ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
6063f866a9
TenantAtlas/tests/Unit/Findings/FindingExceptionServiceTest.php
ahmido b1e1e06861 feat: implement finding risk acceptance lifecycle (#184) 
## Summary
- add a first-class finding exception domain with request, approval, rejection, renewal, and revocation lifecycle support
- add tenant-scoped exception register, finding governance surfaces, and a canonical workspace approval queue in Filament
- add audit, badge, evidence, and review-pack integrations plus focused Pest coverage for workflow, authorization, and governance validity

## Validation
- vendor/bin/sail bin pint --dirty --format agent
- CI=1 vendor/bin/sail artisan test --compact
- manual integrated-browser smoke test for the request-exception happy path, tenant register visibility, and canonical queue visibility

## Notes
- Filament implementation remains on v5 with Livewire v4-compatible surfaces
- canonical queue lives in the admin panel; provider registration stays in bootstrap/providers.php
- finding exceptions stay out of global search in this rollout

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #184
2026-03-20 01:07:55 +00:00

82 lines
3.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\Finding;
use App\Models\FindingException;
use App\Services\Findings\FindingExceptionService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Carbon;
uses(RefreshDatabase::class);
it('creates a pending exception request for an open finding', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->create(['status' => Finding::STATUS_NEW]);
Carbon::setTestNow('2026-03-19 10:00:00');
$exception = app(FindingExceptionService::class)->request($finding, $tenant, $user, [
'owner_user_id' => (int) $user->getKey(),
'request_reason' => 'Operational risk accepted temporarily',
'review_due_at' => now()->addDays(14)->toDateTimeString(),
'expires_at' => now()->addDays(30)->toDateTimeString(),
]);
expect($exception->status)->toBe(FindingException::STATUS_PENDING)
->and($exception->requested_by_user_id)->toBe((int) $user->getKey())
->and($exception->request_reason)->toBe('Operational risk accepted temporarily')
->and($exception->currentDecision?->decision_type)->toBe('requested');
Carbon::setTestNow();
});
it('blocks overlapping pending requests for the same finding', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->create(['status' => Finding::STATUS_NEW]);
$service = app(FindingExceptionService::class);
$service->request($finding, $tenant, $user, [
'owner_user_id' => (int) $user->getKey(),
'request_reason' => 'First request',
'review_due_at' => now()->addDays(7)->toDateTimeString(),
]);
expect(fn () => $service->request($finding, $tenant, $user, [
'owner_user_id' => (int) $user->getKey(),
'request_reason' => 'Second request',
'review_due_at' => now()->addDays(10)->toDateTimeString(),
]))->toThrow(InvalidArgumentException::class, 'An exception request is already pending for this finding.');
});
it('blocks self approval and approves with finding mutation otherwise', function (): void {
[$requester, $tenant] = createUserWithTenant(role: 'owner');
$approver = \App\Models\User::factory()->create();
createUserWithTenant(tenant: $tenant, user: $approver, role: 'owner');
$finding = Finding::factory()->for($tenant)->create(['status' => Finding::STATUS_NEW]);
$service = app(FindingExceptionService::class);
$exception = $service->request($finding, $tenant, $requester, [
'owner_user_id' => (int) $requester->getKey(),
'request_reason' => 'Needs temporary exception',
'review_due_at' => now()->addDays(7)->toDateTimeString(),
]);
expect(fn () => $service->approve($exception, $requester, [
'effective_from' => now()->addHour()->toDateTimeString(),
'expires_at' => now()->addDays(30)->toDateTimeString(),
]))->toThrow(InvalidArgumentException::class, 'Requesters cannot approve their own exception requests.');
$approved = $service->approve($exception->fresh(), $approver, [
'effective_from' => now()->addHour()->toDateTimeString(),
'expires_at' => now()->addDays(30)->toDateTimeString(),
'approval_reason' => 'Approved with compensating controls',
]);
expect($approved->status)->toBe(FindingException::STATUS_ACTIVE)
->and($approved->currentDecision?->decision_type)->toBe('approved')
->and($finding->fresh()?->status)->toBe(Finding::STATUS_RISK_ACCEPTED);
});
Reference in New Issue View Git Blame Copy Permalink