ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
28cfe38ba4
TenantAtlas/tests/Feature/Monitoring/AuditCoverageOperationsTest.php
ahmido 28cfe38ba4 feat: lay audit log foundation (#163) 
## Summary
- turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface
- introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution
- add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage

## Included
- canonical `/admin/audit-log` list and detail inspection UI
- audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services
- operation terminal audit writes and purge command retention changes
- spec 134 design artifacts and focused Pest coverage for audit foundation behavior

## Validation
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php`

## Notes
- Livewire v4.0+ compliance is preserved within the existing Filament v5 application.
- No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`.
- No new globally searchable resource was introduced.
- The audit page remains read-only; no destructive actions were added.
- No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #163
2026-03-11 09:39:37 +00:00

83 lines
2.6 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\AuditLog;
use App\Services\OperationRunService;
use App\Support\Audit\AuditOutcome;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
it('writes a terminal audit row when an operation run completes', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$service = app(OperationRunService::class);
$run = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'inventory_sync',
identityInputs: ['selection_hash' => 'abc123'],
context: ['selection_hash' => 'abc123'],
initiator: $user,
);
$service->updateRun(
$run,
status: OperationRunStatus::Completed->value,
outcome: OperationRunOutcome::Succeeded->value,
summaryCounts: [
'total' => 3,
'processed' => 3,
'succeeded' => 3,
'failed' => 0,
],
);
$audit = AuditLog::query()
->where('operation_run_id', (int) $run->getKey())
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit?->action)->toBe('operation.completed')
->and($audit?->summaryText())->toBe('Inventory sync completed')
->and($audit?->resource_type)->toBe('operation_run')
->and((string) $audit?->resource_id)->toBe((string) $run->getKey())
->and($audit?->normalizedOutcome())->toBe(AuditOutcome::Success)
->and($audit?->actorDisplayLabel())->toBe($user->name)
->and(data_get($audit?->metadata, 'operation_type'))->toBe('inventory_sync');
});
it('writes blocked terminal audit semantics for blocked runs', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$service = app(OperationRunService::class);
$run = $service->ensureRunWithIdentity(
tenant: $tenant,
type: 'restore.execute',
identityInputs: ['restore_run_id' => 44],
context: ['restore_run_id' => 44],
initiator: $user,
);
$service->finalizeBlockedRun(
$run,
reasonCode: 'intune_rbac.not_configured',
message: 'Restore is blocked until RBAC is configured.',
);
$audit = AuditLog::query()
->where('operation_run_id', (int) $run->getKey())
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit?->action)->toBe('operation.blocked')
->and($audit?->summaryText())->toBe('Restore execution blocked')
->and($audit?->normalizedOutcome())->toBe(AuditOutcome::Blocked)
->and(data_get($audit?->metadata, 'failure_summary.0.reason_code'))->toBe('intune_rbac.not_configured');
});
Reference in New Issue View Git Blame Copy Permalink