ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
1f3619bd16
TenantAtlas/tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
ahmido 5bcb4f6ab8 feat: harden queued execution legitimacy (#179) 
## Summary
- add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs
- enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows
- surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer
- add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption

## Testing
- vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php
- vendor/bin/sail bin pint --dirty --format agent

## Manual validation
- validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run}
- validated 404 vs 403 route behavior for non-membership vs in-scope capability denial
- validated initiator-null blocked system-run behavior without creating a user terminal notification

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #179
2026-03-17 21:52:40 +00:00

244 lines
8.3 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Jobs\Middleware\EnsureQueuedExecutionLegitimate;
use App\Jobs\Middleware\TrackOperationRun;
use App\Models\OperationRun;
use App\Services\Operations\QueuedExecutionLegitimacyGate;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\Operations\ExecutionAuthorityMode;
use App\Support\Operations\ExecutionDenialReasonCode;
use App\Support\Operations\QueuedExecutionContext;
use App\Support\Operations\QueuedExecutionLegitimacyDecision;
it('blocks before track middleware can mark the run running', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$run = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'user_id' => (int) $user->getKey(),
'type' => 'inventory_sync',
'status' => OperationRunStatus::Queued->value,
'outcome' => OperationRunOutcome::Pending->value,
]);
$context = new QueuedExecutionContext(
run: $run,
operationType: 'inventory_sync',
workspaceId: (int) $tenant->workspace_id,
tenant: $tenant,
initiator: $user,
authorityMode: ExecutionAuthorityMode::ActorBound,
requiredCapability: null,
providerConnectionId: null,
targetScope: [
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'provider_connection_id' => null,
],
);
$decision = QueuedExecutionLegitimacyDecision::deny(
context: $context,
checks: [
'workspace_scope' => 'passed',
'tenant_scope' => 'passed',
'capability' => 'failed',
'tenant_operability' => 'not_applicable',
'execution_prerequisites' => 'not_applicable',
],
reasonCode: ExecutionDenialReasonCode::MissingCapability,
);
app()->instance(QueuedExecutionLegitimacyGate::class, new class($decision)
{
public function __construct(private readonly QueuedExecutionLegitimacyDecision $decision) {}
public function evaluate(OperationRun $run): QueuedExecutionLegitimacyDecision
{
return $this->decision;
}
});
$ensure = new EnsureQueuedExecutionLegitimate;
$track = new TrackOperationRun;
$executed = false;
$job = new class($run)
{
public function __construct(public OperationRun $operationRun) {}
};
$response = $ensure->handle($job, function ($job) use (&$executed, $track) {
return $track->handle($job, function () use (&$executed): string {
$executed = true;
return 'ran';
});
});
$run->refresh();
expect($response)->toBeNull()
->and($executed)->toBeFalse()
->and($run->status)->toBe(OperationRunStatus::Completed->value)
->and($run->outcome)->toBe(OperationRunOutcome::Blocked->value)
->and($run->started_at)->toBeNull()
->and($run->context['blocked_by'] ?? null)->toBe('queued_execution_legitimacy')
->and($run->context['execution_legitimacy']['reason_code'] ?? null)->toBe('missing_capability');
});
it('marks legitimate execution running before completing it', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$run = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'user_id' => (int) $user->getKey(),
'type' => 'inventory_sync',
'status' => OperationRunStatus::Queued->value,
'outcome' => OperationRunOutcome::Pending->value,
]);
$context = new QueuedExecutionContext(
run: $run,
operationType: 'inventory_sync',
workspaceId: (int) $tenant->workspace_id,
tenant: $tenant,
initiator: $user,
authorityMode: ExecutionAuthorityMode::ActorBound,
requiredCapability: null,
providerConnectionId: null,
targetScope: [
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'provider_connection_id' => null,
],
);
$decision = QueuedExecutionLegitimacyDecision::allow(
context: $context,
checks: [
'workspace_scope' => 'passed',
'tenant_scope' => 'passed',
'capability' => 'passed',
'tenant_operability' => 'passed',
'execution_prerequisites' => 'not_applicable',
],
);
app()->instance(QueuedExecutionLegitimacyGate::class, new class($decision)
{
public function __construct(private readonly QueuedExecutionLegitimacyDecision $decision) {}
public function evaluate(OperationRun $run): QueuedExecutionLegitimacyDecision
{
return $this->decision;
}
});
$ensure = new EnsureQueuedExecutionLegitimate;
$track = new TrackOperationRun;
$executed = false;
$job = new class($run)
{
public function __construct(public OperationRun $operationRun) {}
};
$response = $ensure->handle($job, function ($job) use (&$executed, $track) {
return $track->handle($job, function () use (&$executed): string {
$executed = true;
return 'ran';
});
});
$run->refresh();
expect($response)->toBe('ran')
->and($executed)->toBeTrue()
->and($run->status)->toBe(OperationRunStatus::Completed->value)
->and($run->outcome)->toBe(OperationRunOutcome::Succeeded->value)
->and($run->started_at)->not->toBeNull()
->and($run->completed_at)->not->toBeNull();
});
it('persists write-gate denials as blocked before track middleware runs', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$run = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'user_id' => (int) $user->getKey(),
'type' => 'restore.execute',
'status' => OperationRunStatus::Queued->value,
'outcome' => OperationRunOutcome::Pending->value,
]);
$context = new QueuedExecutionContext(
run: $run,
operationType: 'restore.execute',
workspaceId: (int) $tenant->workspace_id,
tenant: $tenant,
initiator: $user,
authorityMode: ExecutionAuthorityMode::ActorBound,
requiredCapability: null,
providerConnectionId: null,
targetScope: [
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'provider_connection_id' => null,
],
);
$decision = QueuedExecutionLegitimacyDecision::deny(
context: $context,
checks: [
'workspace_scope' => 'passed',
'tenant_scope' => 'passed',
'capability' => 'passed',
'tenant_operability' => 'passed',
'execution_prerequisites' => 'failed',
],
reasonCode: ExecutionDenialReasonCode::WriteGateBlocked,
);
app()->instance(QueuedExecutionLegitimacyGate::class, new class($decision)
{
public function __construct(private readonly QueuedExecutionLegitimacyDecision $decision) {}
public function evaluate(OperationRun $run): QueuedExecutionLegitimacyDecision
{
return $this->decision;
}
});
$ensure = new EnsureQueuedExecutionLegitimate;
$track = new TrackOperationRun;
$executed = false;
$job = new class($run)
{
public function __construct(public OperationRun $operationRun) {}
};
$response = $ensure->handle($job, function ($job) use (&$executed, $track) {
return $track->handle($job, function () use (&$executed): string {
$executed = true;
return 'ran';
});
});
$run->refresh();
expect($response)->toBeNull()
->and($executed)->toBeFalse()
->and($run->status)->toBe(OperationRunStatus::Completed->value)
->and($run->outcome)->toBe(OperationRunOutcome::Blocked->value)
->and($run->started_at)->toBeNull()
->and($run->context['reason_code'] ?? null)->toBe('write_gate_blocked')
->and($run->context['execution_legitimacy']['reason_code'] ?? null)->toBe('write_gate_blocked');
});
Reference in New Issue View Git Blame Copy Permalink