ahmido
28cfe38ba4
## Summary - turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface - introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution - add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage ## Included - canonical `/admin/audit-log` list and detail inspection UI - audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services - operation terminal audit writes and purge command retention changes - spec 134 design artifacts and focused Pest coverage for audit foundation behavior ## Validation - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php` ## Notes - Livewire v4.0+ compliance is preserved within the existing Filament v5 application. - No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`. - No new globally searchable resource was introduced. - The audit page remains read-only; no destructive actions were added. - No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #163
210 lines
7.4 KiB
PHP
210 lines
7.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Pages\Monitoring\AuditLog as AuditLogPage;
|
|
use App\Models\AuditLog as AuditLogModel;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Livewire\Features\SupportTesting\Testable;
|
|
use Livewire\Livewire;
|
|
|
|
function auditLogPageTestComponent(User $user, ?Tenant $tenant = null): Testable
|
|
{
|
|
test()->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
return Livewire::actingAs($user)->test(AuditLogPage::class);
|
|
}
|
|
|
|
function auditLogPageTestRecord(?Tenant $tenant, array $attributes = []): AuditLogModel
|
|
{
|
|
$workspaceId = array_key_exists('workspace_id', $attributes)
|
|
? (int) $attributes['workspace_id']
|
|
: (int) ($tenant?->workspace_id ?? Workspace::factory()->create()->getKey());
|
|
|
|
return AuditLogModel::query()->create(array_merge([
|
|
'workspace_id' => $workspaceId,
|
|
'tenant_id' => $tenant?->getKey(),
|
|
'actor_email' => 'auditor@example.com',
|
|
'actor_name' => 'Audit Operator',
|
|
'action' => 'operation.completed',
|
|
'status' => 'success',
|
|
'resource_type' => 'operation_run',
|
|
'resource_id' => '1',
|
|
'summary' => 'Operation completed',
|
|
'metadata' => [],
|
|
'recorded_at' => now(),
|
|
], $attributes));
|
|
}
|
|
|
|
it('renders the canonical audit route as a summary-first monitoring surface', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(route('admin.monitoring.audit-log'))
|
|
->assertOk()
|
|
->assertSee('Summary-first audit history')
|
|
->assertSee('Review governance, operational, and workspace-admin events in reverse chronological order');
|
|
});
|
|
|
|
it('loads the audit page with populated filter options', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
auditLogPageTestRecord($tenant, [
|
|
'action' => 'verification.completed',
|
|
'actor_name' => 'Ahmed Darrazi',
|
|
'resource_type' => 'tenant',
|
|
'resource_id' => (string) $tenant->getKey(),
|
|
'summary' => 'Verification completed',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(route('admin.monitoring.audit-log'))
|
|
->assertOk()
|
|
->assertSee('Event type')
|
|
->assertSee('Actor')
|
|
->assertSee('Target type');
|
|
});
|
|
|
|
it('renders derived labels for audit rows that are missing evolved snapshot columns', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
DB::table('audit_logs')->insert([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'actor_id' => null,
|
|
'actor_email' => 'spo_admin@yptw2.onmicrosoft.com',
|
|
'actor_name' => 'Ahmed Darrazi',
|
|
'action' => 'baseline.capture.started',
|
|
'resource_type' => 'baseline_profile',
|
|
'resource_id' => '2',
|
|
'status' => 'success',
|
|
'metadata' => json_encode([
|
|
'baseline_profile_id' => 2,
|
|
'baseline_profile_name' => 'Device Compliance',
|
|
], JSON_THROW_ON_ERROR),
|
|
'recorded_at' => now(),
|
|
'created_at' => now(),
|
|
'updated_at' => now(),
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(route('admin.monitoring.audit-log'))
|
|
->assertOk()
|
|
->assertSee('Baseline capture started for Baseline profile #2')
|
|
->assertSee('Ahmed Darrazi')
|
|
->assertSee('Baseline profile #2')
|
|
->assertSee('Success');
|
|
});
|
|
|
|
it('renders workspace setting targets with readable labels', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
auditLogPageTestRecord($tenant, [
|
|
'action' => 'workspace_setting.updated',
|
|
'summary' => 'Workspace setting updated for backup.retention_keep_last_default',
|
|
'resource_type' => 'workspace_setting',
|
|
'resource_id' => 'backup.retention_keep_last_default',
|
|
'target_label' => 'backup.retention_keep_last_default',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(route('admin.monitoring.audit-log'))
|
|
->assertOk()
|
|
->assertSee('Workspace setting updated for Backup Retention Keep Last Default')
|
|
->assertSee('Backup Retention Keep Last Default');
|
|
});
|
|
|
|
it('shows reverse-chronological audit rows and supports summary search', function (): void {
|
|
[$user, $tenantA] = createUserWithTenant(role: 'owner');
|
|
|
|
$tenantB = Tenant::factory()->create([
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
]);
|
|
|
|
createUserWithTenant($tenantB, $user, role: 'owner');
|
|
|
|
$oldest = auditLogPageTestRecord($tenantA, [
|
|
'resource_id' => '101',
|
|
'summary' => 'Older baseline capture completed',
|
|
'action' => 'baseline.capture.completed',
|
|
'recorded_at' => now()->subMinutes(15),
|
|
]);
|
|
|
|
$middle = auditLogPageTestRecord($tenantB, [
|
|
'resource_id' => '102',
|
|
'summary' => 'Rotate backup schedule credentials',
|
|
'action' => 'backup.updated',
|
|
'recorded_at' => now()->subMinutes(5),
|
|
]);
|
|
|
|
$newest = auditLogPageTestRecord($tenantA, [
|
|
'resource_id' => '103',
|
|
'summary' => 'Newest restore failed',
|
|
'action' => 'restore.failed',
|
|
'status' => 'failed',
|
|
'recorded_at' => now()->subMinute(),
|
|
]);
|
|
|
|
auditLogPageTestComponent($user)
|
|
->assertOk()
|
|
->assertCanSeeTableRecords([$newest, $middle, $oldest], inOrder: true)
|
|
->searchTable('Rotate')
|
|
->assertCanSeeTableRecords([$middle])
|
|
->assertCanNotSeeTableRecords([$newest, $oldest]);
|
|
});
|
|
|
|
it('preselects the active tenant as the default audit filter', function (): void {
|
|
[$user, $tenantA] = createUserWithTenant(role: 'owner');
|
|
|
|
$tenantB = Tenant::factory()->create([
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
]);
|
|
|
|
createUserWithTenant($tenantB, $user, role: 'owner');
|
|
|
|
$visible = auditLogPageTestRecord($tenantA, [
|
|
'resource_id' => '201',
|
|
'summary' => 'Tenant A verification completed',
|
|
'action' => 'verification.completed',
|
|
]);
|
|
|
|
$hidden = auditLogPageTestRecord($tenantB, [
|
|
'resource_id' => '202',
|
|
'summary' => 'Tenant B verification completed',
|
|
'action' => 'verification.completed',
|
|
]);
|
|
|
|
auditLogPageTestComponent($user, $tenantA)
|
|
->assertSet('tableFilters.tenant_id.value', (string) $tenantA->getKey())
|
|
->assertCanSeeTableRecords([$visible])
|
|
->assertCanNotSeeTableRecords([$hidden]);
|
|
});
|
|
|
|
it('shows a clear-filters empty state when no audit rows match the current view', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$record = auditLogPageTestRecord($tenant, [
|
|
'summary' => 'Baseline compare completed',
|
|
'action' => 'baseline.compare.completed',
|
|
]);
|
|
|
|
auditLogPageTestComponent($user)
|
|
->assertTableEmptyStateActionsExistInOrder(['clear_filters'])
|
|
->searchTable('no-such-audit-event')
|
|
->assertCountTableRecords(0)
|
|
->assertSee('No audit events match this view')
|
|
->assertSee('Clear filters')
|
|
->searchTable(null)
|
|
->assertCanSeeTableRecords([$record]);
|
|
});
|