ahmido
6f8eb28ca2
## Summary - add the Spec 180 tenant backup-health resolver and value objects to derive absent, stale, degraded, healthy, and schedule-follow-up posture from existing backup and schedule truth - surface backup posture and reason-driven drillthroughs in the tenant dashboard and preserve continuity on backup-set and backup-schedule destinations - add deterministic local/testing browser-fixture seeding plus a local fixture-login helper for the blocked drillthrough `403` scenario, along with the related spec artifacts and focused regression coverage ## Testing - `vendor/bin/sail artisan test --compact tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php` - `vendor/bin/sail artisan test --compact tests/Unit/Support/BackupHealth/TenantBackupHealthResolverTest.php tests/Feature/Filament/DashboardKpisWidgetTest.php tests/Feature/Filament/NeedsAttentionWidgetTest.php tests/Feature/Filament/TenantDashboardTruthAlignmentTest.php tests/Feature/Filament/TenantDashboardTenantScopeTest.php tests/Feature/Filament/TenantDashboardDbOnlyTest.php tests/Feature/Filament/BackupSetListContinuityTest.php tests/Feature/Filament/BackupSetEnterpriseDetailPageTest.php tests/Feature/BackupScheduling/BackupScheduleLifecycleTest.php tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php` ## Notes - Filament v5 / Livewire v4 compliant; no panel-provider change was needed, so `bootstrap/providers.php` remains unchanged - no new globally searchable resource was introduced, so global-search behavior is unchanged - no new destructive action was added; existing destructive actions and confirmation behavior remain unchanged - no new asset registration was added; the existing deploy-time `php artisan filament:assets` step remains sufficient - the local fixture login helper route is limited to `local` and `testing` environments - the focused and broader Spec 180 packs are green; the full suite was not rerun after these changes Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #212
193 lines
8.0 KiB
PHP
193 lines
8.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Console\Commands;
|
|
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSet;
|
|
use App\Models\Policy;
|
|
use App\Models\Tenant;
|
|
use App\Models\TenantMembership;
|
|
use App\Models\User;
|
|
use App\Models\UserTenantPreference;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceMembership;
|
|
use Illuminate\Console\Command;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Facades\Schema;
|
|
|
|
class SeedBackupHealthBrowserFixture extends Command
|
|
{
|
|
protected $signature = 'tenantpilot:backup-health:seed-browser-fixture {--force-refresh : Rebuild the fixture backup basis even if it already exists}';
|
|
|
|
protected $description = 'Seed a local/testing browser fixture for the Spec 180 blocked backup drill-through scenario.';
|
|
|
|
public function handle(): int
|
|
{
|
|
if (! app()->environment(['local', 'testing'])) {
|
|
$this->error('This fixture command is limited to local and testing environments.');
|
|
|
|
return self::FAILURE;
|
|
}
|
|
|
|
$fixture = config('tenantpilot.backup_health.browser_smoke_fixture');
|
|
|
|
if (! is_array($fixture)) {
|
|
$this->error('The backup-health browser smoke fixture is not configured.');
|
|
|
|
return self::FAILURE;
|
|
}
|
|
|
|
$workspaceConfig = is_array($fixture['workspace'] ?? null) ? $fixture['workspace'] : [];
|
|
$userConfig = is_array($fixture['user'] ?? null) ? $fixture['user'] : [];
|
|
$scenarioConfig = is_array($fixture['blocked_drillthrough'] ?? null) ? $fixture['blocked_drillthrough'] : [];
|
|
$tenantRouteKey = (string) ($scenarioConfig['tenant_id'] ?? $scenarioConfig['tenant_external_id'] ?? '18000000-0000-4000-8000-000000000180');
|
|
|
|
$workspace = Workspace::query()->updateOrCreate(
|
|
['slug' => (string) ($workspaceConfig['slug'] ?? 'spec-180-backup-health-smoke')],
|
|
['name' => (string) ($workspaceConfig['name'] ?? 'Spec 180 Backup Health Smoke')],
|
|
);
|
|
|
|
$password = (string) ($userConfig['password'] ?? 'password');
|
|
|
|
$user = User::query()->updateOrCreate(
|
|
['email' => (string) ($userConfig['email'] ?? 'smoke-requester+180@tenantpilot.local')],
|
|
[
|
|
'name' => (string) ($userConfig['name'] ?? 'Spec 180 Requester'),
|
|
'password' => Hash::make($password),
|
|
'email_verified_at' => now(),
|
|
],
|
|
);
|
|
|
|
$tenant = Tenant::query()->updateOrCreate(
|
|
['external_id' => $tenantRouteKey],
|
|
[
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'name' => (string) ($scenarioConfig['tenant_name'] ?? 'Spec 180 Blocked Backup Tenant'),
|
|
'tenant_id' => $tenantRouteKey,
|
|
'app_client_id' => (string) ($scenarioConfig['app_client_id'] ?? '18000000-0000-4000-8000-000000000182'),
|
|
'app_client_secret' => null,
|
|
'app_certificate_thumbprint' => null,
|
|
'app_status' => 'ok',
|
|
'app_notes' => null,
|
|
'status' => Tenant::STATUS_ACTIVE,
|
|
'environment' => 'dev',
|
|
'is_current' => false,
|
|
'metadata' => ['fixture' => 'spec-180-browser-smoke'],
|
|
'rbac_status' => 'ok',
|
|
'rbac_last_checked_at' => now(),
|
|
],
|
|
);
|
|
|
|
WorkspaceMembership::query()->updateOrCreate(
|
|
['workspace_id' => (int) $workspace->getKey(), 'user_id' => (int) $user->getKey()],
|
|
['role' => 'owner'],
|
|
);
|
|
|
|
TenantMembership::query()->updateOrCreate(
|
|
['tenant_id' => (int) $tenant->getKey(), 'user_id' => (int) $user->getKey()],
|
|
['role' => 'owner', 'source' => 'manual', 'source_ref' => 'spec-180-browser-smoke'],
|
|
);
|
|
|
|
if (Schema::hasColumn('users', 'last_workspace_id')) {
|
|
$user->forceFill(['last_workspace_id' => (int) $workspace->getKey()])->save();
|
|
}
|
|
|
|
if (Schema::hasTable('user_tenant_preferences')) {
|
|
UserTenantPreference::query()->updateOrCreate(
|
|
['user_id' => (int) $user->getKey(), 'tenant_id' => (int) $tenant->getKey()],
|
|
['last_used_at' => now()],
|
|
);
|
|
}
|
|
|
|
$policy = Policy::query()->updateOrCreate(
|
|
[
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'external_id' => (string) ($scenarioConfig['policy_external_id'] ?? 'spec-180-rbac-stale-policy'),
|
|
'policy_type' => (string) ($scenarioConfig['policy_type'] ?? 'settingsCatalogPolicy'),
|
|
],
|
|
[
|
|
'display_name' => (string) ($scenarioConfig['policy_name'] ?? 'Spec 180 RBAC Smoke Policy'),
|
|
'platform' => 'windows',
|
|
'last_synced_at' => now(),
|
|
'metadata' => ['fixture' => 'spec-180-browser-smoke'],
|
|
],
|
|
);
|
|
|
|
$backupSet = BackupSet::withTrashed()->firstOrNew([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => (string) ($scenarioConfig['backup_set_name'] ?? 'Spec 180 Blocked Stale Backup'),
|
|
]);
|
|
|
|
$backupSet->forceFill([
|
|
'created_by' => (string) $user->email,
|
|
'status' => 'completed',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subHours(max(25, (int) ($scenarioConfig['stale_age_hours'] ?? 48))),
|
|
'metadata' => ['fixture' => 'spec-180-browser-smoke'],
|
|
'deleted_at' => null,
|
|
])->save();
|
|
|
|
if (method_exists($backupSet, 'trashed') && $backupSet->trashed()) {
|
|
$backupSet->restore();
|
|
}
|
|
|
|
$backupItem = BackupItem::withTrashed()->firstOrNew([
|
|
'backup_set_id' => (int) $backupSet->getKey(),
|
|
'policy_identifier' => (string) ($scenarioConfig['policy_external_id'] ?? 'spec-180-rbac-stale-policy'),
|
|
'policy_type' => (string) ($scenarioConfig['policy_type'] ?? 'settingsCatalogPolicy'),
|
|
]);
|
|
|
|
$backupItem->forceFill([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'policy_id' => (int) $policy->getKey(),
|
|
'platform' => 'windows',
|
|
'captured_at' => $backupSet->completed_at,
|
|
'payload' => [
|
|
'id' => (string) ($scenarioConfig['policy_external_id'] ?? 'spec-180-rbac-stale-policy'),
|
|
'name' => (string) ($scenarioConfig['policy_name'] ?? 'Spec 180 RBAC Smoke Policy'),
|
|
],
|
|
'metadata' => [
|
|
'policy_name' => (string) ($scenarioConfig['policy_name'] ?? 'Spec 180 RBAC Smoke Policy'),
|
|
'fixture' => 'spec-180-browser-smoke',
|
|
],
|
|
'assignments' => [],
|
|
'deleted_at' => null,
|
|
])->save();
|
|
|
|
if (method_exists($backupItem, 'trashed') && $backupItem->trashed()) {
|
|
$backupItem->restore();
|
|
}
|
|
|
|
if ((bool) $this->option('force-refresh')) {
|
|
$backupSet->forceFill([
|
|
'completed_at' => now()->subHours(max(25, (int) ($scenarioConfig['stale_age_hours'] ?? 48))),
|
|
])->save();
|
|
|
|
$backupItem->forceFill([
|
|
'captured_at' => $backupSet->completed_at,
|
|
])->save();
|
|
}
|
|
|
|
$this->table(
|
|
['Fixture', 'Value'],
|
|
[
|
|
['Workspace', (string) $workspace->name],
|
|
['User email', (string) $user->email],
|
|
['User password', $password],
|
|
['Tenant', (string) $tenant->name],
|
|
['Tenant external id', (string) $tenant->external_id],
|
|
['Dashboard URL', "/admin/t/{$tenant->external_id}"],
|
|
['Fixture login URL', route('admin.local.backup-health-browser-fixture-login', absolute: false)],
|
|
['Blocked route', "/admin/t/{$tenant->external_id}/backup-sets"],
|
|
['Locally denied capability', 'tenant.view'],
|
|
],
|
|
);
|
|
|
|
$this->info('The dashboard remains visible for this fixture user, while backup drill-through routes stay forbidden via a local/testing-only capability deny seam.');
|
|
|
|
return self::SUCCESS;
|
|
}
|
|
}
|