ahmido
55aef627aa
## Summary - harden findings and finding-exception Filament surfaces so workflow state, governance validity, overdue urgency, and next action are operator-first - add tenant stats widgets, segmented tabs, richer governance warnings, and baseline/dashboard attention propagation for overdue and lapsed governance states - add Spec 166 artifacts plus regression coverage for findings, badges, baseline summaries, tenantless operation viewer behavior, and critical table standards ## Verification - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact` ## Filament Notes - Livewire v4.0+ compliance: yes, implementation stays on Filament v5 / Livewire v4 APIs only - Provider registration: unchanged, Laravel 12 panel/provider registration remains in `bootstrap/providers.php` - Global search: unchanged in this slice; `FindingExceptionResource` stays not globally searchable, no new globally searchable resource was introduced - Destructive actions: existing revoke/reject/approve/renew/workflow mutations remain capability-gated and confirmation-gated where already defined - Asset strategy: no new assets added; existing deploy process remains unchanged, including `php artisan filament:assets` when registered assets are used - Testing plan delivered: findings list/detail, exception register, dashboard attention, baseline summary, badge semantics, and tenantless operation viewer coverage Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #197
127 lines
5.0 KiB
PHP
127 lines
5.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\FindingResource\Pages\ListFindings;
|
|
use App\Models\Finding;
|
|
use App\Support\Baselines\BaselineSubjectKey;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
function findingsDefaultIndicatorLabels($component): array
|
|
{
|
|
return collect($component->instance()->getTable()->getFilterIndicators())
|
|
->map(fn ($indicator): string => (string) $indicator->getLabel())
|
|
->all();
|
|
}
|
|
|
|
it('defaults to a cross-lifecycle findings view across all finding types', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$openDrift = Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
$openPermission = Finding::factory()->permissionPosture()->for($tenant)->create([
|
|
'status' => Finding::STATUS_TRIAGED,
|
|
]);
|
|
|
|
$openEntra = Finding::factory()->entraAdminRoles()->for($tenant)->create([
|
|
'status' => Finding::STATUS_IN_PROGRESS,
|
|
]);
|
|
|
|
$reopened = Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_REOPENED,
|
|
]);
|
|
|
|
$resolved = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
]);
|
|
|
|
$closed = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_CLOSED,
|
|
]);
|
|
|
|
$riskAccepted = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RISK_ACCEPTED,
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->assertCanSeeTableRecords([$openDrift, $openPermission, $openEntra, $reopened, $resolved, $closed, $riskAccepted]);
|
|
});
|
|
|
|
it('keeps findings list defaults calm with explicit sortability and hidden forensic detail', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(ListFindings::class);
|
|
$table = $component->instance()->getTable();
|
|
|
|
expect($table->getPaginationPageOptions())->toBe(\App\Support\Filament\TablePaginationProfiles::resource());
|
|
expect($table->getDefaultSortColumn())->toBe('created_at');
|
|
expect($table->getDefaultSortDirection())->toBe('desc');
|
|
expect($table->getEmptyStateHeading())->toBe('No findings match this view');
|
|
expect($table->getColumn('subject_display_name')?->isSearchable())->toBeTrue();
|
|
expect($table->getColumn('governance_validity'))->not->toBeNull();
|
|
expect($table->getColumn('due_at')?->isSortable())->toBeTrue();
|
|
expect($table->getColumn('evidence_fidelity')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect($table->getColumn('subject_type')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect($table->getColumn('subject_external_id')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect($table->getColumn('scope_key')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect(count($table->getVisibleColumns()))->toBeLessThanOrEqual(8);
|
|
expect($component->instance()->getTable()->getFilter('workflow_family'))->not->toBeNull();
|
|
expect($component->instance()->getTable()->getFilter('governance_validity'))->not->toBeNull();
|
|
});
|
|
|
|
it('defines created date-range narrowing with active indicators on the findings table', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(ListFindings::class)
|
|
->assertTableFilterExists('created_at')
|
|
->set('tableFilters.created_at.from', now()->subDay()->toDateString())
|
|
->set('tableFilters.created_at.until', now()->toDateString());
|
|
|
|
expect(findingsDefaultIndicatorLabels($component))
|
|
->toContain('Created from '.now()->subDay()->toFormattedDateString())
|
|
->toContain('Created until '.now()->toFormattedDateString());
|
|
});
|
|
|
|
it('shows evidence display-name fallback in the findings list when the subject external id is workspace-safe', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$subjectExternalId = BaselineSubjectKey::workspaceSafeSubjectExternalIdForPolicy(
|
|
'intuneRoleDefinition',
|
|
'Security Reader',
|
|
'rbac-role-1',
|
|
);
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'subject_type' => 'policy',
|
|
'subject_external_id' => (string) $subjectExternalId,
|
|
'evidence_jsonb' => [
|
|
'policy_type' => 'intuneRoleDefinition',
|
|
'display_name' => 'Security Reader',
|
|
'summary' => [
|
|
'kind' => 'rbac_role_definition',
|
|
],
|
|
],
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->assertCanSeeTableRecords([$finding])
|
|
->assertSee('Security Reader');
|
|
});
|