ahmido
1b88d28739
## Summary - align operator-visible OperationRun terminology to canonical `Operations` / `Operation` labels across shared links, notifications, verification/onboarding surfaces, summary widgets, and monitoring/detail pages - add the Spec 171 planning artifacts under `specs/171-operations-naming-consolidation/` - close the remaining tenant dashboard and admin copy drift found during browser smoke validation ## Validation - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && vendor/bin/sail artisan test --compact tests/Unit/Support/RelatedNavigationResolverTest.php tests/Unit/Support/References/RelatedContextReferenceAdapterTest.php tests/Feature/OpsUx/NotificationViewRunLinkTest.php tests/Feature/Guards/ActionSurfaceContractTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/Filament/BackupSetResolvedReferencePresentationTest.php tests/Feature/Filament/TenantVerificationReportWidgetTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Onboarding/OnboardingVerificationClustersTest.php tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php tests/Feature/Filament/WorkspaceOverviewContentTest.php tests/Feature/Filament/RecentOperationsSummaryWidgetTest.php tests/Feature/Monitoring/OperationLifecycleAggregateVisibilityTest.php tests/Feature/System/Spec114/OpsTriageActionsTest.php tests/Feature/System/Spec114/OpsFailuresViewTest.php tests/Feature/System/Spec114/OpsStuckViewTest.php` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && vendor/bin/sail artisan test --compact tests/Browser/OnboardingDraftRefreshTest.php` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && vendor/bin/sail bin pint --dirty --format agent` ## Notes - no schema or route renames - Filament / Livewire surface behavior stays within the existing admin and tenant panels - OperationRunResource remains excluded from global search Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #202
179 lines
5.2 KiB
PHP
179 lines
5.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Filament\Widgets\Tenant;
|
|
|
|
use App\Jobs\ScanEntraAdminRolesJob;
|
|
use App\Models\StoredReport;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\OperationRunService;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\OperationRunLinks;
|
|
use App\Support\OpsUx\OperationUxPresenter;
|
|
use App\Support\OpsUx\OpsUxBrowserEvents;
|
|
use Filament\Actions\Action;
|
|
use Filament\Facades\Filament;
|
|
use Filament\Widgets\Widget;
|
|
|
|
class AdminRolesSummaryWidget extends Widget
|
|
{
|
|
protected static bool $isLazy = false;
|
|
|
|
protected string $view = 'filament.widgets.tenant.admin-roles-summary';
|
|
|
|
public ?Tenant $record = null;
|
|
|
|
private function resolveTenant(): ?Tenant
|
|
{
|
|
$tenant = Filament::getTenant();
|
|
|
|
if ($tenant instanceof Tenant) {
|
|
return $tenant;
|
|
}
|
|
|
|
return $this->record instanceof Tenant ? $this->record : null;
|
|
}
|
|
|
|
public function scanNow(): void
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
abort(403);
|
|
}
|
|
|
|
$tenant = $this->resolveTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
abort(404);
|
|
}
|
|
|
|
if (! $user->canAccessTenant($tenant)) {
|
|
abort(404);
|
|
}
|
|
|
|
if (! $user->can(Capabilities::ENTRA_ROLES_MANAGE, $tenant)) {
|
|
abort(403);
|
|
}
|
|
|
|
/** @var OperationRunService $operationRuns */
|
|
$operationRuns = app(OperationRunService::class);
|
|
|
|
$opRun = $operationRuns->ensureRunWithIdentity(
|
|
tenant: $tenant,
|
|
type: 'entra.admin_roles.scan',
|
|
identityInputs: [
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'trigger' => 'scan',
|
|
],
|
|
context: [
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'initiator_user_id' => (int) $user->getKey(),
|
|
],
|
|
initiator: $user,
|
|
);
|
|
|
|
$runUrl = OperationRunLinks::tenantlessView($opRun);
|
|
|
|
if ($opRun->wasRecentlyCreated === false) {
|
|
OpsUxBrowserEvents::dispatchRunEnqueued($this);
|
|
|
|
OperationUxPresenter::alreadyQueuedToast((string) $opRun->type)
|
|
->actions([
|
|
Action::make('view_run')
|
|
->label('Open operation')
|
|
->url($runUrl),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
$operationRuns->dispatchOrFail($opRun, function () use ($tenant, $user): void {
|
|
ScanEntraAdminRolesJob::dispatch(
|
|
tenantId: (int) $tenant->getKey(),
|
|
workspaceId: (int) $tenant->workspace_id,
|
|
initiatorUserId: (int) $user->getKey(),
|
|
);
|
|
});
|
|
|
|
OpsUxBrowserEvents::dispatchRunEnqueued($this);
|
|
|
|
OperationUxPresenter::queuedToast((string) $opRun->type)
|
|
->body('The scan will run in the background. Results appear once complete.')
|
|
->actions([
|
|
Action::make('view_run')
|
|
->label('Open operation')
|
|
->url($runUrl),
|
|
])
|
|
->send();
|
|
}
|
|
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
protected function getViewData(): array
|
|
{
|
|
$tenant = $this->resolveTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return $this->emptyState();
|
|
}
|
|
|
|
$user = auth()->user();
|
|
$isTenantMember = $user instanceof User && $user->canAccessTenant($tenant);
|
|
$canView = $isTenantMember && $user->can(Capabilities::ENTRA_ROLES_VIEW, $tenant);
|
|
$canManage = $isTenantMember && $user->can(Capabilities::ENTRA_ROLES_MANAGE, $tenant);
|
|
|
|
$report = StoredReport::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('report_type', StoredReport::REPORT_TYPE_ENTRA_ADMIN_ROLES)
|
|
->orderByDesc('created_at')
|
|
->first();
|
|
|
|
if (! $report instanceof StoredReport) {
|
|
return [
|
|
'tenant' => $tenant,
|
|
'reportSummary' => null,
|
|
'lastScanAt' => null,
|
|
'highPrivilegeCount' => 0,
|
|
'canManage' => $canManage,
|
|
'canView' => $canView,
|
|
'viewReportUrl' => null,
|
|
];
|
|
}
|
|
|
|
$payload = is_array($report->payload) ? $report->payload : [];
|
|
$totals = is_array($payload['totals'] ?? null) ? $payload['totals'] : [];
|
|
$highPrivilegeCount = (int) ($totals['high_privilege_assignments'] ?? 0);
|
|
|
|
return [
|
|
'tenant' => $tenant,
|
|
'reportSummary' => $totals,
|
|
'lastScanAt' => $report->created_at?->diffForHumans() ?? '—',
|
|
'highPrivilegeCount' => $highPrivilegeCount,
|
|
'canManage' => $canManage,
|
|
'canView' => $canView,
|
|
'viewReportUrl' => null,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
private function emptyState(): array
|
|
{
|
|
return [
|
|
'tenant' => null,
|
|
'reportSummary' => null,
|
|
'lastScanAt' => null,
|
|
'highPrivilegeCount' => 0,
|
|
'canManage' => false,
|
|
'canView' => false,
|
|
'viewReportUrl' => null,
|
|
];
|
|
}
|
|
}
|