ahmido
3a2a06e8d7
## Summary - align tenant dashboard KPI, attention, compare, and operations truth so the page does not read calmer than the tenant's actual state - preserve tenant-safe drill-through continuity into findings, baseline compare, and canonical operations, including disabled helper states for permission-limited members - add the Spec 173 artifact set and focused regression coverage for dashboard truth alignment and drill-through behavior ## Validation - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Feature/Filament/DashboardKpisWidgetTest.php tests/Feature/Filament/TenantDashboardTruthAlignmentTest.php tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php tests/Feature/Filament/NeedsAttentionWidgetTest.php tests/Feature/Filament/BaselineCompareNowWidgetTest.php tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php tests/Feature/Findings/FindingsListDefaultsTest.php tests/Feature/Findings/FindingsListFiltersTest.php tests/Feature/Findings/FindingAdminTenantParityTest.php tests/Feature/OpsUx/CanonicalViewRunLinksTest.php tests/Feature/Filament/TenantDashboardTenantScopeTest.php tests/Feature/Filament/TenantDashboardDbOnlyTest.php tests/Feature/Filament/TableStandardsBaselineTest.php tests/Feature/Filament/TableDetailVisibilityTest.php` - integrated browser smoke on the tenant dashboard, including a permission-limited member scenario Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #204
287 lines
11 KiB
PHP
287 lines
11 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\FindingResource;
|
|
use App\Filament\Widgets\Dashboard\NeedsAttention;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineTenantAssignment;
|
|
use App\Models\Finding;
|
|
use App\Models\FindingException;
|
|
use App\Models\OperationRun;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Baselines\BaselineCompareReasonCode;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\OperationRunType;
|
|
use App\Support\Rbac\UiTooltips;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Livewire\Livewire;
|
|
|
|
function createNeedsAttentionTenant(): array
|
|
{
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$profile->update(['active_snapshot_id' => (int) $snapshot->getKey()]);
|
|
|
|
BaselineTenantAssignment::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
return [$user, $tenant, $profile, $snapshot];
|
|
}
|
|
|
|
it('shows a cautionary baseline posture in needs-attention when compare trust is limited', function (): void {
|
|
[$user, $tenant, $profile, $snapshot] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => OperationRunType::BaselineCompare->value,
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::PartiallySucceeded->value,
|
|
'completed_at' => now(),
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => BaselineCompareReasonCode::EvidenceCaptureIncomplete->value,
|
|
'coverage' => [
|
|
'effective_types' => ['deviceConfiguration'],
|
|
'covered_types' => ['deviceConfiguration'],
|
|
'uncovered_types' => [],
|
|
'proof' => true,
|
|
],
|
|
'evidence_gaps' => [
|
|
'count' => 2,
|
|
'by_reason' => [
|
|
'policy_record_missing' => 2,
|
|
],
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(NeedsAttention::class)
|
|
->assertSee('Needs Attention')
|
|
->assertSee('Baseline compare posture')
|
|
->assertSee('The last compare finished, but normal result output was suppressed.')
|
|
->assertSee('Open Baseline Compare')
|
|
->assertDontSee('Current governance and findings signals look trustworthy.');
|
|
|
|
expect($component->html())->toContain('href=');
|
|
});
|
|
|
|
it('keeps needs-attention healthy only for trustworthy compare results', function (): void {
|
|
[$user, $tenant, $profile, $snapshot] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => OperationRunType::BaselineCompare->value,
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'completed_at' => now()->subHour(),
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => BaselineCompareReasonCode::NoDriftDetected->value,
|
|
'coverage' => [
|
|
'effective_types' => ['deviceConfiguration'],
|
|
'covered_types' => ['deviceConfiguration'],
|
|
'uncovered_types' => [],
|
|
'proof' => true,
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(NeedsAttention::class)
|
|
->assertSee('Current governance and findings signals look trustworthy.')
|
|
->assertSee('Baseline compare looks trustworthy')
|
|
->assertSee('No confirmed drift in the latest baseline compare.')
|
|
->assertDontSee('Baseline compare posture');
|
|
|
|
expect($component->html())->not->toContain('href=');
|
|
});
|
|
|
|
it('surfaces stale compare posture instead of a healthy fallback', function (): void {
|
|
[$user, $tenant, $profile, $snapshot] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => OperationRunType::BaselineCompare->value,
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'completed_at' => now()->subDays(10),
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => BaselineCompareReasonCode::NoDriftDetected->value,
|
|
'coverage' => [
|
|
'effective_types' => ['deviceConfiguration'],
|
|
'covered_types' => ['deviceConfiguration'],
|
|
'uncovered_types' => [],
|
|
'proof' => true,
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(NeedsAttention::class)
|
|
->assertSee('Baseline compare posture')
|
|
->assertSee('The latest baseline compare result is stale.')
|
|
->assertSee('Open Baseline Compare')
|
|
->assertDontSee('Current governance and findings signals look trustworthy.');
|
|
});
|
|
|
|
it('surfaces compare unavailability instead of a healthy fallback when no result exists yet', function (): void {
|
|
[$user, $tenant] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(NeedsAttention::class)
|
|
->assertSee('Baseline compare posture')
|
|
->assertSee('A current baseline compare result is not available yet.')
|
|
->assertSee('Open Baseline Compare')
|
|
->assertDontSee('Current governance and findings signals look trustworthy.');
|
|
});
|
|
|
|
it('surfaces overdue and lapsed-governance findings even when there are no new findings', function (): void {
|
|
[$user, $tenant] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_TRIAGED,
|
|
'due_at' => now()->subDay(),
|
|
]);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RISK_ACCEPTED,
|
|
]);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(NeedsAttention::class)
|
|
->assertSee('Overdue findings')
|
|
->assertSee('Lapsed accepted-risk governance')
|
|
->assertSee('Open findings')
|
|
->assertDontSee('Current governance and findings signals look trustworthy.');
|
|
});
|
|
|
|
it('surfaces expiring governance from the shared aggregate with the matching findings action', function (): void {
|
|
[$user, $tenant, $profile, $snapshot] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => OperationRunType::BaselineCompare->value,
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'completed_at' => now(),
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => BaselineCompareReasonCode::NoDriftDetected->value,
|
|
'coverage' => [
|
|
'effective_types' => ['deviceConfiguration'],
|
|
'covered_types' => ['deviceConfiguration'],
|
|
'uncovered_types' => [],
|
|
'proof' => true,
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
|
|
$finding = Finding::factory()->riskAccepted()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
]);
|
|
|
|
FindingException::query()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'finding_id' => (int) $finding->getKey(),
|
|
'requested_by_user_id' => (int) $user->getKey(),
|
|
'owner_user_id' => (int) $user->getKey(),
|
|
'approved_by_user_id' => (int) $user->getKey(),
|
|
'status' => FindingException::STATUS_EXPIRING,
|
|
'current_validity_state' => FindingException::VALIDITY_EXPIRING,
|
|
'request_reason' => 'Expiring governance coverage',
|
|
'approval_reason' => 'Approved for coverage',
|
|
'requested_at' => now()->subDays(2),
|
|
'approved_at' => now()->subDay(),
|
|
'effective_from' => now()->subDay(),
|
|
'expires_at' => now()->addDays(2),
|
|
'review_due_at' => now()->addDay(),
|
|
'evidence_summary' => ['reference_count' => 0],
|
|
]);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(NeedsAttention::class)
|
|
->assertSee('Expiring accepted-risk governance')
|
|
->assertSee('Open findings')
|
|
->assertDontSee('Current governance and findings signals look trustworthy.');
|
|
|
|
expect($component->html())->toContain('href=');
|
|
});
|
|
|
|
it('keeps findings attention visible but non-clickable when the member lacks findings access', function (): void {
|
|
[$user, $tenant] = createNeedsAttentionTenant();
|
|
$this->actingAs($user);
|
|
|
|
Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_TRIAGED,
|
|
'due_at' => now()->subDay(),
|
|
]);
|
|
|
|
Gate::define(Capabilities::TENANT_FINDINGS_VIEW, fn (): bool => false);
|
|
|
|
Filament::setCurrentPanel(Filament::getPanel('tenant'));
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(NeedsAttention::class)
|
|
->assertSee('Overdue findings')
|
|
->assertSee('Open findings')
|
|
->assertSee(UiTooltips::INSUFFICIENT_PERMISSION);
|
|
|
|
expect($component->html())
|
|
->not->toContain(FindingResource::getUrl('index', ['tab' => 'overdue'], panel: 'tenant', tenant: $tenant))
|
|
->toContain('Open Baseline Compare');
|
|
});
|