ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8cd125e398
TenantAtlas/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
Ahmed Darrazi 8cd125e398
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m45s
Details
feat: implement environment CTA explicit filter contract
2026-05-16 13:49:05 +02:00

1465 lines
54 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Filament\Pages\Reviews;
use App\Filament\Resources\EnvironmentReviewResource;
use App\Models\EnvironmentReview;
use App\Models\EvidenceSnapshot;
use App\Models\FindingException;
use App\Models\ManagedEnvironment;
use App\Models\ReviewPack;
use App\Models\User;
use App\Models\Workspace;
use App\Services\Audit\WorkspaceAuditLogger;
use App\Services\EnvironmentReviews\EnvironmentReviewRegisterService;
use App\Services\ReviewPackService;
use App\Support\Audit\AuditActionId;
use App\Support\Auth\Capabilities;
use App\Support\EnvironmentReviewCompletenessState;
use App\Support\Filament\CanonicalAdminTenantFilterState;
use App\Support\Filament\TablePaginationProfiles;
use App\Support\Findings\FindingOutcomeSemantics;
use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
use App\Support\Navigation\CanonicalNavigationContext;
use App\Support\Navigation\WorkspaceHubEnvironmentFilter;
use App\Support\ReviewPackStatus;
use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceSlot;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceType;
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthEnvelope;
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
use App\Support\Ui\GovernanceArtifactTruth\CompressedGovernanceOutcome;
use App\Support\Ui\GovernanceArtifactTruth\SurfaceCompressionContext;
use App\Support\Workspaces\WorkspaceContext;
use BackedEnum;
use Filament\Actions\Action;
use Filament\Pages\Page;
use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Concerns\InteractsWithTable;
use Filament\Tables\Contracts\HasTable;
use Filament\Tables\Filters\SelectFilter;
use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Str;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use UnitEnum;
class CustomerReviewWorkspace extends Page implements HasTable
{
use InteractsWithTable;
public const string DETAIL_CONTEXT_QUERY_KEY = 'customer_workspace';
public const string SOURCE_SURFACE = 'customer_review_workspace';
protected static bool $isDiscovered = false;
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-document-text';
protected static string|UnitEnum|null $navigationGroup = 'Reporting';
protected static ?string $navigationLabel = 'Customer reviews';
protected static ?int $navigationSort = 44;
protected static ?string $title = 'Customer Review Workspace';
protected static ?string $slug = 'reviews/workspace';
protected string $view = 'filament.pages.reviews.customer-review-workspace';
public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
{
return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::RunLog, ActionSurfaceType::ReadOnlyRegistryReport)
->satisfy(ActionSurfaceSlot::ListHeader, 'Header actions provide a single Clear filters action for the customer review workspace.')
->satisfy(ActionSurfaceSlot::InspectAffordance, ActionSurfaceInspectAffordance::PrimaryLinkColumn->value)
->withPrimaryLinkColumnReason('Only the dedicated review-open column should navigate away; the rest of the row stays comparative workspace context.')
->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'The customer review workspace remains scan-first and does not expose bulk actions.')
->satisfy(ActionSurfaceSlot::ListEmptyState, 'The empty state keeps exactly one Clear filters CTA when filters are active.')
->exempt(ActionSurfaceSlot::DetailHeader, 'The dedicated open link column opens the latest published review detail instead of an inline canonical detail panel.');
}
public static function getNavigationGroup(): string
{
return __('localization.review.reporting');
}
public static function getNavigationLabel(): string
{
return __('localization.review.customer_reviews');
}
public function getTitle(): string
{
return __('localization.review.customer_review_workspace');
}
public static function tenantPrefilterUrl(ManagedEnvironment $tenant): string
{
return static::getUrl(panel: 'admin').'?'.http_build_query([
'environment_id' => (int) $tenant->getKey(),
]);
}
/**
* @var array<int, ManagedEnvironment>|null
*/
private ?array $authorizedTenants = null;
public function mount(): void
{
$this->authorizePageAccess();
if (! request()->query->has('environment_id')) {
app(CanonicalAdminTenantFilterState::class)
->forgetEnvironmentLikeFilters($this->getTableFiltersSessionKey(), request());
}
$this->applyRequestedTenantPrefilter();
$this->mountInteractsWithTable();
$this->auditWorkspaceOpen();
}
protected function getHeaderActions(): array
{
$actions = [];
$governanceContext = $this->incomingGovernanceContext();
if ($governanceContext?->backLinkUrl !== null) {
$actions[] = Action::make('return_to_governance_inbox')
->label($governanceContext->backLinkLabel ?? 'Back to governance inbox')
->icon('heroicon-o-arrow-left')
->color('gray')
->url($governanceContext->backLinkUrl);
}
$actions[] = Action::make('clear_filters')
->label(__('localization.review.clear_filters'))
->icon('heroicon-o-x-mark')
->color('gray')
->visible(fn (): bool => $this->hasActiveFilters())
->action(function (): void {
$this->clearWorkspaceFilters();
});
return $actions;
}
public function table(Table $table): Table
{
return $table
->query(fn (): Builder => $this->workspaceQuery())
->defaultSort('name')
->paginated(TablePaginationProfiles::customPage())
->persistFiltersInSession()
->persistSearchInSession()
->persistSortInSession()
->recordUrl(null)
->columns([
TextColumn::make('name')->label('Environment')->searchable(),
TextColumn::make('package_availability')
->label(__('localization.review.governance_package'))
->width('9rem')
->extraHeaderAttributes(['class' => 'whitespace-normal'])
->badge()
->getStateUsing(fn (ManagedEnvironment $record): string => $this->governancePackageAvailabilityLabel($record))
->color(fn (ManagedEnvironment $record): string => $this->governancePackageAvailabilityColor($record))
->tooltip(fn (ManagedEnvironment $record): string => $this->governancePackageAvailability($record)['description']),
TextColumn::make('latest_review')
->label(__('localization.review.status'))
->width('9rem')
->badge()
->getStateUsing(fn (ManagedEnvironment $record): string => $this->latestReviewStateLabel($record))
->color(fn (ManagedEnvironment $record): string => $this->latestReviewStateColor($record)),
TextColumn::make('evidence_proof_state')
->label(__('localization.review.evidence_status'))
->width('8rem')
->badge()
->getStateUsing(fn (ManagedEnvironment $record): string => $this->evidenceStatusLabel($record))
->color(fn (ManagedEnvironment $record): string => $this->evidenceStatusColor($record)),
TextColumn::make('recommended_next_action')
->label(__('localization.review.next_step'))
->width('10rem')
->extraHeaderAttributes(['class' => 'whitespace-normal'])
->getStateUsing(fn (ManagedEnvironment $record): string => $this->controlRecommendedNextAction($record))
->wrap(),
TextColumn::make('open_review')
->label(__('localization.review.open'))
->width('8rem')
->getStateUsing(fn (): string => __('localization.review.open_review'))
->url(fn (ManagedEnvironment $record): ?string => $this->latestReviewUrl($record))
->color('primary'),
])
->filters([
SelectFilter::make('managed_environment_id')
->label('Environment')
->options(fn (): array => $this->tenantFilterOptions())
->default(fn (): ?string => $this->defaultTenantFilter())
->query(function (Builder $query, array $data): Builder {
$tenantId = $data['value'] ?? null;
return is_numeric($tenantId)
? $query->whereKey((int) $tenantId)
: $query;
})
->searchable(),
])
->actions([])
->bulkActions([])
->emptyStateHeading(fn (): string => $this->workspaceEmptyStateHeading())
->emptyStateDescription(fn (): string => $this->workspaceEmptyStateDescription())
->emptyStateActions([
Action::make('clear_filters_empty')
->label(__('localization.review.clear_filters'))
->icon('heroicon-o-x-mark')
->color('gray')
->visible(fn (): bool => $this->hasActiveFilters())
->action(fn (): mixed => $this->clearWorkspaceFilters()),
]);
}
/**
* @return array<int, ManagedEnvironment>
*/
public function authorizedTenants(): array
{
if ($this->authorizedTenants !== null) {
return $this->authorizedTenants;
}
$user = auth()->user();
$workspace = $this->workspace();
if (! $user instanceof User || ! $workspace instanceof Workspace) {
return $this->authorizedTenants = [];
}
return $this->authorizedTenants = app(EnvironmentReviewRegisterService::class)->authorizedTenants($user, $workspace);
}
public function activeEnvironmentFilterLabel(): ?string
{
return $this->filteredTenant()?->name;
}
/**
* @return array{label: string, clear_url: string}|null
*/
public function environmentFilterChip(): ?array
{
$tenant = $this->filteredTenant();
if (! $tenant instanceof ManagedEnvironment) {
return null;
}
return [
'label' => (string) $tenant->name,
'clear_url' => static::getUrl(panel: 'admin'),
];
}
/**
* @return array<string, mixed>|null
*/
public function latestReviewConsumptionPayload(): ?array
{
$tenant = $this->latestReleasedTenant();
if (! $tenant instanceof ManagedEnvironment) {
return null;
}
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return null;
}
$publishedAt = $review->published_at ?? $review->generated_at ?? $review->created_at;
$packageAvailability = $this->governancePackageAvailability($tenant);
$downloadUrl = $this->reviewPackDownloadUrl($review, $tenant);
$reviewUrl = $this->latestReviewUrl($tenant);
return [
'latest' => [
'review_label' => __('localization.review.released_review_for_environment', [
'environment' => $tenant->name,
]),
'environment_label' => $tenant->name,
'status_label' => $this->latestReviewStateLabel($tenant),
'status_color' => $this->latestReviewStateColor($tenant),
'published_label' => $publishedAt instanceof \DateTimeInterface
? $publishedAt->format('M j, Y H:i')
: __('localization.review.unavailable'),
'package_label' => $packageAvailability['label'],
'package_badge_label' => $this->governancePackageAvailabilityLabel($tenant),
'package_color' => $this->governancePackageAvailabilityColor($tenant),
'package_description' => $packageAvailability['description'],
'primary_action_label' => $downloadUrl !== null
? __('localization.review.download_review_pack')
: __('localization.review.open_latest_review'),
'primary_action_url' => $downloadUrl ?? $reviewUrl,
'primary_action_icon' => $downloadUrl !== null
? 'heroicon-o-arrow-down-tray'
: 'heroicon-o-arrow-top-right-on-square',
'secondary_action_label' => $downloadUrl !== null ? __('localization.review.open_review') : null,
'secondary_action_url' => $downloadUrl !== null ? $reviewUrl : null,
],
'decision' => $this->decisionSummaryForReview($review),
'accepted_risks' => $this->acceptedRisksForReview($review),
'evidence_basis' => $this->evidenceBasisForReview($review, $packageAvailability),
];
}
private function authorizePageAccess(): void
{
$user = auth()->user();
$workspace = $this->workspace();
if (! $user instanceof User) {
abort(403);
}
if (! $workspace instanceof Workspace) {
throw new NotFoundHttpException;
}
$service = app(EnvironmentReviewRegisterService::class);
if (! $service->canAccessWorkspace($user, $workspace)) {
throw new NotFoundHttpException;
}
if ($this->authorizedTenants() === []) {
throw new NotFoundHttpException;
}
}
private function auditWorkspaceOpen(): void
{
$user = auth()->user();
$workspace = $this->workspace();
if (! $user instanceof User || ! $workspace instanceof Workspace) {
return;
}
app(WorkspaceAuditLogger::class)->log(
workspace: $workspace,
action: AuditActionId::CustomerReviewWorkspaceOpened,
context: [
'metadata' => [
'source_surface' => self::SOURCE_SURFACE,
'tenant_filter_id' => $this->currentTenantFilterId(),
'entitled_tenant_count' => count($this->authorizedTenants()),
'interpretation_version' => $this->currentTenantFilterInterpretationVersion(),
'interpretation_versions' => $this->visibleInterpretationVersions(),
],
],
actor: $user,
resourceType: 'customer_review_workspace',
resourceId: (string) $workspace->getKey(),
targetLabel: __('localization.review.customer_review_workspace'),
);
}
private function workspaceQuery(): Builder
{
$user = auth()->user();
$workspace = $this->workspace();
if (! $user instanceof User || ! $workspace instanceof Workspace) {
return ManagedEnvironment::query()->whereRaw('1 = 0');
}
return app(EnvironmentReviewRegisterService::class)->customerWorkspaceTenantQuery($user, $workspace);
}
/**
* @return array<string, string>
*/
private function tenantFilterOptions(): array
{
return collect($this->authorizedTenants())
->mapWithKeys(static fn (ManagedEnvironment $tenant): array => [
(string) $tenant->getKey() => $tenant->name,
])
->all();
}
private function defaultTenantFilter(): ?string
{
return null;
}
private function applyRequestedTenantPrefilter(): void
{
$workspace = $this->workspace();
if (! $workspace instanceof Workspace) {
return;
}
$filter = WorkspaceHubEnvironmentFilter::fromRequest(request(), $workspace);
if (! $filter instanceof WorkspaceHubEnvironmentFilter) {
return;
}
$environmentId = $filter->environmentId();
foreach ($this->authorizedTenants() as $tenant) {
if ((int) $tenant->getKey() === $environmentId) {
$this->tableFilters['managed_environment_id']['value'] = (string) $environmentId;
$this->tableDeferredFilters['managed_environment_id']['value'] = (string) $environmentId;
return;
}
}
throw new NotFoundHttpException;
}
private function hasActiveFilters(): bool
{
return $this->currentTenantFilterId() !== null;
}
private function clearWorkspaceFilters(): void
{
$this->removeTableFilters();
}
private function workspaceEmptyStateHeading(): string
{
return $this->filteredViewHasNoReleasedReviewsButWorkspaceHasMatches()
? __('localization.review.filtered_no_released_customer_reviews')
: __('localization.review.no_released_customer_reviews');
}
private function workspaceEmptyStateDescription(): string
{
if ($this->filteredViewHasNoReleasedReviewsButWorkspaceHasMatches()) {
return __('localization.review.filtered_no_released_customer_reviews_description');
}
return __('localization.review.no_released_customer_reviews_description');
}
private function filteredViewHasNoReleasedReviewsButWorkspaceHasMatches(): bool
{
$tenantFilterId = $this->currentTenantFilterId();
$user = auth()->user();
$workspace = $this->workspace();
if ($tenantFilterId === null || ! $user instanceof User || ! $workspace instanceof Workspace) {
return false;
}
$selectedTenantHasReleasedReview = EnvironmentReview::query()
->forWorkspace((int) $workspace->getKey())
->where('managed_environment_id', $tenantFilterId)
->published()
->exists();
if ($selectedTenantHasReleasedReview) {
return false;
}
return app(EnvironmentReviewRegisterService::class)
->latestPublishedQuery($user, $workspace)
->exists();
}
private function currentTenantFilterId(): ?int
{
$tenantFilter = data_get($this->tableFilters, 'managed_environment_id.value');
if (! is_numeric($tenantFilter)) {
$tenantFilter = data_get(session()->get($this->getTableFiltersSessionKey(), []), 'managed_environment_id.value');
}
return is_numeric($tenantFilter) ? (int) $tenantFilter : null;
}
private function filteredTenant(): ?ManagedEnvironment
{
$tenantId = $this->currentTenantFilterId();
if (! is_int($tenantId)) {
return null;
}
foreach ($this->authorizedTenants() as $tenant) {
if ((int) $tenant->getKey() === $tenantId) {
return $tenant;
}
}
return null;
}
private function workspace(): ?Workspace
{
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
return is_numeric($workspaceId)
? Workspace::query()->whereKey((int) $workspaceId)->first()
: null;
}
private function latestReleasedTenant(): ?ManagedEnvironment
{
$user = auth()->user();
$workspace = $this->workspace();
if (! $user instanceof User || ! $workspace instanceof Workspace) {
return null;
}
$query = app(EnvironmentReviewRegisterService::class)->latestPublishedQuery($user, $workspace);
$tenantFilterId = $this->currentTenantFilterId();
if ($tenantFilterId !== null) {
$query->where('managed_environment_id', $tenantFilterId);
}
$review = $query->first();
if (! $review instanceof EnvironmentReview || ! $review->tenant instanceof ManagedEnvironment) {
return null;
}
$tenant = $review->tenant;
$tenant->setRelation('environmentReviews', $review->newCollection([$review]));
return $tenant;
}
private function latestPublishedReview(ManagedEnvironment $tenant): ?EnvironmentReview
{
$review = $tenant->environmentReviews->first();
return $review instanceof EnvironmentReview ? $review : null;
}
private function latestReviewUrl(ManagedEnvironment $tenant): ?string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return null;
}
$query = array_filter(
array_replace(
[self::DETAIL_CONTEXT_QUERY_KEY => 1],
[
'source_surface' => self::SOURCE_SURFACE,
'tenant_filter_id' => $this->currentTenantFilterId(),
],
$this->navigationContext()?->toQuery() ?? [],
),
static fn (mixed $value): bool => $value !== null && $value !== '',
);
return $this->appendQuery(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant), $query);
}
private function reviewPackDownloadUrl(EnvironmentReview $review, ManagedEnvironment $tenant): ?string
{
$pack = $review->currentExportReviewPack;
$user = auth()->user();
if (! $pack instanceof ReviewPack || ! $user instanceof User) {
return null;
}
if ($this->governancePackageAvailability($tenant)['state'] !== 'available') {
return null;
}
if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
return null;
}
if ($pack->status !== ReviewPackStatus::Ready->value) {
return null;
}
if ($pack->expires_at !== null && $pack->expires_at->isPast()) {
return null;
}
if (! filled($pack->file_path) || ! filled($pack->file_disk)) {
return null;
}
return app(ReviewPackService::class)->generateDownloadUrl($pack, [
'source_surface' => self::SOURCE_SURFACE,
'review_id' => (int) $review->getKey(),
'tenant_filter_id' => (string) ($this->currentTenantFilterId() ?? $tenant->getKey()),
'interpretation_version' => $review->controlInterpretationVersion(),
]);
}
private function latestPublishedAt(ManagedEnvironment $tenant): ?\Illuminate\Support\Carbon
{
return $this->latestPublishedReview($tenant)?->published_at;
}
private function reviewTruth(ManagedEnvironment $tenant): ?ArtifactTruthEnvelope
{
$review = $this->latestPublishedReview($tenant);
return $review instanceof EnvironmentReview
? app(ArtifactTruthPresenter::class)->forEnvironmentReview($review)
: null;
}
private function reviewOutcome(ManagedEnvironment $tenant): ?CompressedGovernanceOutcome
{
$presenter = app(ArtifactTruthPresenter::class);
$review = $this->latestPublishedReview($tenant);
$truth = $this->reviewTruth($tenant);
if (! $review instanceof EnvironmentReview || ! $truth instanceof ArtifactTruthEnvelope) {
return null;
}
return $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::reviewRegister())
?? $presenter->compressedOutcomeFromEnvelope($truth, SurfaceCompressionContext::reviewRegister());
}
private function latestReviewStateLabel(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return __('localization.review.no_published_review');
}
return $this->workspaceReviewNeedsAttention($tenant)
? __('localization.review.review_requires_attention')
: __('localization.review.ready_for_release');
}
private function latestReviewStateColor(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return 'gray';
}
$packageState = $this->governancePackageAvailability($tenant)['state'];
if (! $this->workspaceReviewNeedsAttention($tenant)) {
return 'success';
}
return in_array($packageState, ['expired', 'unavailable'], true)
? 'danger'
: 'warning';
}
private function latestReviewStateIcon(ManagedEnvironment $tenant): ?string
{
return $this->reviewOutcome($tenant)?->primaryBadge->icon;
}
private function latestReviewStateIconColor(ManagedEnvironment $tenant): ?string
{
return $this->reviewOutcome($tenant)?->primaryBadge->iconColor;
}
private function reviewOutcomeDescription(ManagedEnvironment $tenant): ?string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return __('localization.review.no_published_review_available');
}
$primaryReason = $this->reviewOutcome($tenant)?->primaryReason;
$summary = is_array($review->summary) ? $review->summary : [];
$findingOutcomes = $summary['finding_outcomes'] ?? null;
if (! is_array($findingOutcomes)) {
return $primaryReason;
}
$findingOutcomeSummary = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);
if ($findingOutcomeSummary === null) {
return $primaryReason;
}
return trim($primaryReason.' '.__('localization.review.terminal_outcomes').': '.$findingOutcomeSummary.'.');
}
private function controlReadinessLabel(ManagedEnvironment $tenant): string
{
$control = $this->primaryControlSummary($tenant);
if ($control === null) {
return __('localization.review.control_readiness_unmapped');
}
$label = $control['readiness_label'] ?? null;
return is_string($label) && trim($label) !== ''
? $label
: ComplianceEvidenceMappingV1::readinessLabel((string) ($control['readiness_bucket'] ?? 'review_recommended'));
}
/**
* @return array<string, mixed>
*/
private function governancePackageSummary(ManagedEnvironment $tenant): array
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return [];
}
return $this->governancePackageSummaryForReview($review);
}
/**
* @return array<string, mixed>
*/
private function governancePackageSummaryForReview(EnvironmentReview $review): array
{
$summary = is_array($review->summary) ? $review->summary : [];
$package = is_array($summary['governance_package'] ?? null) ? $summary['governance_package'] : [];
return $package;
}
/**
* @return array{state:string,label:string,description:string}
*/
private function governancePackageAvailability(ManagedEnvironment $tenant): array
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return [
'state' => 'unavailable',
'label' => __('localization.review.governance_package_unavailable'),
'description' => __('localization.review.no_published_review_available'),
];
}
$pack = $review->currentExportReviewPack;
$user = auth()->user();
$decisionSummary = data_get($this->governancePackageSummaryForReview($review), 'decision_summary');
$isPartialReview = is_array($decisionSummary) && (
in_array((string) ($decisionSummary['status'] ?? ''), ['unavailable', 'incomplete'], true)
|| (string) ($decisionSummary['decision_data_state'] ?? '') === 'incomplete'
|| in_array((string) ($decisionSummary['evidence_state'] ?? ''), [
EnvironmentReviewCompletenessState::Partial->value,
EnvironmentReviewCompletenessState::Stale->value,
EnvironmentReviewCompletenessState::Missing->value,
], true)
);
if (! $pack instanceof ReviewPack) {
return [
'state' => 'not_available',
'label' => __('localization.review.review_pack_not_available_yet'),
'description' => __('localization.review.review_pack_not_available_yet_description'),
];
}
if (! $user instanceof User || ! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
return [
'state' => 'unavailable',
'label' => __('localization.review.unavailable'),
'description' => __('localization.review.review_pack_unavailable_customer_description'),
];
}
if ($pack->status === ReviewPackStatus::Expired->value || ($pack->expires_at !== null && $pack->expires_at->isPast())) {
return [
'state' => 'expired',
'label' => __('localization.review.governance_package_expired'),
'description' => __('localization.review.governance_package_expired_description'),
];
}
if (in_array($pack->status, [ReviewPackStatus::Queued->value, ReviewPackStatus::Generating->value], true)) {
return [
'state' => 'preparing',
'label' => __('localization.review.review_pack_preparing'),
'description' => __('localization.review.review_pack_preparing_description'),
];
}
if ($pack->status !== ReviewPackStatus::Ready->value) {
return [
'state' => 'unavailable',
'label' => __('localization.review.unavailable'),
'description' => __('localization.review.review_pack_unavailable_customer_description'),
];
}
if (! filled($pack->file_path) || ! filled($pack->file_disk)) {
return [
'state' => 'not_available',
'label' => __('localization.review.review_pack_not_available_yet'),
'description' => __('localization.review.review_pack_not_available_yet_description'),
];
}
if ($isPartialReview) {
return [
'state' => 'evidence_incomplete',
'label' => __('localization.review.review_pack_evidence_incomplete'),
'description' => __('localization.review.review_pack_evidence_incomplete_description'),
];
}
return [
'state' => 'available',
'label' => __('localization.review.available'),
'description' => __('localization.review.review_pack_available_customer_description'),
];
}
private function governancePackageAvailabilityLabel(ManagedEnvironment $tenant): string
{
return match ($this->governancePackageAvailability($tenant)['state']) {
'available' => __('localization.review.available'),
'evidence_incomplete' => __('localization.review.review_pack_evidence_incomplete'),
'not_available' => __('localization.review.review_pack_not_available_yet'),
'preparing' => __('localization.review.review_pack_preparing'),
'expired' => __('localization.review.expired'),
default => __('localization.review.unavailable'),
};
}
private function governancePackageAvailabilityColor(ManagedEnvironment $tenant): string
{
return match ($this->governancePackageAvailability($tenant)['state']) {
'available' => 'success',
'evidence_incomplete', 'preparing' => 'warning',
'expired', 'unavailable' => 'danger',
default => 'gray',
};
}
private function governancePackageTeaser(ManagedEnvironment $tenant): string
{
$package = $this->governancePackageSummary($tenant);
$executiveSummary = $package['executive_summary'] ?? null;
if (is_string($executiveSummary) && trim($executiveSummary) !== '') {
return $executiveSummary;
}
return $this->governancePackageAvailability($tenant)['description'];
}
/**
* @return array<string, mixed>
*/
private function decisionSummaryForReview(EnvironmentReview $review): array
{
$package = $this->governancePackageSummaryForReview($review);
$decisionSummary = is_array($package['decision_summary'] ?? null) ? $package['decision_summary'] : [];
if ($decisionSummary === []) {
return [
'status' => 'unavailable',
'label' => __('localization.review.decision_evidence_unavailable'),
'color' => 'warning',
'total_count' => 0,
'summary' => __('localization.review.decision_summary_unavailable_description'),
'next_action' => __('localization.review.decision_summary_unavailable_next_action'),
'entries' => [],
];
}
$status = (string) ($decisionSummary['status'] ?? 'unavailable');
if (! in_array($status, ['none', 'requires_awareness', 'unavailable', 'incomplete'], true)) {
$status = 'unavailable';
}
$entries = collect($decisionSummary['entries'] ?? [])
->filter(static fn (mixed $entry): bool => is_array($entry))
->map(fn (array $entry): array => [
'title' => $this->customerSafeText($entry['title'] ?? null, __('localization.review.governance_decisions')),
'summary' => $this->customerSafeText($entry['summary'] ?? null, __('localization.review.decision_entry_customer_safe_summary')),
'next_action' => $this->customerSafeText($entry['next_action'] ?? null, __('localization.review.decision_summary_requires_awareness_next_action')),
])
->take(3)
->values()
->all();
return [
'status' => $status,
'label' => $this->decisionSummaryLabel($status),
'color' => $this->decisionSummaryColor($status),
'total_count' => (int) ($decisionSummary['total_count'] ?? count($entries)),
'summary' => $this->customerSafeText(
$decisionSummary['summary'] ?? null,
$this->decisionSummaryFallbackText($status),
),
'next_action' => $this->customerSafeText(
$decisionSummary['next_action'] ?? null,
$this->decisionSummaryFallbackNextAction($status),
),
'entries' => $entries,
];
}
private function decisionSummaryLabel(string $status): string
{
return match ($status) {
'requires_awareness' => __('localization.review.governance_decisions_requiring_awareness'),
'none' => __('localization.review.no_decisions_require_awareness'),
'incomplete' => __('localization.review.decision_evidence_incomplete'),
default => __('localization.review.decision_evidence_unavailable'),
};
}
private function decisionSummaryColor(string $status): string
{
return match ($status) {
'requires_awareness' => 'warning',
'none' => 'success',
default => 'gray',
};
}
private function decisionSummaryFallbackText(string $status): string
{
return match ($status) {
'requires_awareness' => __('localization.review.decision_summary_requires_awareness_description'),
'none' => __('localization.review.no_decisions_require_awareness_description'),
'incomplete' => __('localization.review.decision_summary_incomplete_description'),
default => __('localization.review.decision_summary_unavailable_description'),
};
}
private function decisionSummaryFallbackNextAction(string $status): string
{
return match ($status) {
'requires_awareness' => __('localization.review.decision_summary_requires_awareness_next_action'),
'none' => __('localization.review.no_decisions_require_awareness_next_action'),
'incomplete' => __('localization.review.decision_summary_incomplete_next_action'),
default => __('localization.review.decision_summary_unavailable_next_action'),
};
}
/**
* @return array{count:int,entries:list<array<string, string>>,empty_state:string}
*/
private function acceptedRisksForReview(EnvironmentReview $review): array
{
$package = $this->governancePackageSummaryForReview($review);
$entries = collect($package['accepted_risks'] ?? [])
->filter(static fn (mixed $entry): bool => is_array($entry))
->map(fn (array $entry): array => [
'title' => $this->customerSafeText($entry['title'] ?? null, __('localization.review.accepted_risk_state_on_record')),
'state_label' => $this->acceptedRiskStateLabel(is_string($entry['governance_state'] ?? null) ? $entry['governance_state'] : null),
'summary' => $this->customerSafeText(
$entry['customer_summary'] ?? null,
__('localization.review.accepted_risk_customer_safe_summary'),
),
])
->values();
return [
'count' => $entries->count(),
'entries' => $entries->take(3)->all(),
'empty_state' => __('localization.review.no_accepted_risks_recorded'),
];
}
private function acceptedRiskStateLabel(?string $state): string
{
return match ($state) {
'valid_exception' => __('localization.review.accepted_risk_state_current'),
'expiring_exception' => __('localization.review.accepted_risk_state_review_due'),
default => __('localization.review.accepted_risk_state_on_record'),
};
}
/**
* @param array{state:string,label:string,description:string} $packageAvailability
* @return array<string, string>
*/
private function evidenceBasisForReview(EnvironmentReview $review, array $packageAvailability): array
{
$package = $this->governancePackageSummaryForReview($review);
$decision = $this->decisionSummaryForReview($review);
$pack = $review->currentExportReviewPack;
$state = match (true) {
$package === [] => 'unavailable',
! $pack instanceof ReviewPack => 'not_generated',
$packageAvailability['state'] === 'evidence_incomplete' || $decision['status'] === 'incomplete' => 'incomplete',
$decision['status'] === 'unavailable' => 'unavailable',
$decision['status'] === 'none' => 'no_awareness_required',
default => 'complete',
};
return [
'state' => $state,
'label' => $this->evidenceBasisLabel($state),
'summary' => $this->evidenceBasisSummary($state),
'color' => $this->evidenceBasisColor($state),
];
}
private function evidenceBasisLabel(string $state): string
{
return match ($state) {
'complete' => __('localization.review.evidence_basis_complete'),
'no_awareness_required' => __('localization.review.evidence_basis_no_awareness_required'),
'incomplete' => __('localization.review.evidence_basis_incomplete'),
'not_generated' => __('localization.review.evidence_basis_not_generated'),
default => __('localization.review.evidence_basis_unavailable'),
};
}
private function evidenceBasisSummary(string $state): string
{
return match ($state) {
'complete' => __('localization.review.evidence_basis_complete_description'),
'no_awareness_required' => __('localization.review.evidence_basis_no_awareness_required_description'),
'incomplete' => __('localization.review.evidence_basis_incomplete_description'),
'not_generated' => __('localization.review.evidence_basis_not_generated_description'),
default => __('localization.review.evidence_basis_unavailable_description'),
};
}
private function evidenceBasisColor(string $state): string
{
return match ($state) {
'complete', 'no_awareness_required' => 'success',
'incomplete' => 'warning',
default => 'gray',
};
}
private function customerSafeText(mixed $value, string $fallback, int $limit = 220): string
{
if (! is_string($value) || trim($value) === '') {
return $fallback;
}
return Str::limit(trim($value), $limit);
}
private function controlReadinessColor(ManagedEnvironment $tenant): string
{
return match ((string) ($this->primaryControlSummary($tenant)['readiness_bucket'] ?? 'unmapped')) {
'follow_up_required' => 'warning',
'review_recommended' => 'info',
'evidence_on_record' => 'success',
default => 'gray',
};
}
private function controlReadinessDescription(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return __('localization.review.no_published_review_available');
}
$controls = $review->controlInterpretationControls();
if ($controls === []) {
return __('localization.review.control_readiness_unmapped_description');
}
$summary = collect($controls)
->take(2)
->map(function (array $control): string {
$name = is_string($control['control_name'] ?? null) ? $control['control_name'] : __('localization.review.control');
$label = is_string($control['readiness_label'] ?? null)
? $control['readiness_label']
: ComplianceEvidenceMappingV1::readinessLabel((string) ($control['readiness_bucket'] ?? 'review_recommended'));
return $name.': '.$label;
})
->implode(' · ');
$remaining = count($controls) - 2;
if ($remaining > 0) {
$summary .= ' · '.__('localization.review.additional_controls', ['count' => $remaining]);
}
$limitations = $this->controlLimitationSummary($review);
return trim($summary.($limitations !== null ? ' '.$limitations : ''));
}
private function controlEvidenceBasisSummary(ManagedEnvironment $tenant): string
{
$control = $this->primaryControlSummary($tenant);
if ($control === null) {
return __('localization.review.control_evidence_unmapped');
}
$summary = $control['evidence_basis_summary'] ?? null;
return is_string($summary) && trim($summary) !== ''
? $summary
: __('localization.review.control_evidence_unavailable');
}
private function controlRecommendedNextAction(ManagedEnvironment $tenant): string
{
if ($this->primaryControlSummary($tenant) === null) {
return __('localization.review.workspace_next_step_control_mapping');
}
if ($this->evidenceStatusState($tenant) !== 'available') {
return __('localization.review.workspace_next_step_evidence_review');
}
return match ($this->governancePackageAvailability($tenant)['state']) {
'available' => __('localization.review.workspace_next_step_package_review'),
'evidence_incomplete' => __('localization.review.workspace_next_step_evidence_review'),
default => __('localization.review.workspace_next_step_review_open'),
};
}
private function workspaceReviewNeedsAttention(ManagedEnvironment $tenant): bool
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return true;
}
if ($this->primaryControlSummary($tenant) === null) {
return true;
}
if ($this->evidenceStatusState($tenant) !== 'available') {
return true;
}
return $this->governancePackageAvailability($tenant)['state'] !== 'available';
}
private function evidenceStatusState(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return 'pending';
}
$snapshot = $review->evidenceSnapshot;
$user = auth()->user();
if (! $snapshot instanceof EvidenceSnapshot) {
return 'pending';
}
if (! $user instanceof User || ! $user->can(Capabilities::EVIDENCE_VIEW, $tenant)) {
return 'restricted';
}
if ((string) $snapshot->status === 'expired' || ($snapshot->expires_at !== null && $snapshot->expires_at->isPast())) {
return 'expired';
}
return 'available';
}
private function evidenceStatusLabelForState(string $state): string
{
return match ($state) {
'available' => __('localization.review.available'),
'restricted' => __('localization.review.restricted'),
'expired' => __('localization.review.expired'),
default => __('localization.review.pending'),
};
}
private function evidenceStatusColorForState(string $state): string
{
return match ($state) {
'available' => 'success',
'restricted', 'expired' => 'danger',
default => 'gray',
};
}
private function controlRecommendedNextActionDescription(ManagedEnvironment $tenant): string
{
$control = $this->primaryControlSummary($tenant);
if ($control === null) {
return __('localization.review.control_recommendation_unmapped');
}
$action = $control['recommended_next_action'] ?? null;
return is_string($action) && trim($action) !== ''
? $action
: __('localization.review.no_action_needed');
}
/**
* @return array<string, mixed>|null
*/
private function primaryControlSummary(ManagedEnvironment $tenant): ?array
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return null;
}
$controls = collect($review->controlInterpretationControls());
return $controls
->sortBy(static fn (array $control): int => match ((string) ($control['readiness_bucket'] ?? '')) {
'follow_up_required' => 0,
'review_recommended' => 1,
'evidence_on_record' => 2,
default => 3,
})
->first();
}
private function controlLimitationSummary(EnvironmentReview $review): ?string
{
$counts = $review->controlInterpretationLimitationCounts();
if ($counts === []) {
return null;
}
$labels = collect($counts)
->filter(static fn (int $count): bool => $count > 0)
->keys()
->map(static fn (string $flag): string => ComplianceEvidenceMappingV1::limitationLabel($flag))
->values()
->all();
return $labels === []
? null
: __('localization.review.control_limitations_summary', ['limitations' => implode(', ', $labels)]);
}
private function findingSummary(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return __('localization.review.no_published_review_available');
}
$summary = is_array($review->summary) ? $review->summary : [];
$findingCount = (int) ($summary['finding_count'] ?? 0);
$findingOutcomes = is_array($summary['finding_outcomes'] ?? null) ? $summary['finding_outcomes'] : [];
$terminalOutcomes = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);
if ($findingCount === 0) {
return __('localization.review.no_findings_recorded');
}
if ($terminalOutcomes === null) {
return __('localization.review.findings_count_summary', ['count' => $findingCount]);
}
return __('localization.review.findings_count_with_outcomes', [
'count' => $findingCount,
'outcomes' => $terminalOutcomes,
]);
}
private function acceptedRiskSummary(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return __('localization.review.no_published_review_available');
}
$summary = is_array($review->summary) ? $review->summary : [];
$riskAcceptance = is_array($summary['risk_acceptance'] ?? null) ? $summary['risk_acceptance'] : [];
$statusMarkedCount = (int) ($riskAcceptance['status_marked_count'] ?? 0);
$validGovernedCount = (int) ($riskAcceptance['valid_governed_count'] ?? 0);
$warningCount = (int) ($riskAcceptance['warning_count'] ?? 0);
$countSummary = match (true) {
$statusMarkedCount === 0 => __('localization.review.no_accepted_risks_recorded'),
$warningCount > 0 => __('localization.review.accepted_risks_need_follow_up', ['warnings' => $warningCount, 'total' => $statusMarkedCount]),
$validGovernedCount > 0 => __('localization.review.accepted_risks_governed', ['count' => $validGovernedCount]),
default => __('localization.review.accepted_risks_on_record', ['count' => $statusMarkedCount]),
};
$accountability = $this->acceptedRiskAccountability($tenant);
return $accountability === null
? $countSummary
: $countSummary.' '.$accountability;
}
private function evidenceProofAvailability(ManagedEnvironment $tenant): string
{
$review = $this->latestPublishedReview($tenant);
if (! $review instanceof EnvironmentReview) {
return __('localization.review.no_published_review_available');
}
$snapshot = $review->evidenceSnapshot;
$user = auth()->user();
if (! $snapshot instanceof EvidenceSnapshot) {
return __('localization.review.evidence_proof_absent');
}
if (! $user instanceof User || ! $user->can(Capabilities::EVIDENCE_VIEW, $tenant)) {
return __('localization.review.evidence_proof_access_unavailable');
}
if ((string) $snapshot->status === 'expired' || ($snapshot->expires_at !== null && $snapshot->expires_at->isPast())) {
return __('localization.review.evidence_proof_expired');
}
return __('localization.review.evidence_proof_available');
}
private function evidenceStatusLabel(ManagedEnvironment $tenant): string
{
return $this->evidenceStatusLabelForState($this->evidenceStatusState($tenant));
}
private function evidenceStatusColor(ManagedEnvironment $tenant): string
{
return $this->evidenceStatusColorForState($this->evidenceStatusState($tenant));
}
/**
* @return list<string>
*/
private function visibleInterpretationVersions(): array
{
$user = auth()->user();
$workspace = $this->workspace();
if (! $user instanceof User || ! $workspace instanceof Workspace) {
return [];
}
return app(EnvironmentReviewRegisterService::class)
->latestPublishedQuery($user, $workspace)
->get()
->map(static fn (EnvironmentReview $review): ?string => $review->controlInterpretationVersion())
->filter()
->unique()
->values()
->all();
}
private function currentTenantFilterInterpretationVersion(): ?string
{
$tenant = $this->filteredTenant();
if (! $tenant instanceof ManagedEnvironment) {
return null;
}
return $tenant->environmentReviews()->published()
->latest('published_at')
->latest('generated_at')
->latest('id')
->first()
?->controlInterpretationVersion();
}
private function acceptedRiskAccountability(ManagedEnvironment $tenant): ?string
{
$exception = FindingException::query()
->with(['owner', 'approver', 'currentDecision'])
->where('workspace_id', (int) $tenant->workspace_id)
->where('managed_environment_id', (int) $tenant->getKey())
->current()
->orderByRaw("case when current_validity_state in ('valid', 'expiring') then 0 else 1 end")
->latest('approved_at')
->latest('requested_at')
->latest('id')
->first();
if (! $exception instanceof FindingException) {
return null;
}
$accountable = $exception->owner?->name
?? $exception->approver?->name;
$decisionType = $exception->currentDecision?->decision_type;
$reviewDue = $exception->review_due_at ?? $exception->expires_at;
$reason = is_string($exception->request_reason) ? trim($exception->request_reason) : '';
$parts = [];
if (is_string($accountable) && trim($accountable) !== '') {
$parts[] = $reviewDue === null
? __('localization.review.accepted_risk_accountable', ['name' => $accountable])
: __('localization.review.accepted_risk_accountable_until', [
'name' => $accountable,
'date' => $reviewDue->toDateString(),
]);
} elseif (is_string($decisionType) && trim($decisionType) !== '') {
$parts[] = __('localization.review.accepted_risk_partial_accountability');
}
if ($reason !== '') {
$parts[] = __('localization.review.accepted_risk_reason', [
'reason' => Str::limit($reason, 160),
]);
}
return $parts === [] ? null : implode(' ', $parts);
}
private function navigationContext(): ?CanonicalNavigationContext
{
return CanonicalNavigationContext::fromRequest(request());
}
private function incomingGovernanceContext(): ?CanonicalNavigationContext
{
$context = $this->navigationContext();
return $context?->sourceSurface === 'governance.inbox'
? $context
: null;
}
/**
* @param array<string, mixed> $query
*/
private function appendQuery(string $url, array $query): string
{
if ($query === []) {
return $url;
}
return $url.(str_contains($url, '?') ? '&' : '?').http_build_query($query);
}
}
Reference in New Issue View Git Blame Copy Permalink