ahmido
73a879d061
## Summary
- implement Spec 147 for workspace-first tenant selector and remembered tenant context enforcement
- harden canonical and tenant-bound route behavior so selected tenant mismatch stays informational
- fix drift finding subject fallback for workspace-safe RBAC identifiers and centralize finding subject resolution
## Testing
- vendor/bin/sail artisan test --compact tests/Feature/Filament/FindingViewRbacEvidenceTest.php tests/Feature/Findings/FindingsListDefaultsTest.php
- vendor/bin/sail bin pint --dirty --format agent
## Notes
- branch pushed at de0679cd8b
- includes the spec artifacts under specs/147-tenant-selector-remembered-context-enforcement/
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #176
125 lines
4.8 KiB
PHP
125 lines
4.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\FindingResource\Pages\ListFindings;
|
|
use App\Models\Finding;
|
|
use App\Support\Baselines\BaselineSubjectKey;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
function findingsDefaultIndicatorLabels($component): array
|
|
{
|
|
return collect($component->instance()->getTable()->getFilterIndicators())
|
|
->map(fn ($indicator): string => (string) $indicator->getLabel())
|
|
->all();
|
|
}
|
|
|
|
it('defaults to open findings across all finding types', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$openDrift = Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_NEW,
|
|
]);
|
|
|
|
$openPermission = Finding::factory()->permissionPosture()->for($tenant)->create([
|
|
'status' => Finding::STATUS_TRIAGED,
|
|
]);
|
|
|
|
$openEntra = Finding::factory()->entraAdminRoles()->for($tenant)->create([
|
|
'status' => Finding::STATUS_IN_PROGRESS,
|
|
]);
|
|
|
|
$reopened = Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'status' => Finding::STATUS_REOPENED,
|
|
]);
|
|
|
|
$resolved = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
]);
|
|
|
|
$closed = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_CLOSED,
|
|
]);
|
|
|
|
$riskAccepted = Finding::factory()->for($tenant)->create([
|
|
'status' => Finding::STATUS_RISK_ACCEPTED,
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->assertCanSeeTableRecords([$openDrift, $openPermission, $openEntra, $reopened])
|
|
->assertCanNotSeeTableRecords([$resolved, $closed, $riskAccepted]);
|
|
});
|
|
|
|
it('keeps findings list defaults calm with explicit sortability and hidden forensic detail', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(ListFindings::class);
|
|
$table = $component->instance()->getTable();
|
|
|
|
expect($table->getPaginationPageOptions())->toBe(\App\Support\Filament\TablePaginationProfiles::resource());
|
|
expect($table->getDefaultSortColumn())->toBe('created_at');
|
|
expect($table->getDefaultSortDirection())->toBe('desc');
|
|
expect($table->getEmptyStateHeading())->toBe('No findings match this view');
|
|
expect($table->getColumn('subject_display_name')?->isSearchable())->toBeTrue();
|
|
expect($table->getColumn('due_at')?->isSortable())->toBeTrue();
|
|
expect($table->getColumn('evidence_fidelity')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect($table->getColumn('subject_type')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect($table->getColumn('subject_external_id')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect($table->getColumn('scope_key')?->isToggledHiddenByDefault())->toBeTrue();
|
|
expect(count($table->getVisibleColumns()))->toBeLessThanOrEqual(7);
|
|
});
|
|
|
|
it('defines created date-range narrowing with active indicators on the findings table', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$component = Livewire::test(ListFindings::class)
|
|
->assertTableFilterExists('created_at')
|
|
->set('tableFilters.created_at.from', now()->subDay()->toDateString())
|
|
->set('tableFilters.created_at.until', now()->toDateString());
|
|
|
|
expect(findingsDefaultIndicatorLabels($component))
|
|
->toContain('Created from '.now()->subDay()->toFormattedDateString())
|
|
->toContain('Created until '.now()->toFormattedDateString());
|
|
});
|
|
|
|
it('shows evidence display-name fallback in the findings list when the subject external id is workspace-safe', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$subjectExternalId = BaselineSubjectKey::workspaceSafeSubjectExternalIdForPolicy(
|
|
'intuneRoleDefinition',
|
|
'Security Reader',
|
|
'rbac-role-1',
|
|
);
|
|
|
|
$finding = Finding::factory()->for($tenant)->create([
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'subject_type' => 'policy',
|
|
'subject_external_id' => (string) $subjectExternalId,
|
|
'evidence_jsonb' => [
|
|
'policy_type' => 'intuneRoleDefinition',
|
|
'display_name' => 'Security Reader',
|
|
'summary' => [
|
|
'kind' => 'rbac_role_definition',
|
|
],
|
|
],
|
|
]);
|
|
|
|
Livewire::test(ListFindings::class)
|
|
->assertCanSeeTableRecords([$finding])
|
|
->assertSee('Security Reader');
|
|
});
|