110 lines
4.8 KiB
PHP
110 lines
4.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Pages\Reviews\ReviewRegister;
|
|
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
|
use App\Filament\Resources\TenantReviewResource;
|
|
use App\Models\Tenant;
|
|
use App\Support\OperationRunLinks;
|
|
use App\Support\ReasonTranslation\ReasonPresenter;
|
|
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
|
|
use App\Support\Ui\GovernanceArtifactTruth\SurfaceCompressionContext;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Livewire\Livewire;
|
|
use Tests\Feature\Concerns\BuildsGovernanceArtifactTruthFixtures;
|
|
|
|
uses(BuildsGovernanceArtifactTruthFixtures::class);
|
|
|
|
it('reuses the same operator explanation on tenant review detail and review register surfaces', function (): void {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
|
|
|
$snapshot = $this->makeArtifactTruthEvidenceSnapshot($tenant);
|
|
$review = $this->makeArtifactTruthReview(
|
|
tenant: $tenant,
|
|
user: $user,
|
|
snapshot: $snapshot,
|
|
reviewOverrides: [
|
|
'status' => 'draft',
|
|
'completeness_state' => 'complete',
|
|
],
|
|
summaryOverrides: [
|
|
'publish_blockers' => ['Review the missing approval note before publication.'],
|
|
],
|
|
);
|
|
|
|
$presenter = app(ArtifactTruthPresenter::class);
|
|
$truth = $presenter->forTenantReview($review);
|
|
$explanation = $truth->operatorExplanation;
|
|
$detailOutcome = $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::tenantReview());
|
|
$registerOutcome = $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::reviewRegister());
|
|
$reasonSemantics = app(ReasonPresenter::class)->semantics($truth->reason?->toReasonResolutionEnvelope());
|
|
|
|
expect($reasonSemantics)->not->toBeNull();
|
|
|
|
setTenantPanelContext($tenant);
|
|
|
|
$this->actingAs($user)
|
|
->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
|
|
->assertOk()
|
|
->assertSee($detailOutcome?->primaryReason ?? '')
|
|
->assertSee($explanation?->nextActionText ?? '')
|
|
->assertSee('Reason owner')
|
|
->assertSee($reasonSemantics['owner_label'])
|
|
->assertSee('Platform reason family')
|
|
->assertSee($reasonSemantics['family_label']);
|
|
|
|
setAdminPanelContext();
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ReviewRegister::class)
|
|
->assertCanSeeTableRecords([$review])
|
|
->assertSee($registerOutcome?->primaryReason ?? '')
|
|
->assertSee($explanation?->nextActionText ?? '');
|
|
});
|
|
|
|
it('keeps customer-workspace review detail customer-readable by hiding internal reason ownership and fingerprints', function (): void {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
|
|
|
$snapshot = seedTenantReviewEvidence($tenant);
|
|
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
|
$review->forceFill([
|
|
'status' => 'published',
|
|
'published_at' => now(),
|
|
'published_by_user_id' => (int) $user->getKey(),
|
|
])->save();
|
|
|
|
expect($review->operation_run_id)->not->toBeNull();
|
|
|
|
setTenantPanelContext($tenant);
|
|
|
|
$this->actingAs($user)
|
|
->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
|
|
CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1,
|
|
'source_surface' => CustomerReviewWorkspace::SOURCE_SURFACE,
|
|
'tenant_filter_id' => (string) $tenant->getKey(),
|
|
'interpretation_version' => $review->controlInterpretationVersion(),
|
|
]))
|
|
->assertOk()
|
|
->assertSee('Released governance record')
|
|
->assertSee('This released review is available for customer-safe governance consumption.')
|
|
->assertSee('Compliance evidence mapping v1')
|
|
->assertSee($review->controlInterpretationVersion())
|
|
->assertSee('Control readiness interpretation')
|
|
->assertSee('Endpoint hardening and compliance')
|
|
->assertSee('Evidence basis')
|
|
->assertSee('Review the surfaced findings with the tenant and agree ownership plus follow-up timing.')
|
|
->assertSee('Evidence snapshot')
|
|
->assertSee('review_id='.$review->getKey(), false)
|
|
->assertSee('interpretation_version='.$review->controlInterpretationVersion(), false)
|
|
->assertSee('source_surface=customer_review_workspace', false)
|
|
->assertDontSee('Reason owner')
|
|
->assertDontSee('Platform reason family')
|
|
->assertDontSee('Fingerprint')
|
|
->assertDontSee(OperationRunLinks::tenantlessView((int) $review->operation_run_id), false)
|
|
->assertDontSee('Inspect the latest review composition or refresh run.');
|
|
});
|