ahmido
a5b7300ca9
Automated PR created by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #468
184 lines
7.3 KiB
PHP
184 lines
7.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\BaselineProfileResource;
|
|
use App\Filament\Resources\BaselineSnapshotResource;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineSnapshotItem;
|
|
use App\Support\Baselines\BaselineSubjectKey;
|
|
use App\Support\Baselines\SubjectClass;
|
|
|
|
it('renders the baseline snapshot detail page as summary-first with grouped governed-subject browsing', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'Security Baseline',
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'summary_jsonb' => [
|
|
'total_items' => 3,
|
|
'policy_type_counts' => [
|
|
'intuneRoleDefinition' => 1,
|
|
'deviceCompliancePolicy' => 1,
|
|
'mysteryPolicyType' => 1,
|
|
],
|
|
'fidelity_counts' => ['content' => 2, 'meta' => 1],
|
|
'gaps' => ['count' => 1, 'by_reason' => ['meta_fallback' => 1]],
|
|
],
|
|
]);
|
|
|
|
$rbacSubjectKey = baselineProviderResourceSubjectKeyForTest(
|
|
'intuneRoleDefinition',
|
|
'security-reader',
|
|
SubjectClass::FoundationBacked,
|
|
);
|
|
$complianceSubjectKey = baselineProviderResourceSubjectKeyForTest('deviceCompliancePolicy', 'bitlocker-require');
|
|
$fallbackSubjectKey = baselineProviderResourceSubjectKeyForTest('mysteryPolicyType', 'mystery-policy');
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => 'intuneRoleDefinition',
|
|
'subject_key' => $rbacSubjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('intuneRoleDefinition', $rbacSubjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => 'Security Reader',
|
|
'evidence' => [
|
|
'fidelity' => 'content',
|
|
'source' => 'policy_version',
|
|
'observed_at' => '2026-03-09T12:00:00+00:00',
|
|
],
|
|
'identity' => ['strategy' => 'provider_resource'],
|
|
'rbac' => [
|
|
'is_built_in' => false,
|
|
'role_permission_count' => 2,
|
|
],
|
|
'version_reference' => ['policy_version_id' => 42],
|
|
],
|
|
]);
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => 'deviceCompliancePolicy',
|
|
'subject_key' => $complianceSubjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('deviceCompliancePolicy', $complianceSubjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => 'Bitlocker Require',
|
|
'platform' => 'windows',
|
|
'assignment_target_count' => 3,
|
|
'evidence' => [
|
|
'fidelity' => 'meta',
|
|
'source' => 'inventory',
|
|
'observed_at' => '2026-03-09T11:00:00+00:00',
|
|
],
|
|
],
|
|
]);
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => 'mysteryPolicyType',
|
|
'subject_key' => $fallbackSubjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId('mysteryPolicyType', $fallbackSubjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => 'Mystery Policy',
|
|
'platform' => 'windows',
|
|
'evidence' => [
|
|
'fidelity' => 'content',
|
|
'source' => 'policy_version',
|
|
'observed_at' => '2026-03-09T10:00:00+00:00',
|
|
],
|
|
],
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
|
|
->assertOk()
|
|
->assertSee('Outcome summary')
|
|
->assertSee('Snapshot status')
|
|
->assertSee('Outcome details')
|
|
->assertSee('Coverage')
|
|
->assertSee('Capture timing')
|
|
->assertSee('Related context')
|
|
->assertSee(BaselineProfileResource::getUrl('view', ['record' => $profile], panel: 'admin'), false)
|
|
->assertSeeInOrder(['Outcome summary', 'Coverage summary', 'Captured governed subjects', 'Technical detail'])
|
|
->assertSee('Security Reader')
|
|
->assertSee('Bitlocker Require')
|
|
->assertSee('Mystery Policy')
|
|
->assertSee('Intune RBAC Role Definition')
|
|
->assertSee('Device Compliance')
|
|
->assertSee('Mystery Policy Type')
|
|
->assertSee('Governed subject')
|
|
->assertDontSee('Artifact truth')
|
|
->assertDontSee('Intune RBAC Role Definition References');
|
|
|
|
$this->actingAs($user)
|
|
->get(BaselineSnapshotResource::getUrl(panel: 'admin'))
|
|
->assertOk()
|
|
->assertSee('View baseline profile')
|
|
->assertSee(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'))
|
|
->assertDontSee('>View<', escape: false);
|
|
});
|
|
|
|
it('caps baseline snapshot receipt governed-subject rows before internal detail', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'Spec397 Baseline',
|
|
]);
|
|
|
|
$policyTypeCounts = [];
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'summary_jsonb' => [
|
|
'total_items' => 10,
|
|
'fidelity_counts' => ['content' => 10, 'meta' => 0],
|
|
'gaps' => ['count' => 0, 'by_reason' => []],
|
|
],
|
|
]);
|
|
|
|
foreach (range(1, 10) as $index) {
|
|
$policyType = sprintf('spec397PolicyType%02d', $index);
|
|
$policyTypeCounts[$policyType] = 1;
|
|
$subjectKey = baselineProviderResourceSubjectKeyForTest($policyType, sprintf('spec397-policy-%02d', $index));
|
|
|
|
BaselineSnapshotItem::factory()->create([
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'policy_type' => $policyType,
|
|
'subject_key' => $subjectKey,
|
|
'subject_external_id' => BaselineSubjectKey::workspaceSafeSubjectExternalId($policyType, $subjectKey),
|
|
'meta_jsonb' => [
|
|
'display_name' => sprintf('Spec397 Policy %02d', $index),
|
|
'evidence' => [
|
|
'fidelity' => 'content',
|
|
'source' => 'policy_version',
|
|
'observed_at' => now()->toIso8601String(),
|
|
],
|
|
],
|
|
]);
|
|
}
|
|
|
|
$snapshot->forceFill([
|
|
'summary_jsonb' => array_merge($snapshot->summary_jsonb, [
|
|
'policy_type_counts' => $policyTypeCounts,
|
|
]),
|
|
])->save();
|
|
|
|
$response = $this->actingAs($user)
|
|
->get(BaselineSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin'));
|
|
|
|
$response
|
|
->assertOk()
|
|
->assertSee('Showing the first 8 governed subjects for receipt review.')
|
|
->assertSee('2 additional subjects stay in internal detail.');
|
|
|
|
expect(substr_count($response->getContent(), 'Showing the first 8 governed subjects'))->toBeGreaterThanOrEqual(2);
|
|
});
|