ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
5bcb4f6ab8
TenantAtlas/tests/Feature/Filament/AuditLogPageTest.php
ahmido cc93329672 feat: canonical tenant context resolution (#164) 
## Summary
- introduce a canonical admin tenant filter-state helper and route all in-scope workspace-admin tenant resolution through `OperateHubShell::activeEntitledTenant()`
- align operations monitoring, operation-run deep links, Entra group admin list/view/search behavior, and shared context-bar rendering with the documented scope contract
- add the Spec 135 design artifacts, architecture note, focused guardrail coverage, and non-regression tests for filter persistence, direct-record access, and global search safety

## Validation
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Feature/Monitoring/OperationsKpiHeaderTenantContextTest.php tests/Feature/Monitoring/OperationsTenantScopeTest.php tests/Feature/Monitoring/OperationsCanonicalUrlsTest.php tests/Feature/Spec085/OperationsIndexHeaderTest.php tests/Feature/Spec085/RunDetailBackAffordanceTest.php tests/Feature/Filament/OperationRunListFiltersTest.php tests/Feature/Filament/EntraGroupAdminScopeTest.php tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php tests/Feature/DirectoryGroups/BrowseGroupsTest.php tests/Feature/Filament/EntraGroupEnterpriseDetailPageTest.php tests/Feature/Filament/PolicyVersionResolvedReferenceLinksTest.php tests/Feature/Filament/EntraGroupResolvedReferencePresentationTest.php tests/Feature/Guards/AdminTenantResolverGuardTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Filament/Alerts/AlertsKpiHeaderTest.php tests/Feature/Alerts/AlertDeliveryDeepLinkFiltersTest.php`
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/TableStatePersistenceTest.php tests/Feature/Filament/TenantScopingTest.php tests/Feature/Filament/Alerts/AlertDeliveryViewerTest.php tests/Unit/Support/References/CapabilityAwareReferenceResolverTest.php`

## Notes
- Filament v5 remains on Livewire v4.0+ compliant surfaces only.
- No provider registration changes were needed; Laravel 12 provider registration remains in `bootstrap/providers.php`.
- Entra group global search remains enabled and is now scoped to the canonical admin tenant contract.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #164
2026-03-11 21:24:28 +00:00

304 lines
11 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Pages\Monitoring\AuditLog as AuditLogPage;
use App\Models\AuditLog as AuditLogModel;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Illuminate\Support\Facades\DB;
use Livewire\Features\SupportTesting\Testable;
use Livewire\Livewire;
function auditLogPageTestComponent(User $user, ?Tenant $tenant = null): Testable
{
test()->actingAs($user);
Filament::setTenant($tenant, true);
return Livewire::actingAs($user)->test(AuditLogPage::class);
}
function auditLogPageTestRecord(?Tenant $tenant, array $attributes = []): AuditLogModel
{
$workspaceId = array_key_exists('workspace_id', $attributes)
? (int) $attributes['workspace_id']
: (int) ($tenant?->workspace_id ?? Workspace::factory()->create()->getKey());
return AuditLogModel::query()->create(array_merge([
'workspace_id' => $workspaceId,
'tenant_id' => $tenant?->getKey(),
'actor_email' => 'auditor@example.com',
'actor_name' => 'Audit Operator',
'action' => 'operation.completed',
'status' => 'success',
'resource_type' => 'operation_run',
'resource_id' => '1',
'summary' => 'Operation completed',
'metadata' => [],
'recorded_at' => now(),
], $attributes));
}
it('renders the canonical audit route as a summary-first monitoring surface', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.monitoring.audit-log'))
->assertOk()
->assertSee('Summary-first audit history')
->assertSee('Review governance, operational, and workspace-admin events in reverse chronological order');
});
it('loads the audit page with populated filter options', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
auditLogPageTestRecord($tenant, [
'action' => 'verification.completed',
'actor_name' => 'Ahmed Darrazi',
'resource_type' => 'tenant',
'resource_id' => (string) $tenant->getKey(),
'summary' => 'Verification completed',
]);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.monitoring.audit-log'))
->assertOk()
->assertSee('Event type')
->assertSee('Actor')
->assertSee('Target type');
});
it('renders derived labels for audit rows that are missing evolved snapshot columns', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
DB::table('audit_logs')->insert([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'actor_id' => null,
'actor_email' => 'spo_admin@yptw2.onmicrosoft.com',
'actor_name' => 'Ahmed Darrazi',
'action' => 'baseline.capture.started',
'resource_type' => 'baseline_profile',
'resource_id' => '2',
'status' => 'success',
'metadata' => json_encode([
'baseline_profile_id' => 2,
'baseline_profile_name' => 'Device Compliance',
], JSON_THROW_ON_ERROR),
'recorded_at' => now(),
'created_at' => now(),
'updated_at' => now(),
]);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.monitoring.audit-log'))
->assertOk()
->assertSee('Baseline capture started for Baseline profile #2')
->assertSee('Ahmed Darrazi')
->assertSee('Baseline profile #2')
->assertSee('Success');
});
it('renders workspace setting targets with readable labels', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
auditLogPageTestRecord($tenant, [
'action' => 'workspace_setting.updated',
'summary' => 'Workspace setting updated for backup.retention_keep_last_default',
'resource_type' => 'workspace_setting',
'resource_id' => 'backup.retention_keep_last_default',
'target_label' => 'backup.retention_keep_last_default',
]);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.monitoring.audit-log'))
->assertOk()
->assertSee('Workspace setting updated for Backup Retention Keep Last Default')
->assertSee('Backup Retention Keep Last Default');
});
it('shows reverse-chronological audit rows and supports summary search', function (): void {
[$user, $tenantA] = createUserWithTenant(role: 'owner');
$tenantB = Tenant::factory()->create([
'workspace_id' => (int) $tenantA->workspace_id,
]);
createUserWithTenant($tenantB, $user, role: 'owner');
$oldest = auditLogPageTestRecord($tenantA, [
'resource_id' => '101',
'summary' => 'Older baseline capture completed',
'action' => 'baseline.capture.completed',
'recorded_at' => now()->subMinutes(15),
]);
$middle = auditLogPageTestRecord($tenantB, [
'resource_id' => '102',
'summary' => 'Rotate backup schedule credentials',
'action' => 'backup.updated',
'recorded_at' => now()->subMinutes(5),
]);
$newest = auditLogPageTestRecord($tenantA, [
'resource_id' => '103',
'summary' => 'Newest restore failed',
'action' => 'restore.failed',
'status' => 'failed',
'recorded_at' => now()->subMinute(),
]);
auditLogPageTestComponent($user)
->assertOk()
->assertCanSeeTableRecords([$newest, $middle, $oldest], inOrder: true)
->searchTable('Rotate')
->assertCanSeeTableRecords([$middle])
->assertCanNotSeeTableRecords([$newest, $oldest]);
});
it('preselects the active tenant as the default audit filter', function (): void {
[$user, $tenantA] = createUserWithTenant(role: 'owner');
$tenantB = Tenant::factory()->create([
'workspace_id' => (int) $tenantA->workspace_id,
]);
createUserWithTenant($tenantB, $user, role: 'owner');
$visible = auditLogPageTestRecord($tenantA, [
'resource_id' => '201',
'summary' => 'Tenant A verification completed',
'action' => 'verification.completed',
]);
$hidden = auditLogPageTestRecord($tenantB, [
'resource_id' => '202',
'summary' => 'Tenant B verification completed',
'action' => 'verification.completed',
]);
auditLogPageTestComponent($user, $tenantA)
->assertSet('tableFilters.tenant_id.value', (string) $tenantA->getKey())
->assertCanSeeTableRecords([$visible])
->assertCanNotSeeTableRecords([$hidden]);
});
it('preselects the remembered tenant as the default audit filter when the filament tenant is absent', function (): void {
$tenantA = Tenant::factory()->create([
'name' => 'Phoenicon',
'environment' => 'dev',
]);
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
$tenantB = Tenant::factory()->create([
'workspace_id' => (int) $tenantA->workspace_id,
'name' => 'YPTW2',
'environment' => 'dev',
]);
createUserWithTenant($tenantB, $user, role: 'owner');
$visible = auditLogPageTestRecord($tenantA, [
'resource_id' => '301',
'summary' => 'Phoenicon verification completed',
'action' => 'verification.completed',
]);
$hidden = auditLogPageTestRecord($tenantB, [
'resource_id' => '302',
'summary' => 'YPTW2 verification completed',
'action' => 'verification.completed',
]);
$this->actingAs($user);
Filament::setTenant(null, true);
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [
(string) $tenantA->workspace_id => (int) $tenantA->getKey(),
]);
Livewire::actingAs($user)->test(AuditLogPage::class)
->assertSet('tableFilters.tenant_id.value', (string) $tenantA->getKey())
->assertCanSeeTableRecords([$visible])
->assertCanNotSeeTableRecords([$hidden]);
});
it('replaces a stale persisted audit tenant filter when the remembered tenant context changes', function (): void {
$tenantA = Tenant::factory()->create([
'name' => 'YPTW2',
'environment' => 'dev',
]);
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
$tenantB = Tenant::factory()->create([
'workspace_id' => (int) $tenantA->workspace_id,
'name' => 'Phoenicon',
'environment' => 'dev',
]);
createUserWithTenant($tenantB, $user, role: 'owner');
$tenantARecord = auditLogPageTestRecord($tenantA, [
'resource_id' => '401',
'summary' => 'YPTW2 verification completed',
]);
$tenantBRecord = auditLogPageTestRecord($tenantB, [
'resource_id' => '402',
'summary' => 'Phoenicon verification completed',
]);
$this->actingAs($user);
Filament::setTenant(null, true);
$workspaceId = (int) $tenantA->workspace_id;
session()->put(WorkspaceContext::SESSION_KEY, $workspaceId);
session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [
(string) $workspaceId => (int) $tenantA->getKey(),
]);
$component = Livewire::actingAs($user)->test(AuditLogPage::class)
->assertSet('tableFilters.tenant_id.value', (string) $tenantA->getKey())
->assertCanSeeTableRecords([$tenantARecord])
->assertCanNotSeeTableRecords([$tenantBRecord]);
expect(data_get(session()->get($component->instance()->getTableFiltersSessionKey()), 'tenant_id.value'))
->toBe((string) $tenantA->getKey());
session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [
(string) $workspaceId => (int) $tenantB->getKey(),
]);
Livewire::actingAs($user)->test(AuditLogPage::class)
->assertSet('tableFilters.tenant_id.value', (string) $tenantB->getKey())
->assertCanSeeTableRecords([$tenantBRecord])
->assertCanNotSeeTableRecords([$tenantARecord]);
});
it('shows a clear-filters empty state when no audit rows match the current view', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$record = auditLogPageTestRecord($tenant, [
'summary' => 'Baseline compare completed',
'action' => 'baseline.compare.completed',
]);
auditLogPageTestComponent($user)
->assertTableEmptyStateActionsExistInOrder(['clear_filters'])
->searchTable('no-such-audit-event')
->assertCountTableRecords(0)
->assertSee('No audit events match this view')
->assertSee('Clear filters')
->searchTable(null)
->assertCanSeeTableRecords([$record]);
});
Reference in New Issue View Git Blame Copy Permalink