ahmido
da1adbdeb5
Implements Spec 119 (Drift Golden Master Cutover): - Baseline Compare is the only drift writer (`source = baseline.compare`). - Drift findings now store diff-compatible `evidence_jsonb` (summary.kind, baseline/current policy_version_id refs, fidelity + provenance). - Findings UI renders one-sided diffs for `missing_policy`/`unexpected_policy` when a single ref exists; otherwise shows explicit “diff unavailable”. - Removes legacy drift generator runtime (jobs/services/UI) and related tests. - Adds one-time migration to delete legacy drift findings (`finding_type=drift` where source is null or != baseline.compare). - Scopes baseline capture & landing duplicate warnings to latest completed inventory sync. - Canonicalizes compliance `scheduledActionsForRule` drift signal and keeps legacy snapshots comparable. Tests: - `vendor/bin/sail artisan test --compact` (full suite per tasks) - Focused pack: BaselinePolicyVersionResolverTest, BaselineCompareDriftEvidenceContractTest, DriftFindingDiffUnavailableTest, LegacyDriftFindingsCleanupMigrationTest, ComplianceNoncomplianceActionsDriftTest Notes: - Livewire v4+ / Filament v5 compatible (no legacy APIs). - No new external dependencies. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #144
83 lines
2.6 KiB
PHP
83 lines
2.6 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\RestoreRunResource;
|
|
use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
|
|
use App\Models\BackupSet;
|
|
use App\Models\RestoreRun;
|
|
use App\Models\Tenant;
|
|
use App\Support\Auth\UiTooltips;
|
|
use Filament\Facades\Filament;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Http;
|
|
use Livewire\Livewire;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function (): void {
|
|
Http::preventStrayRequests();
|
|
});
|
|
|
|
test('non-members are denied access to RestoreRun tenant routes (404)', function () {
|
|
$tenant = Tenant::factory()->create();
|
|
$otherTenant = Tenant::factory()->create();
|
|
|
|
[$user] = createUserWithTenant($otherTenant, role: 'owner');
|
|
|
|
$this->actingAs($user)
|
|
->get(RestoreRunResource::getUrl('index', tenant: $tenant))
|
|
->assertStatus(404);
|
|
});
|
|
|
|
test('members without capability see RestoreRun actions disabled with standard tooltip and cannot execute', function () {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user] = createUserWithTenant($tenant, role: 'readonly');
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'status' => 'completed',
|
|
]);
|
|
|
|
$restoreRun = RestoreRun::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'backup_set_id' => $backupSet->getKey(),
|
|
'status' => 'completed',
|
|
'deleted_at' => null,
|
|
]);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListRestoreRuns::class)
|
|
->assertTableActionDisabled('archive', $restoreRun)
|
|
->assertTableActionExists('archive', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $restoreRun)
|
|
->callTableAction('archive', $restoreRun);
|
|
|
|
expect($restoreRun->fresh()->trashed())->toBeFalse();
|
|
});
|
|
|
|
test('members with capability can execute RestoreRun actions', function () {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user] = createUserWithTenant($tenant, role: 'owner');
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'status' => 'completed',
|
|
]);
|
|
|
|
$restoreRun = RestoreRun::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
'backup_set_id' => $backupSet->getKey(),
|
|
'status' => 'completed',
|
|
'deleted_at' => null,
|
|
]);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::actingAs($user)
|
|
->test(ListRestoreRuns::class)
|
|
->assertTableActionEnabled('archive', $restoreRun)
|
|
->callTableAction('archive', $restoreRun);
|
|
|
|
expect($restoreRun->fresh()->trashed())->toBeTrue();
|
|
});
|