ahmido
45a804970e
## Summary - complete Spec 136 canonical admin tenant rollout across admin-visible and shared Filament surfaces - add the shared panel-aware tenant resolver helper, persisted filter-state synchronization, and admin navigation segregation for tenant-sensitive resources - expand regression, guard, and parity coverage for admin-path tenant resolution, stale filters, workspace-wide tenant-default surfaces, and panel split behavior ## Validation - `vendor/bin/sail artisan test --compact tests/Feature/Guards/AdminTenantResolverGuardTest.php` - `vendor/bin/sail artisan test --compact tests/Feature/Filament/TableStatePersistenceTest.php` - `vendor/bin/sail artisan test --compact --filter='CanonicalAdminTenantFilterState|PolicyResource|BackupSchedule|BackupSet|FindingResource|BaselineCompareLanding|RestoreRunResource|InventoryItemResource|PolicyVersionResource|ProviderConnectionResource|TenantDiagnostics|InventoryCoverage|InventoryKpiHeader|AuditLog|EntraGroup'` - `vendor/bin/sail bin pint --dirty --format agent` ## Notes - Livewire v4.0+ compliance is preserved with Filament v5. - Provider registration remains unchanged in `bootstrap/providers.php`. - `PolicyResource` and `PolicyVersionResource` have admin global search disabled explicitly; `EntraGroupResource` keeps admin-aware scoped search with a View page. - Destructive and governance-sensitive actions retain existing confirmation and authorization behavior while using canonical tenant parity. - No new assets were introduced, so deployment asset strategy is unchanged and does not add new `filament:assets` work. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #165
162 lines
5.4 KiB
PHP
162 lines
5.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\FindingResource\Pages\ListFindings;
|
|
use App\Models\Finding;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('supports triage start resolve and reopen via row actions', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('triage', $finding)
|
|
->assertHasNoTableActionErrors();
|
|
|
|
$finding->refresh();
|
|
expect($finding->status)->toBe(Finding::STATUS_TRIAGED)
|
|
->and($finding->triaged_at)->not->toBeNull();
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('start_progress', $finding)
|
|
->assertHasNoTableActionErrors();
|
|
|
|
$finding->refresh();
|
|
expect($finding->status)->toBe(Finding::STATUS_IN_PROGRESS)
|
|
->and($finding->in_progress_at)->not->toBeNull();
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('resolve', $finding, [
|
|
'resolved_reason' => 'patched',
|
|
])
|
|
->assertHasNoTableActionErrors();
|
|
|
|
$finding->refresh();
|
|
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
|
|
->and($finding->resolved_reason)->toBe('patched')
|
|
->and($finding->resolved_at)->not->toBeNull();
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->filterTable('open', false)
|
|
->callTableAction('reopen', $finding)
|
|
->assertHasNoTableActionErrors();
|
|
|
|
$finding->refresh();
|
|
expect($finding->status)->toBe(Finding::STATUS_REOPENED)
|
|
->and($finding->reopened_at)->not->toBeNull()
|
|
->and($finding->due_at)->not->toBeNull();
|
|
});
|
|
|
|
it('supports close and risk accept via row actions', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$closeFinding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
$riskFinding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('close', $closeFinding, [
|
|
'closed_reason' => 'duplicate ticket',
|
|
])
|
|
->assertHasNoTableActionErrors();
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('risk_accept', $riskFinding, [
|
|
'closed_reason' => 'accepted by security',
|
|
])
|
|
->assertHasNoTableActionErrors();
|
|
|
|
expect($closeFinding->refresh()->status)->toBe(Finding::STATUS_CLOSED)
|
|
->and($closeFinding->closed_reason)->toBe('duplicate ticket');
|
|
|
|
expect($riskFinding->refresh()->status)->toBe(Finding::STATUS_RISK_ACCEPTED)
|
|
->and($riskFinding->closed_reason)->toBe('accepted by security');
|
|
});
|
|
|
|
it('assigns owners and assignees via row action and rejects non-member ids', function (): void {
|
|
[$manager, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($manager);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$assignee = User::factory()->create();
|
|
createUserWithTenant(tenant: $tenant, user: $assignee, role: 'operator');
|
|
|
|
$outsider = User::factory()->create();
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('assign', $finding, [
|
|
'assignee_user_id' => (int) $assignee->getKey(),
|
|
'owner_user_id' => (int) $manager->getKey(),
|
|
])
|
|
->assertHasNoTableActionErrors();
|
|
|
|
$finding->refresh();
|
|
expect((int) $finding->assignee_user_id)->toBe((int) $assignee->getKey())
|
|
->and((int) $finding->owner_user_id)->toBe((int) $manager->getKey());
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->callTableAction('assign', $finding, [
|
|
'assignee_user_id' => (int) $outsider->getKey(),
|
|
'owner_user_id' => (int) $manager->getKey(),
|
|
]);
|
|
|
|
$finding->refresh();
|
|
expect((int) $finding->assignee_user_id)->toBe((int) $assignee->getKey());
|
|
});
|
|
|
|
it('keeps the admin workflow surface scoped to the canonical tenant', function (): void {
|
|
$tenantA = Tenant::factory()->create();
|
|
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
|
|
|
|
$tenantB = Tenant::factory()->create([
|
|
'workspace_id' => (int) $tenantA->workspace_id,
|
|
]);
|
|
|
|
createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');
|
|
|
|
$visibleFinding = Finding::factory()->for($tenantA)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
$hiddenFinding = Finding::factory()->for($tenantB)->create([
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
$this->actingAs($user);
|
|
Filament::setCurrentPanel('admin');
|
|
Filament::setTenant(null, true);
|
|
Filament::bootCurrentPanel();
|
|
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
|
session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [
|
|
(string) $tenantA->workspace_id => (int) $tenantA->getKey(),
|
|
]);
|
|
|
|
Livewire::actingAs($user)->test(ListFindings::class)
|
|
->assertCanSeeTableRecords([$visibleFinding])
|
|
->assertCanNotSeeTableRecords([$hiddenFinding]);
|
|
});
|