TenantAtlas/tests/Feature/System/Spec114/CanonicalRunDetailTest.php

<?php

declare(strict_types=1);

use App\Models\OperationRun;
use App\Models\PlatformUser;
use App\Support\Auth\PlatformCapabilities;
use App\Support\System\SystemOperationRunLinks;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('allows canonical run detail for non-runbook operation types with operations view capability', function () {
    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::OPERATIONS_VIEW,
        ],
        'is_active' => true,
    ]);

    $run = OperationRun::factory()->create([
        'type' => 'inventory_sync',
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get(SystemOperationRunLinks::view($run))
        ->assertSuccessful()
        ->assertSee('Run #'.(int) $run->getKey());
});

it('does not render raw context payloads in canonical run detail', function () {
    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::OPERATIONS_VIEW,
        ],
        'is_active' => true,
    ]);

    $run = OperationRun::factory()->create([
        'type' => 'inventory_sync',
        'context' => [
            'secret_token' => 'top-secret-token',
            'raw_error' => 'sensitive stack trace',
        ],
        'failure_summary' => [
            ['code' => 'operation.failed', 'message' => 'Job failed'],
        ],
    ]);

    $this->actingAs($platformUser, 'platform')
        ->get(SystemOperationRunLinks::view($run))
        ->assertSuccessful()
        ->assertDontSee('Context (raw)')
        ->assertDontSee('top-secret-token')
        ->assertDontSee('sensitive stack trace');
});