ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
16e88acd4e
TenantAtlas/tests/Feature/Auth/BreakGlassWorkspaceOwnerRecoveryTest.php
Ahmed Darrazi 39fd8ca1ea feat(spec-119): baseline compare drift cutover 
- Enrich drift findings evidence_jsonb for diff UX (summary.kind, refs, fidelity, provenance)

- Add baseline policy version resolver and contract asserts

- Remove legacy drift generator + DriftLanding surfaces

- Add one-time cleanup migration for legacy drift findings

- Scope baseline capture/landing warnings to latest inventory sync

- Canonicalize compliance scheduledActionsForRule drift signal
2026-03-06 15:22:42 +01:00

91 lines
2.8 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\System\Pages\Dashboard;
use App\Filament\System\Pages\RepairWorkspaceOwners;
use App\Models\AuditLog;
use App\Models\PlatformUser;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Support\Auth\PlatformCapabilities;
use App\Support\Auth\WorkspaceRole;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function () {
Filament::setCurrentPanel('system');
Filament::bootCurrentPanel();
Tenant::factory()->create([
'tenant_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
config()->set('tenantpilot.break_glass.enabled', true);
config()->set('tenantpilot.break_glass.ttl_minutes', 15);
});
it('can assign a workspace owner via break-glass and audits it', function () {
$platformUser = PlatformUser::factory()->create([
'capabilities' => [
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
PlatformCapabilities::CONSOLE_VIEW,
PlatformCapabilities::USE_BREAK_GLASS,
],
]);
$this->actingAs($platformUser, 'platform');
$workspace = Workspace::factory()->create();
$targetUser = User::factory()->create();
// Ensure the workspace is in a "broken" state: zero owners.
WorkspaceMembership::factory()->create([
'workspace_id' => $workspace->getKey(),
'user_id' => $targetUser->getKey(),
'role' => WorkspaceRole::Operator->value,
]);
Livewire::test(Dashboard::class)
->callAction('enter_break_glass', data: [
'reason' => 'Recover workspace ownership',
]);
Livewire::test(RepairWorkspaceOwners::class)
->callAction('assign_owner', data: [
'workspace_id' => (int) $workspace->getKey(),
'target_user_id' => (int) $targetUser->getKey(),
'reason' => 'Fix last owner removed via DB edit',
]);
$membership = WorkspaceMembership::query()
->where('workspace_id', $workspace->getKey())
->where('user_id', $targetUser->getKey())
->firstOrFail();
expect($membership->role)->toBe(WorkspaceRole::Owner->value);
$audit = AuditLog::query()
->where('workspace_id', $workspace->getKey())
->where('action', 'workspace_membership.break_glass.assign_owner')
->where('status', 'success')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit->metadata)->toMatchArray([
'workspace_id' => (int) $workspace->getKey(),
'actor_user_id' => (int) $platformUser->getKey(),
'target_user_id' => (int) $targetUser->getKey(),
'attempted_role' => WorkspaceRole::Owner->value,
'source' => 'break_glass',
]);
});
Reference in New Issue View Git Blame Copy Permalink