene'],
|
|
'cross-environment compare' => ['/admin/cross-environment-compare'],
|
|
]);
|
|
|
|
it('does not resolve explicit environment_id query hints as shell tenant context on workspace owned analysis surfaces', function (string $path): void {
|
|
$workspaceTenant = ManagedEnvironment::factory()->active()->create(['name' => 'Workspace ManagedEnvironment']);
|
|
[$user, $workspaceTenant] = createUserWithTenant(tenant: $workspaceTenant, role: 'owner');
|
|
|
|
$hintedTenant = ManagedEnvironment::factory()->active()->create([
|
|
'workspace_id' => (int) $workspaceTenant->workspace_id,
|
|
'name' => 'Hinted ManagedEnvironment',
|
|
]);
|
|
createUserWithTenant(tenant: $hintedTenant, user: $user, role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant(null, true);
|
|
|
|
$workspaceId = (int) $workspaceTenant->workspace_id;
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, $workspaceId);
|
|
|
|
$request = Request::create($path, parameters: [
|
|
'environment_id' => (int) $hintedTenant->getKey(),
|
|
]);
|
|
$request->setLaravelSession(app('session.store'));
|
|
$request->setUserResolver(static fn () => $user);
|
|
|
|
$resolved = app(OperateHubShell::class)->resolvedContext($request);
|
|
|
|
expect($resolved->workspace?->getKey())->toBe($workspaceId)
|
|
->and($resolved->tenant)->toBeNull()
|
|
->and($resolved->tenantSource)->toBe('none')
|
|
->and($resolved->state)->toBe('tenantless_workspace');
|
|
})->with([
|
|
'baseline profiles' => ['/admin/baseline-profiles'],
|
|
'baseline snapshots' => ['/admin/baseline-snapshots'],
|
|
'my findings' => ['/admin/findings/my-work'],
|
|
'findings intake' => ['/admin/findings/intake'],
|
|
'findings hygiene' => ['/admin/findings/hygiene'],
|
|
'cross-environment compare' => ['/admin/cross-environment-compare'],
|
|
]);
|
|
|
|
it('uses the routed tenant workspace when the tenant panel is entered without a selected workspace session', function (): void {
|
|
$tenant = ManagedEnvironment::factory()->active()->create(['name' => 'ManagedEnvironment Panel Scope']);
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant(null, true);
|
|
|
|
session()->forget(WorkspaceContext::SESSION_KEY);
|
|
|
|
$request = Request::create(route('admin.workspace.environments.show', [
|
|
'workspace' => $tenant->workspace,
|
|
'environment' => $tenant,
|
|
]));
|
|
$request->setLaravelSession(app('session.store'));
|
|
$request->setUserResolver(static fn () => $user);
|
|
|
|
$route = app('router')->getRoutes()->match($request);
|
|
$request->setRouteResolver(static fn () => $route);
|
|
|
|
$resolved = app(OperateHubShell::class)->resolvedContext($request);
|
|
|
|
expect($resolved->workspace?->getKey())->toBe((int) $tenant->workspace_id)
|
|
->and($resolved->tenant?->is($tenant))->toBeTrue()
|
|
->and($resolved->workspaceSource)->toBe('route')
|
|
->and($resolved->tenantSource)->toBe('route');
|
|
});
|