ahmido
28cfe38ba4
## Summary - turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface - introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution - add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage ## Included - canonical `/admin/audit-log` list and detail inspection UI - audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services - operation terminal audit writes and purge command retention changes - spec 134 design artifacts and focused Pest coverage for audit foundation behavior ## Validation - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php` ## Notes - Livewire v4.0+ compliance is preserved within the existing Filament v5 application. - No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`. - No new globally searchable resource was introduced. - The audit page remains read-only; no destructive actions were added. - No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #163
197 lines
6.2 KiB
PHP
197 lines
6.2 KiB
PHP
<?php
|
|
|
|
namespace App\Console\Commands;
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSchedule;
|
|
use App\Models\BackupSet;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Policy;
|
|
use App\Models\PolicyVersion;
|
|
use App\Models\RestoreRun;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Console\Command;
|
|
use Illuminate\Support\Arr;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Support\Str;
|
|
use RuntimeException;
|
|
|
|
class TenantpilotPurgeNonPersistentData extends Command
|
|
{
|
|
/**
|
|
* The name and signature of the console command.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $signature = 'tenantpilot:purge-nonpersistent
|
|
{tenant? : Tenant id / tenant_id / external_id (defaults to current tenant)}
|
|
{--all : Purge for all tenants}
|
|
{--force : Actually delete rows}';
|
|
|
|
/**
|
|
* The console command description.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $description = 'Permanently delete non-persistent tenant data like policies, backups, and runs while preserving durable audit logs.';
|
|
|
|
/**
|
|
* Execute the console command.
|
|
*/
|
|
public function handle(): int
|
|
{
|
|
$tenants = $this->resolveTenants();
|
|
|
|
if ($tenants->isEmpty()) {
|
|
$this->error('No tenants selected. Provide {tenant} or use --all.');
|
|
|
|
return self::FAILURE;
|
|
}
|
|
|
|
$isDryRun = ! (bool) $this->option('force');
|
|
|
|
if ($isDryRun) {
|
|
$this->warn('Dry run: no rows will be deleted. Re-run with --force to apply.');
|
|
} else {
|
|
$this->warn('This will PERMANENTLY delete non-persistent tenant data.');
|
|
|
|
if ($this->input->isInteractive() && ! $this->confirm('Proceed?', false)) {
|
|
$this->info('Aborted.');
|
|
|
|
return self::SUCCESS;
|
|
}
|
|
}
|
|
|
|
foreach ($tenants as $tenant) {
|
|
$counts = $this->countsForTenant($tenant);
|
|
|
|
$this->line('');
|
|
$this->info("Tenant: {$tenant->id} ({$tenant->name})");
|
|
$this->table(
|
|
['Table', 'Rows'],
|
|
collect($counts)
|
|
->map(fn (int $count, string $table) => [$table, $count])
|
|
->values()
|
|
->all(),
|
|
);
|
|
|
|
if ($isDryRun) {
|
|
continue;
|
|
}
|
|
|
|
DB::transaction(function () use ($tenant): void {
|
|
BackupSchedule::query()
|
|
->where('tenant_id', $tenant->id)
|
|
->delete();
|
|
|
|
OperationRun::query()
|
|
->where('tenant_id', $tenant->id)
|
|
->delete();
|
|
|
|
RestoreRun::withTrashed()
|
|
->where('tenant_id', $tenant->id)
|
|
->forceDelete();
|
|
|
|
BackupItem::withTrashed()
|
|
->where('tenant_id', $tenant->id)
|
|
->forceDelete();
|
|
|
|
BackupSet::withTrashed()
|
|
->where('tenant_id', $tenant->id)
|
|
->forceDelete();
|
|
|
|
PolicyVersion::withTrashed()
|
|
->where('tenant_id', $tenant->id)
|
|
->forceDelete();
|
|
|
|
Policy::query()
|
|
->where('tenant_id', $tenant->id)
|
|
->delete();
|
|
});
|
|
|
|
$this->recordPurgeOperationRun($tenant, $counts);
|
|
|
|
$this->info('Purged.');
|
|
}
|
|
|
|
return self::SUCCESS;
|
|
}
|
|
|
|
private function resolveTenants()
|
|
{
|
|
if ((bool) $this->option('all')) {
|
|
return Tenant::query()->get();
|
|
}
|
|
|
|
$tenantArg = $this->argument('tenant');
|
|
|
|
if ($tenantArg !== null && $tenantArg !== '') {
|
|
$tenant = Tenant::query()->forTenant($tenantArg)->first();
|
|
|
|
return $tenant ? collect([$tenant]) : collect();
|
|
}
|
|
|
|
try {
|
|
return collect([Tenant::currentOrFail()]);
|
|
} catch (RuntimeException) {
|
|
return collect();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @return array<string,int>
|
|
*/
|
|
private function countsForTenant(Tenant $tenant): array
|
|
{
|
|
return [
|
|
'backup_schedules' => BackupSchedule::query()->where('tenant_id', $tenant->id)->count(),
|
|
'operation_runs' => OperationRun::query()->where('tenant_id', $tenant->id)->count(),
|
|
'audit_logs_retained' => AuditLog::query()->where('tenant_id', $tenant->id)->count(),
|
|
'restore_runs' => RestoreRun::withTrashed()->where('tenant_id', $tenant->id)->count(),
|
|
'backup_items' => BackupItem::withTrashed()->where('tenant_id', $tenant->id)->count(),
|
|
'backup_sets' => BackupSet::withTrashed()->where('tenant_id', $tenant->id)->count(),
|
|
'policy_versions' => PolicyVersion::withTrashed()->where('tenant_id', $tenant->id)->count(),
|
|
'policies' => Policy::query()->where('tenant_id', $tenant->id)->count(),
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @param array<string, int> $counts
|
|
*/
|
|
private function recordPurgeOperationRun(Tenant $tenant, array $counts): void
|
|
{
|
|
$deletedRows = Arr::except($counts, ['audit_logs_retained']);
|
|
|
|
OperationRun::query()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->id,
|
|
'user_id' => null,
|
|
'initiator_name' => 'System',
|
|
'type' => 'backup_schedule_purge',
|
|
'status' => 'completed',
|
|
'outcome' => 'succeeded',
|
|
'run_identity_hash' => hash('sha256', implode(':', [
|
|
(string) $tenant->id,
|
|
'backup_schedule_purge',
|
|
now()->toISOString(),
|
|
Str::uuid()->toString(),
|
|
])),
|
|
'summary_counts' => [
|
|
'total' => array_sum($deletedRows),
|
|
'processed' => array_sum($deletedRows),
|
|
'succeeded' => array_sum($deletedRows),
|
|
'failed' => 0,
|
|
],
|
|
'failure_summary' => [],
|
|
'context' => [
|
|
'source' => 'tenantpilot:purge-nonpersistent',
|
|
'deleted_rows' => $deletedRows,
|
|
'audit_logs_retained' => $counts['audit_logs_retained'] ?? 0,
|
|
],
|
|
'started_at' => now(),
|
|
'completed_at' => now(),
|
|
]);
|
|
}
|
|
}
|