ahmido
7ac53f4cc4
Implements spec 111 (Findings workflow + SLA) and fixes Workspace findings SLA settings UX/validation. Key changes: - Findings workflow service + SLA policy and alerting. - Workspace settings: allow partial SLA overrides without auto-filling unset severities in the UI; effective values still resolve via defaults. - New migrations, jobs, command, UI/resource updates, and comprehensive test coverage. Tests: - `vendor/bin/sail artisan test --compact` (1779 passed, 8 skipped). Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #135
82 lines
3.2 KiB
PHP
82 lines
3.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\Finding;
|
|
use App\Models\User;
|
|
use App\Services\Findings\FindingWorkflowService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('writes sanitized audit entries for workflow mutations with before and after metadata', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
'evidence_jsonb' => [
|
|
'secret_token' => 'should-not-be-audited',
|
|
'payload' => ['x' => 'y'],
|
|
],
|
|
]);
|
|
|
|
$service = app(FindingWorkflowService::class);
|
|
|
|
$service->triage($finding, $tenant, $user);
|
|
$service->resolve($finding->refresh(), $tenant, $user, 'fixed');
|
|
|
|
$audit = AuditLog::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('resource_type', 'finding')
|
|
->where('resource_id', (string) $finding->getKey())
|
|
->where('action', 'finding.resolved')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull();
|
|
expect((int) $audit->actor_id)->toBe((int) $user->getKey())
|
|
->and($audit->actor_email)->toBe($user->email)
|
|
->and(data_get($audit->metadata, 'finding_id'))->toBe((int) $finding->getKey())
|
|
->and(data_get($audit->metadata, 'before_status'))->toBe(Finding::STATUS_TRIAGED)
|
|
->and(data_get($audit->metadata, 'after_status'))->toBe(Finding::STATUS_RESOLVED)
|
|
->and(data_get($audit->metadata, 'resolved_reason'))->toBe('fixed')
|
|
->and(data_get($audit->metadata, 'before'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'after'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'evidence_jsonb'))->toBeNull()
|
|
->and(data_get($audit->metadata, 'before.evidence_jsonb'))->toBeNull()
|
|
->and(data_get($audit->metadata, 'after.evidence_jsonb'))->toBeNull();
|
|
});
|
|
|
|
it('writes assignment audit entries without evidence payloads', function (): void {
|
|
[$owner, $tenant] = createUserWithTenant(role: 'owner');
|
|
$assignee = User::factory()->create();
|
|
createUserWithTenant(tenant: $tenant, user: $assignee, role: 'operator');
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
app(FindingWorkflowService::class)->assign(
|
|
finding: $finding,
|
|
tenant: $tenant,
|
|
actor: $owner,
|
|
assigneeUserId: (int) $assignee->getKey(),
|
|
ownerUserId: (int) $owner->getKey(),
|
|
);
|
|
|
|
$audit = AuditLog::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('action', 'finding.assigned')
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($audit)->not->toBeNull();
|
|
expect(data_get($audit->metadata, 'assignee_user_id'))->toBe((int) $assignee->getKey())
|
|
->and(data_get($audit->metadata, 'owner_user_id'))->toBe((int) $owner->getKey())
|
|
->and(data_get($audit->metadata, 'before'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'after'))->toBeArray()
|
|
->and(data_get($audit->metadata, 'before.evidence_jsonb'))->toBeNull()
|
|
->and(data_get($audit->metadata, 'after.evidence_jsonb'))->toBeNull();
|
|
});
|