ahmido
e64bae9cfc
## Summary - replace the legacy Tenant and TenantMembership core models with ManagedEnvironment and ManagedEnvironmentMembership - propagate the managed environment naming and key changes across Filament resources, pages, controllers, jobs, models, and supporting runtime paths - add feature 279 spec artifacts and focused managed-environment test coverage for model behavior, route binding, panel context, authorization, and legacy guardrails ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentAuthorizationTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentContextResolverTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentModelTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` ## Notes - branch pushed from commit `1123b122` - browser smoke test file was added but not run in this pass Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #335
147 lines
5.9 KiB
PHP
147 lines
5.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Pages\Findings\MyFindingsInbox;
|
|
use App\Models\Finding;
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\User;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Workspaces\WorkspaceOverviewBuilder;
|
|
use Carbon\CarbonImmutable;
|
|
|
|
use function Pest\Laravel\mock;
|
|
|
|
afterEach(function (): void {
|
|
CarbonImmutable::setTestNow();
|
|
});
|
|
|
|
it('builds an assigned-to-me signal from visible assigned findings only', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 21, 9, 0, 0, 'UTC'));
|
|
|
|
$tenantA = ManagedEnvironment::factory()->create(['status' => 'active']);
|
|
[$user, $tenantA] = createUserWithTenant($tenantA, role: 'readonly', workspaceRole: 'readonly');
|
|
|
|
$tenantB = ManagedEnvironment::factory()->create([
|
|
'status' => 'active',
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
'name' => 'Bravo ManagedEnvironment',
|
|
]);
|
|
createUserWithTenant($tenantB, $user, role: 'readonly', workspaceRole: 'readonly');
|
|
|
|
$hiddenTenant = ManagedEnvironment::factory()->create([
|
|
'status' => 'active',
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
'name' => 'Hidden ManagedEnvironment',
|
|
]);
|
|
|
|
Finding::factory()->for($tenantA)->create([
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
'assignee_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_NEW,
|
|
'due_at' => now()->subHour(),
|
|
]);
|
|
|
|
Finding::factory()->for($tenantB)->create([
|
|
'workspace_id' => (int) $tenantB->workspace_id,
|
|
'assignee_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_TRIAGED,
|
|
'due_at' => now()->addDay(),
|
|
]);
|
|
|
|
Finding::factory()->for($tenantB)->create([
|
|
'workspace_id' => (int) $tenantB->workspace_id,
|
|
'assignee_user_id' => null,
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
Finding::factory()->for($hiddenTenant)->create([
|
|
'workspace_id' => (int) $hiddenTenant->workspace_id,
|
|
'assignee_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
$signal = app(WorkspaceOverviewBuilder::class)
|
|
->build($tenantA->workspace()->firstOrFail(), $user)['my_findings_signal'];
|
|
|
|
expect($signal['open_assigned_count'])->toBe(2)
|
|
->and($signal['overdue_assigned_count'])->toBe(1)
|
|
->and($signal['is_calm'])->toBeFalse()
|
|
->and($signal['cta_label'])->toBe('Open my findings')
|
|
->and($signal['cta_url'])->toBe(MyFindingsInbox::getUrl(panel: 'admin'));
|
|
});
|
|
|
|
it('keeps the signal calm when no visible assigned findings remain', function (): void {
|
|
$tenant = ManagedEnvironment::factory()->create(['status' => 'active']);
|
|
[$user, $tenant] = createUserWithTenant($tenant, role: 'readonly', workspaceRole: 'readonly');
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'assignee_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
'resolved_at' => now(),
|
|
]);
|
|
|
|
$signal = app(WorkspaceOverviewBuilder::class)
|
|
->build($tenant->workspace()->firstOrFail(), $user)['my_findings_signal'];
|
|
|
|
expect($signal['open_assigned_count'])->toBe(0)
|
|
->and($signal['overdue_assigned_count'])->toBe(0)
|
|
->and($signal['is_calm'])->toBeTrue()
|
|
->and($signal['description'])->toContain('visible assigned');
|
|
});
|
|
|
|
it('suppresses blocked-tenant findings from the assigned-to-me signal', function (): void {
|
|
$visibleTenant = ManagedEnvironment::factory()->create(['status' => 'active']);
|
|
[$user, $visibleTenant] = createUserWithTenant($visibleTenant, role: 'readonly', workspaceRole: 'readonly');
|
|
|
|
$blockedTenant = ManagedEnvironment::factory()->create([
|
|
'status' => 'active',
|
|
'workspace_id' => (int) $visibleTenant->workspace_id,
|
|
'name' => 'Blocked ManagedEnvironment',
|
|
]);
|
|
createUserWithTenant($blockedTenant, $user, role: 'readonly', workspaceRole: 'readonly');
|
|
|
|
Finding::factory()->for($visibleTenant)->create([
|
|
'workspace_id' => (int) $visibleTenant->workspace_id,
|
|
'assignee_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
Finding::factory()->for($blockedTenant)->create([
|
|
'workspace_id' => (int) $blockedTenant->workspace_id,
|
|
'assignee_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
mock(CapabilityResolver::class, function ($mock) use ($visibleTenant, $blockedTenant): void {
|
|
$mock->shouldReceive('primeMemberships')->once();
|
|
$mock->shouldReceive('isMember')->andReturnTrue();
|
|
$mock->shouldReceive('can')
|
|
->andReturnUsing(static function (User $user, ManagedEnvironment $tenant, string $capability) use ($visibleTenant, $blockedTenant): bool {
|
|
expect([(int) $visibleTenant->getKey(), (int) $blockedTenant->getKey()])
|
|
->toContain((int) $tenant->getKey());
|
|
|
|
return match ($capability) {
|
|
Capabilities::TENANT_FINDINGS_VIEW => (int) $tenant->getKey() === (int) $visibleTenant->getKey(),
|
|
default => false,
|
|
};
|
|
});
|
|
});
|
|
|
|
$signal = app(WorkspaceOverviewBuilder::class)
|
|
->build($visibleTenant->workspace()->firstOrFail(), $user)['my_findings_signal'];
|
|
|
|
expect($signal['open_assigned_count'])->toBe(1)
|
|
->and($signal['overdue_assigned_count'])->toBe(0)
|
|
->and($signal['description'])->not->toContain($blockedTenant->name);
|
|
});
|