ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
74e75c3edf
TenantAtlas/apps/platform/tests/Feature/WorkspaceIsolation/AuditLogScopeInvariantTest.php
ahmido e64bae9cfc feat: cut over tenant core to managed environments (#335) 
## Summary
- replace the legacy Tenant and TenantMembership core models with ManagedEnvironment and ManagedEnvironmentMembership
- propagate the managed environment naming and key changes across Filament resources, pages, controllers, jobs, models, and supporting runtime paths
- add feature 279 spec artifacts and focused managed-environment test coverage for model behavior, route binding, panel context, authorization, and legacy guardrails

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentAuthorizationTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentContextResolverTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentModelTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- branch pushed from commit `1123b122`
- browser smoke test file was added but not run in this pass

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #335
2026-05-07 06:38:14 +00:00

90 lines
2.9 KiB
PHP
Raw Blame History

<?php
use App\Models\AuditLog;
use App\Models\ManagedEnvironment;
use App\Models\Workspace;
use App\Services\Intune\AuditLogger;
use Illuminate\Database\QueryException;
use Illuminate\Support\Facades\DB;
it('stores workspace_id for tenant scoped audit writes', function (): void {
$workspace = Workspace::factory()->create();
$tenant = ManagedEnvironment::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
]);
$log = app(AuditLogger::class)->log(
tenant: $tenant,
action: 'workspace_isolation.audit_logger_test',
context: ['source' => 'test'],
status: 'success',
);
expect((int) $log->managed_environment_id)->toBe((int) $tenant->getKey());
expect((int) $log->workspace_id)->toBe((int) $workspace->getKey());
});
it('allows workspace only and platform only audit scopes', function (): void {
$workspace = Workspace::factory()->create();
$workspaceScoped = AuditLog::query()->create([
'managed_environment_id' => null,
'workspace_id' => (int) $workspace->getKey(),
'actor_id' => null,
'actor_email' => null,
'actor_name' => null,
'action' => 'workspace_isolation.workspace_scope',
'resource_type' => 'workspace',
'resource_id' => (string) $workspace->getKey(),
'status' => 'success',
'metadata' => [],
'recorded_at' => now(),
]);
$platformScoped = AuditLog::query()->create([
'managed_environment_id' => null,
'workspace_id' => null,
'actor_id' => null,
'actor_email' => null,
'actor_name' => null,
'action' => 'workspace_isolation.platform_scope',
'resource_type' => null,
'resource_id' => null,
'status' => 'success',
'metadata' => [],
'recorded_at' => now(),
]);
expect($workspaceScoped->exists)->toBeTrue();
expect($platformScoped->exists)->toBeTrue();
});
it('rejects tenant scoped audit rows without workspace_id at the database layer', function (): void {
if (DB::getDriverName() === 'sqlite') {
$this->markTestSkipped('Audit scope check constraint is enforced on pgsql/mysql migrations.');
}
$workspace = Workspace::factory()->create();
$tenant = ManagedEnvironment::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
]);
expect(fn () => DB::table('audit_logs')->insert([
'managed_environment_id' => (int) $tenant->getKey(),
'workspace_id' => null,
'actor_id' => null,
'actor_email' => null,
'actor_name' => null,
'action' => 'workspace_isolation.invalid_scope',
'resource_type' => 'tenant',
'resource_id' => (string) $tenant->getKey(),
'status' => 'failed',
'metadata' => json_encode([], JSON_THROW_ON_ERROR),
'recorded_at' => now(),
'created_at' => now(),
'updated_at' => now(),
]))->toThrow(QueryException::class);
});
Reference in New Issue View Git Blame Copy Permalink