ahmido
4699f13a72
## Summary - replace the inventory dependency GET/apply flow with an embedded native Filament `TableComponent` - convert tenant required permissions and evidence overview to native page-owned Filament tables with mount-only query seeding and preserved scope authority - extend focused Pest, Livewire, RBAC, and guard coverage, and update the Spec 196 artifacts and release close-out notes ## Verification - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/InventoryItemDependenciesTest.php tests/Feature/Filament/InventoryItemDependencyEdgesTableTest.php tests/Feature/Rbac/TenantRequiredPermissionsTrustedStateTest.php tests/Feature/Filament/TenantRequiredPermissionsPageTest.php tests/Feature/Evidence/EvidenceOverviewPageTest.php tests/Feature/Filament/EvidenceOverviewDerivedStateMemoizationTest.php tests/Feature/Guards/FilamentTableStandardsGuardTest.php tests/Unit/TenantRequiredPermissionsFilteringTest.php tests/Unit/TenantRequiredPermissionsOverallStatusTest.php tests/Unit/TenantRequiredPermissionsFeatureImpactTest.php tests/Unit/TenantRequiredPermissionsFreshnessTest.php tests/Unit/TenantRequiredPermissionsCopyPayloadTest.php` (`45` tests, `177` assertions) - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - integrated-browser smoke on localhost for inventory detail dependencies, tenant required permissions, and evidence overview Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #236
321 lines
11 KiB
PHP
321 lines
11 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\InventoryItemResource;
|
|
use App\Models\InventoryItem;
|
|
use App\Models\InventoryLink;
|
|
use App\Models\Tenant;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use Illuminate\Support\Str;
|
|
|
|
it('shows zero-state when no dependencies and shows missing badge when applicable', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
// Zero state
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id;
|
|
$this->get($url)->assertOk()->assertSee('No dependencies found');
|
|
|
|
// Create a missing edge and assert badge appears
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'missing',
|
|
'target_id' => null,
|
|
'relationship_type' => 'assigned_to',
|
|
'metadata' => [
|
|
'last_known_name' => 'Ghost Target',
|
|
'raw_ref' => ['example' => 'ref'],
|
|
],
|
|
]);
|
|
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertSee('Missing')
|
|
->assertSee('Last known: Ghost Target');
|
|
});
|
|
|
|
it('renders native dependency controls in place instead of a GET apply workflow', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
$inboundSource = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
'display_name' => 'Inbound Source',
|
|
]);
|
|
|
|
// Outbound only
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'missing',
|
|
'target_id' => null,
|
|
'relationship_type' => 'assigned_to',
|
|
'metadata' => [
|
|
'last_known_name' => 'Assigned Target',
|
|
],
|
|
]);
|
|
|
|
// Inbound only
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $inboundSource->external_id,
|
|
'target_type' => 'inventory_item',
|
|
'target_id' => $item->external_id,
|
|
'relationship_type' => 'depends_on',
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id.'&direction=outbound';
|
|
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertSee('Direction')
|
|
->assertSee('Inbound')
|
|
->assertSee('Outbound')
|
|
->assertSee('Relationship')
|
|
->assertSee('Assigned Target')
|
|
->assertDontSee('No dependencies found');
|
|
});
|
|
|
|
it('ignores legacy relationship query state while preserving visible target safety', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
// Two outbound edges with different relationship types.
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'missing',
|
|
'target_id' => null,
|
|
'relationship_type' => 'assigned_to',
|
|
'metadata' => ['last_known_name' => 'Assigned Target'],
|
|
]);
|
|
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'missing',
|
|
'target_id' => null,
|
|
'relationship_type' => 'scoped_by',
|
|
'metadata' => ['last_known_name' => 'Scoped Target'],
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin')
|
|
.'?tenant='.(string) $tenant->external_id.'&direction=outbound&relationship_type=scoped_by';
|
|
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertSee('Scoped Target')
|
|
->assertSee('Assigned Target');
|
|
});
|
|
|
|
it('does not show edges from other tenants (tenant isolation)', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
$otherTenant = Tenant::factory()->create();
|
|
|
|
// Same source_id, but different tenant_id: must not be rendered.
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $otherTenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'missing',
|
|
'target_id' => null,
|
|
'relationship_type' => 'assigned_to',
|
|
'metadata' => ['last_known_name' => 'Other Tenant Edge'],
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id;
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertDontSee('Other Tenant Edge');
|
|
});
|
|
|
|
it('shows masked identifier when last known name is missing', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => '12345678-1234-1234-1234-123456789012',
|
|
'relationship_type' => 'assigned_to',
|
|
'metadata' => [
|
|
'last_known_name' => null,
|
|
'foundation_type' => 'aad_group',
|
|
],
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id;
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertSee('Group (external): 123456…');
|
|
});
|
|
|
|
it('resolves scope tag and assignment filter names from local inventory when available and labels groups as external', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
$scopeTag = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'policy_type' => 'roleScopeTag',
|
|
'external_id' => '6',
|
|
'display_name' => 'Finance',
|
|
]);
|
|
|
|
$assignmentFilter = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'policy_type' => 'assignmentFilter',
|
|
'external_id' => '62fb77f0-0000-0000-0000-000000000000',
|
|
'display_name' => 'VIP Devices',
|
|
]);
|
|
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => $scopeTag->external_id,
|
|
'relationship_type' => 'scoped_by',
|
|
'metadata' => [
|
|
'last_known_name' => null,
|
|
'foundation_type' => 'scope_tag',
|
|
],
|
|
]);
|
|
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => $assignmentFilter->external_id,
|
|
'relationship_type' => 'uses_assignment_filter',
|
|
'metadata' => [
|
|
'last_known_name' => null,
|
|
'foundation_type' => 'assignment_filter',
|
|
],
|
|
]);
|
|
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => '428f24c0-0000-0000-0000-000000000000',
|
|
'relationship_type' => 'assigned_to_include',
|
|
'metadata' => [
|
|
'last_known_name' => null,
|
|
'foundation_type' => 'aad_group',
|
|
],
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id;
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertSee('Scope Tag: Finance (6…)')
|
|
->assertSee('Assignment Filter: VIP Devices (62fb77…)')
|
|
->assertSee('Group (external): 428f24…');
|
|
});
|
|
|
|
it('does not call Graph client while rendering inventory item dependencies view (FR-006 guard)', function () {
|
|
[$user, $tenant] = createUserWithTenant();
|
|
$this->actingAs($user);
|
|
|
|
$graph = \Mockery::mock(GraphClientInterface::class);
|
|
$graph->shouldNotReceive('listPolicies');
|
|
$graph->shouldNotReceive('getPolicy');
|
|
$graph->shouldNotReceive('getOrganization');
|
|
$graph->shouldNotReceive('applyPolicy');
|
|
$graph->shouldNotReceive('getServicePrincipalPermissions');
|
|
$graph->shouldNotReceive('request');
|
|
app()->instance(GraphClientInterface::class, $graph);
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
$scopeTag = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'policy_type' => 'roleScopeTag',
|
|
'external_id' => '6',
|
|
'display_name' => 'Finance',
|
|
]);
|
|
|
|
InventoryLink::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'source_type' => 'inventory_item',
|
|
'source_id' => $item->external_id,
|
|
'target_type' => 'foundation_object',
|
|
'target_id' => $scopeTag->external_id,
|
|
'relationship_type' => 'scoped_by',
|
|
'metadata' => [
|
|
'last_known_name' => null,
|
|
'foundation_type' => 'scope_tag',
|
|
],
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id;
|
|
$this->get($url)
|
|
->assertOk()
|
|
->assertSee('Scope Tag: Finance');
|
|
});
|
|
|
|
it('blocks guest access to inventory item dependencies view', function () {
|
|
$tenant = Tenant::factory()->create();
|
|
|
|
/** @var InventoryItem $item */
|
|
$item = InventoryItem::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'external_id' => (string) Str::uuid(),
|
|
]);
|
|
|
|
$url = InventoryItemResource::getUrl('view', ['record' => $item], panel: 'admin').'?tenant='.(string) $tenant->external_id;
|
|
$this->get($url)->assertRedirect();
|
|
});
|