ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
3c38192405
TenantAtlas/apps/platform/tests/Feature/Filament/AuditLogAuthorizationTest.php
ahmido e02799b383 feat: implement spec 198 monitoring page state contract (#238) 
## Summary
- implement Spec 198 monitoring page-state contracts across Operations, Audit Log, Finding Exceptions Queue, Evidence Overview, Baseline Compare Landing, and Baseline Compare Matrix
- align selected-record and draft/apply behavior with query/session restoration semantics, including canonical navigation and tenant-filter normalization helpers
- add Spec 198 feature and browser coverage, update closure/spec artifacts, and refresh affected regression tests that asserted pre-contract behavior

## Verification
- focused Spec 198 feature pack passed through Sail
- Spec 198 browser smoke passed through Sail
- existing Spec 190 and Spec 194 browser smokes passed through Sail
- targeted fallout tests were updated and rerun during full-suite triage

## Notes
- Livewire v4 / Filament v5 compliant only; no legacy API reintroduction
- no provider registration changes; Laravel 11+ provider registration remains in `bootstrap/providers.php`
- no global-search behavior changed for any resource
- destructive queue decision actions remain confirmation-gated and authorization-backed
- no new Filament assets were added; existing deploy step for `php artisan filament:assets` remains unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #238
2026-04-15 21:59:42 +00:00

98 lines
3.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Pages\Monitoring\AuditLog as AuditLogPage;
use App\Models\AuditLog as AuditLogModel;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceMembership;
use App\Services\Auth\WorkspaceCapabilityResolver;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Livewire\Livewire;
function auditLogAuthorizationTestRecord(Tenant $tenant, array $attributes = []): AuditLogModel
{
return AuditLogModel::query()->create(array_merge([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'actor_email' => 'auditor@example.com',
'action' => 'verification.completed',
'status' => 'success',
'resource_type' => 'tenant',
'resource_id' => (string) $tenant->getKey(),
'summary' => 'Verification completed',
'metadata' => [],
'recorded_at' => now(),
], $attributes));
}
it('returns 404 when the user is not a member of the active workspace', function (): void {
$user = User::factory()->create();
$workspace = Workspace::factory()->create();
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
->get(route('admin.monitoring.audit-log'))
->assertNotFound();
});
it('returns 403 when the user is a workspace member without audit capability', function (): void {
$user = User::factory()->create();
$workspace = Workspace::factory()->create();
WorkspaceMembership::query()->create([
'workspace_id' => (int) $workspace->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'readonly',
]);
$resolver = \Mockery::mock(WorkspaceCapabilityResolver::class);
$resolver->shouldReceive('isMember')->andReturnTrue();
$resolver->shouldReceive('can')->andReturnFalse();
app()->instance(WorkspaceCapabilityResolver::class, $resolver);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
->get(route('admin.monitoring.audit-log'))
->assertForbidden();
});
it('limits audit rows and event inspection to the user tenant scope', function (): void {
[$user, $tenantA] = createUserWithTenant(role: 'owner');
$tenantB = Tenant::factory()->create([
'workspace_id' => (int) $tenantA->workspace_id,
]);
$visible = auditLogAuthorizationTestRecord($tenantA, [
'summary' => 'Tenant A audit event',
]);
$hidden = auditLogAuthorizationTestRecord($tenantB, [
'summary' => 'Tenant B audit event',
]);
test()->actingAs($user);
Filament::setTenant(null, true);
Livewire::actingAs($user)->test(AuditLogPage::class)
->assertCanSeeTableRecords([$visible])
->assertCanNotSeeTableRecords([$hidden]);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
->get(route('admin.monitoring.audit-log').'?event='.(int) $hidden->getKey())
->assertSuccessful()
->assertDontSee('Tenant B audit event');
Livewire::withQueryParams(['event' => (int) $hidden->getKey()])
->actingAs($user)
->test(AuditLogPage::class)
->assertSet('selectedAuditLogId', null)
->assertCanSeeTableRecords([$visible])
->assertCanNotSeeTableRecords([$hidden]);
});
Reference in New Issue View Git Blame Copy Permalink