ahmido
b0a724acef
## Summary - harden the canonical operation run viewer so mismatched, missing, archived, onboarding, and selector-excluded tenant context no longer invalidates authorized canonical run viewing - extend canonical route, header-context, deep-link, and presentation coverage for Spec 144 and add the full spec artifact set under `specs/144-canonical-operation-viewer-context-decoupling/` - harden onboarding draft provider-connection resume logic so stale persisted provider connections fall back to the connect-provider step instead of resuming invalid state - add architecture-audit follow-up candidate material and prompt assets for the next governance hardening wave ## Testing - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Monitoring/OperationsTenantScopeTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php tests/Feature/Monitoring/HeaderContextBarTest.php tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php tests/Feature/Monitoring/OperationsCanonicalUrlsTest.php` - `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php` ## Notes - branch: `144-canonical-operation-viewer-context-decoupling` - base: `dev` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #173
187 lines
6.9 KiB
PHP
187 lines
6.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\BackupSet;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Testing\TestResponse;
|
|
|
|
function visiblePageText(TestResponse $response): string
|
|
{
|
|
$html = (string) $response->getContent();
|
|
$html = preg_replace('/<script\b[^>]*>.*?<\/script>/is', '', $html) ?? $html;
|
|
$html = preg_replace('/<style\b[^>]*>.*?<\/style>/is', '', $html) ?? $html;
|
|
$html = preg_replace('/\s+wire:snapshot="[^"]*"/', '', $html) ?? $html;
|
|
$html = preg_replace('/\s+wire:effects="[^"]*"/', '', $html) ?? $html;
|
|
|
|
return trim((string) preg_replace('/\s+/', ' ', strip_tags($html)));
|
|
}
|
|
|
|
it('renders operation runs with summary content before counts and technical context', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
Filament::setTenant(null, true);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'type' => 'policy.sync',
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'initiator_name' => 'Alice Example',
|
|
'summary_counts' => [
|
|
'total' => 10,
|
|
'processed' => 10,
|
|
'succeeded' => 10,
|
|
],
|
|
'context' => [
|
|
'target_scope' => [
|
|
'entra_tenant_name' => 'Contoso',
|
|
'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
|
|
],
|
|
],
|
|
]);
|
|
|
|
$response = $this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
|
|
->assertOk()
|
|
->assertSee('Current state')
|
|
->assertSee('Timing')
|
|
->assertSee('Contoso');
|
|
|
|
$pageText = visiblePageText($response);
|
|
|
|
$policySyncPosition = mb_strpos($pageText, 'Policy sync');
|
|
$runSummaryPosition = mb_strpos($pageText, 'Run summary');
|
|
$relatedContextPosition = mb_strpos($pageText, 'Related context');
|
|
$countsPosition = mb_strpos($pageText, 'Counts');
|
|
$identityHashPosition = mb_strpos($pageText, 'Identity hash');
|
|
|
|
expect($policySyncPosition)->not->toBeFalse()
|
|
->and($runSummaryPosition)->not->toBeFalse()
|
|
->and($relatedContextPosition)->not->toBeFalse()
|
|
->and($countsPosition)->not->toBeFalse()
|
|
->and($identityHashPosition)->not->toBeFalse()
|
|
->and($policySyncPosition)->toBeLessThan($runSummaryPosition)
|
|
->and($runSummaryPosition)->toBeLessThan($relatedContextPosition)
|
|
->and($relatedContextPosition)->toBeLessThan($countsPosition)
|
|
->and($countsPosition)->toBeLessThan($identityHashPosition);
|
|
});
|
|
|
|
it('keeps header navigation and related context visible for tenant-bound operation runs', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
Filament::setTenant(null, true);
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Nightly backup',
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'type' => 'backup_set.add_policies',
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'context' => [
|
|
'backup_set_id' => (int) $backupSet->getKey(),
|
|
'target_scope' => [
|
|
'entra_tenant_name' => 'Contoso',
|
|
],
|
|
],
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
|
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
|
|
->assertOk()
|
|
->assertSee('Back to Operations')
|
|
->assertSee('Refresh')
|
|
->assertSee('Related context')
|
|
->assertSee('/admin/t/'.$tenant->external_id.'/backup-sets/'.$backupSet->getKey(), false);
|
|
});
|
|
|
|
it('renders mismatch context above the enterprise detail content without blocking the page', function (): void {
|
|
$runTenant = Tenant::factory()->create([
|
|
'name' => 'Run Tenant',
|
|
]);
|
|
[$user, $runTenant] = createUserWithTenant(tenant: $runTenant, role: 'owner');
|
|
|
|
$currentTenant = Tenant::factory()->create([
|
|
'name' => 'Current Tenant',
|
|
'workspace_id' => (int) $runTenant->workspace_id,
|
|
]);
|
|
|
|
createUserWithTenant(tenant: $currentTenant, user: $user, role: 'owner');
|
|
|
|
Filament::setTenant($currentTenant, true);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'workspace_id' => (int) $runTenant->workspace_id,
|
|
'tenant_id' => (int) $runTenant->getKey(),
|
|
'type' => 'policy.sync',
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
]);
|
|
|
|
$response = $this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $runTenant->workspace_id])
|
|
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
|
|
->assertOk()
|
|
->assertSee('Current tenant context differs from this run')
|
|
->assertSee('Run summary')
|
|
->assertSee('Related context');
|
|
|
|
$pageText = visiblePageText($response);
|
|
|
|
$bannerPosition = mb_strpos($pageText, 'Current tenant context differs from this run');
|
|
$summaryPosition = mb_strpos($pageText, 'Run summary');
|
|
|
|
expect($bannerPosition)->not->toBeFalse()
|
|
->and($summaryPosition)->not->toBeFalse()
|
|
->and($bannerPosition)->toBeLessThan($summaryPosition);
|
|
});
|
|
|
|
it('renders explicit sparse-data fallbacks for operation runs', function (): void {
|
|
$workspace = Workspace::factory()->create();
|
|
$user = User::factory()->create();
|
|
|
|
WorkspaceMembership::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'user_id' => (int) $user->getKey(),
|
|
'role' => 'owner',
|
|
]);
|
|
|
|
Filament::setTenant(null, true);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'tenant_id' => null,
|
|
'type' => 'provider.connection.check',
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Failed->value,
|
|
'summary_counts' => [],
|
|
'failure_summary' => [],
|
|
'context' => [],
|
|
]);
|
|
|
|
$this->actingAs($user)
|
|
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
|
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
|
|
->assertOk()
|
|
->assertSee('No target scope details were recorded for this run.')
|
|
->assertSee('Verification report')
|
|
->assertSee('Verification report unavailable')
|
|
->assertDontSee('Counts');
|
|
});
|