88 lines
3.1 KiB
PHP
88 lines
3.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Pages\Monitoring\FindingExceptionsQueue;
|
|
use App\Models\Finding;
|
|
use App\Models\FindingException;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use Filament\Facades\Filament;
|
|
use Livewire\Livewire;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
|
|
it('returns 404 for non-members on representative action-surface route', function (): void {
|
|
$workspaceA = Workspace::factory()->create();
|
|
$workspaceB = Workspace::factory()->create();
|
|
|
|
$user = User::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $workspaceA->getKey(),
|
|
'user_id' => (int) $user->getKey(),
|
|
'role' => 'owner',
|
|
]);
|
|
|
|
$tenantB = Tenant::factory()->create([
|
|
'workspace_id' => (int) $workspaceB->getKey(),
|
|
]);
|
|
|
|
$runB = OperationRun::factory()->create([
|
|
'tenant_id' => (int) $tenantB->getKey(),
|
|
'workspace_id' => (int) $workspaceB->getKey(),
|
|
'type' => 'policy.sync',
|
|
'status' => 'queued',
|
|
'outcome' => 'pending',
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceA->getKey()])
|
|
->get(route('admin.operations.view', ['run' => (int) $runB->getKey()]))
|
|
->assertNotFound();
|
|
});
|
|
|
|
it('keeps queue approval and rejection actions behind the approval capability', function (): void {
|
|
[$approver, $tenant] = createUserWithTenant(role: 'owner', workspaceRole: 'manager');
|
|
|
|
$readonly = User::factory()->create();
|
|
createUserWithTenant(tenant: $tenant, user: $readonly, role: 'readonly', workspaceRole: 'readonly');
|
|
|
|
$finding = Finding::factory()->for($tenant)->create();
|
|
|
|
$exception = FindingException::query()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'finding_id' => (int) $finding->getKey(),
|
|
'requested_by_user_id' => (int) $approver->getKey(),
|
|
'owner_user_id' => (int) $approver->getKey(),
|
|
'status' => FindingException::STATUS_PENDING,
|
|
'current_validity_state' => FindingException::VALIDITY_MISSING_SUPPORT,
|
|
'request_reason' => 'Authorization continuity test',
|
|
'requested_at' => now()->subDay(),
|
|
'review_due_at' => now()->addDay(),
|
|
'evidence_summary' => ['reference_count' => 0],
|
|
]);
|
|
|
|
$this->actingAs($approver);
|
|
Filament::setCurrentPanel('admin');
|
|
Filament::setTenant(null, true);
|
|
Filament::bootCurrentPanel();
|
|
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
|
|
|
Livewire::withQueryParams([
|
|
'exception' => (int) $exception->getKey(),
|
|
])
|
|
->actingAs($approver)
|
|
->test(FindingExceptionsQueue::class)
|
|
->assertActionVisible('approve_selected_exception')
|
|
->assertActionVisible('reject_selected_exception');
|
|
|
|
$this->actingAs($readonly)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(FindingExceptionsQueue::getUrl(panel: 'admin'))
|
|
->assertForbidden();
|
|
});
|