ahmido
e64bae9cfc
## Summary - replace the legacy Tenant and TenantMembership core models with ManagedEnvironment and ManagedEnvironmentMembership - propagate the managed environment naming and key changes across Filament resources, pages, controllers, jobs, models, and supporting runtime paths - add feature 279 spec artifacts and focused managed-environment test coverage for model behavior, route binding, panel context, authorization, and legacy guardrails ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentAuthorizationTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentContextResolverTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentModelTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` ## Notes - branch pushed from commit `1123b122` - browser smoke test file was added but not run in this pass Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #335
171 lines
5.9 KiB
PHP
171 lines
5.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\System\Pages\Dashboard;
|
|
use App\Filament\System\Widgets\CustomerHealthKpis;
|
|
use App\Filament\System\Widgets\CustomerHealthTopWorkspaces;
|
|
use App\Models\OperationRun;
|
|
use App\Models\PlatformUser;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\Workspace;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\Providers\ProviderConsentStatus;
|
|
use App\Support\Providers\ProviderVerificationStatus;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function (): void {
|
|
Filament::setCurrentPanel('system');
|
|
Filament::bootCurrentPanel();
|
|
});
|
|
|
|
it('shows customer health widgets to authorized system users', function (): void {
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
PlatformCapabilities::DIRECTORY_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform')
|
|
->get(Dashboard::getUrl(panel: 'system'))
|
|
->assertSuccessful()
|
|
->assertSeeLivewire(CustomerHealthKpis::class)
|
|
->assertSeeLivewire(CustomerHealthTopWorkspaces::class);
|
|
});
|
|
|
|
it('keeps the attention-needed widget hidden when no linked system detail surface is accessible', function (): void {
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform')
|
|
->get(Dashboard::getUrl(panel: 'system'))
|
|
->assertSuccessful()
|
|
->assertSeeLivewire(CustomerHealthKpis::class)
|
|
->assertDontSeeLivewire(CustomerHealthTopWorkspaces::class);
|
|
});
|
|
|
|
it('shows the attention-needed widget to operations-only users when operational rows are accessible', function (): void {
|
|
seedOperationalAttentionWorkspace('Ops Only Workspace');
|
|
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
PlatformCapabilities::OPERATIONS_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform')
|
|
->get(Dashboard::getUrl(panel: 'system'))
|
|
->assertSuccessful()
|
|
->assertSeeLivewire(CustomerHealthKpis::class)
|
|
->assertSeeLivewire(CustomerHealthTopWorkspaces::class);
|
|
});
|
|
|
|
it('shows the attention-needed widget to ops and runbooks users when operational rows are accessible', function (): void {
|
|
seedOperationalAttentionWorkspace('Runbooks Ops Workspace');
|
|
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
PlatformCapabilities::OPS_VIEW,
|
|
PlatformCapabilities::RUNBOOKS_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform')
|
|
->get(Dashboard::getUrl(panel: 'system'))
|
|
->assertSuccessful()
|
|
->assertSeeLivewire(CustomerHealthKpis::class)
|
|
->assertSeeLivewire(CustomerHealthTopWorkspaces::class);
|
|
});
|
|
|
|
it('filters directory-only attention rows out for operations-only users', function (): void {
|
|
seedOperationalAttentionWorkspace('Accessible Ops Workspace');
|
|
seedProviderAttentionWorkspace('Directory Only Workspace');
|
|
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::CONSOLE_VIEW,
|
|
PlatformCapabilities::OPERATIONS_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform')
|
|
->get(Dashboard::getUrl(panel: 'system'))
|
|
->assertSuccessful()
|
|
->assertSeeLivewire(CustomerHealthKpis::class)
|
|
->assertSeeLivewire(CustomerHealthTopWorkspaces::class)
|
|
->assertSee('Accessible Ops Workspace')
|
|
->assertDontSee('Directory Only Workspace');
|
|
});
|
|
|
|
it('forbids customer health widgets when system dashboard access is denied', function (): void {
|
|
$user = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($user, 'platform')
|
|
->get(Dashboard::getUrl(panel: 'system'))
|
|
->assertForbidden();
|
|
});
|
|
|
|
function seedOperationalAttentionWorkspace(string $workspaceName): void
|
|
{
|
|
$workspace = Workspace::factory()->create(['name' => $workspaceName]);
|
|
$tenant = ManagedEnvironment::factory()->for($workspace)->create([
|
|
'name' => $workspaceName.' ManagedEnvironment',
|
|
'status' => ManagedEnvironment::STATUS_ACTIVE,
|
|
]);
|
|
|
|
OperationRun::factory()
|
|
->forTenant($tenant)
|
|
->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'status' => OperationRunStatus::Queued->value,
|
|
'outcome' => OperationRunOutcome::Pending->value,
|
|
'created_at' => now()->subHours(2),
|
|
'started_at' => null,
|
|
]);
|
|
}
|
|
|
|
function seedProviderAttentionWorkspace(string $workspaceName): void
|
|
{
|
|
$workspace = Workspace::factory()->create(['name' => $workspaceName]);
|
|
$tenant = ManagedEnvironment::factory()->for($workspace)->create([
|
|
'name' => $workspaceName.' ManagedEnvironment',
|
|
'status' => ManagedEnvironment::STATUS_ACTIVE,
|
|
]);
|
|
|
|
ProviderConnection::factory()
|
|
->for($tenant)
|
|
->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'is_default' => true,
|
|
'is_enabled' => true,
|
|
'consent_status' => ProviderConsentStatus::Granted->value,
|
|
'verification_status' => ProviderVerificationStatus::Blocked->value,
|
|
]);
|
|
} |