ahmido
28cfe38ba4
## Summary - turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface - introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution - add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage ## Included - canonical `/admin/audit-log` list and detail inspection UI - audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services - operation terminal audit writes and purge command retention changes - spec 134 design artifacts and focused Pest coverage for audit foundation behavior ## Validation - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php` ## Notes - Livewire v4.0+ compliance is preserved within the existing Filament v5 application. - No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`. - No new globally searchable resource was introduced. - The audit page remains read-only; no destructive actions were added. - No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #163
137 lines
5.4 KiB
PHP
137 lines
5.4 KiB
PHP
<?php
|
|
|
|
namespace App\Support\Badges;
|
|
|
|
use BackedEnum;
|
|
use Stringable;
|
|
use Throwable;
|
|
|
|
final class BadgeCatalog
|
|
{
|
|
/**
|
|
* @var array<string, class-string<BadgeMapper>>
|
|
*/
|
|
private const DOMAIN_MAPPERS = [
|
|
BadgeDomain::AuditOutcome->value => Domains\AuditOutcomeBadge::class,
|
|
BadgeDomain::AuditActorType->value => Domains\AuditActorTypeBadge::class,
|
|
BadgeDomain::BaselineSnapshotFidelity->value => Domains\BaselineSnapshotFidelityBadge::class,
|
|
BadgeDomain::BaselineSnapshotGapStatus->value => Domains\BaselineSnapshotGapStatusBadge::class,
|
|
BadgeDomain::OperationRunStatus->value => Domains\OperationRunStatusBadge::class,
|
|
BadgeDomain::OperationRunOutcome->value => Domains\OperationRunOutcomeBadge::class,
|
|
BadgeDomain::BackupSetStatus->value => Domains\BackupSetStatusBadge::class,
|
|
BadgeDomain::RestoreRunStatus->value => Domains\RestoreRunStatusBadge::class,
|
|
BadgeDomain::RestoreCheckSeverity->value => Domains\RestoreCheckSeverityBadge::class,
|
|
BadgeDomain::FindingStatus->value => Domains\FindingStatusBadge::class,
|
|
BadgeDomain::FindingSeverity->value => Domains\FindingSeverityBadge::class,
|
|
BadgeDomain::BooleanEnabled->value => Domains\BooleanEnabledBadge::class,
|
|
BadgeDomain::BooleanHasErrors->value => Domains\BooleanHasErrorsBadge::class,
|
|
BadgeDomain::TenantStatus->value => Domains\TenantStatusBadge::class,
|
|
BadgeDomain::TenantAppStatus->value => Domains\TenantAppStatusBadge::class,
|
|
BadgeDomain::TenantRbacStatus->value => Domains\TenantRbacStatusBadge::class,
|
|
BadgeDomain::TenantPermissionStatus->value => Domains\TenantPermissionStatusBadge::class,
|
|
BadgeDomain::PolicySnapshotMode->value => Domains\PolicySnapshotModeBadge::class,
|
|
BadgeDomain::PolicyRestoreMode->value => Domains\PolicyRestoreModeBadge::class,
|
|
BadgeDomain::PolicyRisk->value => Domains\PolicyRiskBadge::class,
|
|
BadgeDomain::IgnoredAt->value => Domains\IgnoredAtBadge::class,
|
|
BadgeDomain::RestorePreviewDecision->value => Domains\RestorePreviewDecisionBadge::class,
|
|
BadgeDomain::RestoreResultStatus->value => Domains\RestoreResultStatusBadge::class,
|
|
BadgeDomain::ProviderConnectionStatus->value => Domains\ProviderConnectionStatusBadge::class,
|
|
BadgeDomain::ProviderConnectionHealth->value => Domains\ProviderConnectionHealthBadge::class,
|
|
BadgeDomain::ManagedTenantOnboardingVerificationStatus->value => Domains\ManagedTenantOnboardingVerificationStatusBadge::class,
|
|
BadgeDomain::VerificationCheckStatus->value => Domains\VerificationCheckStatusBadge::class,
|
|
BadgeDomain::VerificationCheckSeverity->value => Domains\VerificationCheckSeverityBadge::class,
|
|
BadgeDomain::VerificationReportOverall->value => Domains\VerificationReportOverallBadge::class,
|
|
BadgeDomain::AlertDeliveryStatus->value => Domains\AlertDeliveryStatusBadge::class,
|
|
BadgeDomain::AlertDestinationLastTestStatus->value => Domains\AlertDestinationLastTestStatusBadge::class,
|
|
BadgeDomain::BaselineProfileStatus->value => Domains\BaselineProfileStatusBadge::class,
|
|
BadgeDomain::FindingType->value => Domains\FindingTypeBadge::class,
|
|
BadgeDomain::ReviewPackStatus->value => Domains\ReviewPackStatusBadge::class,
|
|
BadgeDomain::SystemHealth->value => Domains\SystemHealthBadge::class,
|
|
BadgeDomain::ReferenceResolutionState->value => Domains\ReferenceResolutionStateBadge::class,
|
|
];
|
|
|
|
/**
|
|
* @var array<string, BadgeMapper|null>
|
|
*/
|
|
private static array $mapperCache = [];
|
|
|
|
public static function spec(BadgeDomain $domain, mixed $value): BadgeSpec
|
|
{
|
|
$mapper = self::mapper($domain);
|
|
|
|
if (! $mapper) {
|
|
return BadgeSpec::unknown();
|
|
}
|
|
|
|
try {
|
|
return $mapper->spec($value);
|
|
} catch (Throwable) {
|
|
return BadgeSpec::unknown();
|
|
}
|
|
}
|
|
|
|
public static function mapper(BadgeDomain $domain): ?BadgeMapper
|
|
{
|
|
$key = $domain->value;
|
|
|
|
if (array_key_exists($key, self::$mapperCache)) {
|
|
return self::$mapperCache[$key];
|
|
}
|
|
|
|
$mapper = self::buildMapper($domain);
|
|
|
|
self::$mapperCache[$key] = $mapper;
|
|
|
|
return $mapper;
|
|
}
|
|
|
|
public static function normalizeState(mixed $value): ?string
|
|
{
|
|
if ($value === null) {
|
|
return null;
|
|
}
|
|
|
|
if ($value instanceof BackedEnum) {
|
|
$value = $value->value;
|
|
}
|
|
|
|
if ($value instanceof Stringable) {
|
|
$value = (string) $value;
|
|
}
|
|
|
|
if (is_bool($value)) {
|
|
return $value ? 'true' : 'false';
|
|
}
|
|
|
|
if (is_int($value) || is_float($value)) {
|
|
return (string) $value;
|
|
}
|
|
|
|
if (! is_string($value)) {
|
|
return null;
|
|
}
|
|
|
|
$normalized = strtolower(trim($value));
|
|
$normalized = str_replace([' ', '-'], '_', $normalized);
|
|
|
|
return $normalized === '' ? null : $normalized;
|
|
}
|
|
|
|
private static function buildMapper(BadgeDomain $domain): ?BadgeMapper
|
|
{
|
|
$mapperClass = self::DOMAIN_MAPPERS[$domain->value] ?? null;
|
|
|
|
if (! $mapperClass) {
|
|
return null;
|
|
}
|
|
|
|
if (! class_exists($mapperClass)) {
|
|
return null;
|
|
}
|
|
|
|
$mapper = new $mapperClass;
|
|
|
|
return $mapper instanceof BadgeMapper ? $mapper : null;
|
|
}
|
|
}
|