ahmido
1c291fb9fe
## Summary
- add the full Spec 195 residual action-surface design package under `specs/195-action-surface-closure`
- implement residual surface inventory and validator enforcement for uncatalogued system and special Filament pages
- add focused regression coverage for residual guards, system directory pages, managed-tenants landing, and readonly register-tenant / tenant-dashboard access
- fix the system workspace detail surface by loading tenant route keys and disabling lazy system database notifications to avoid the Livewire 404 on `/system/directory/workspaces/{workspace}`
## Testing
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/System/Spec195/SystemDirectoryResidualSurfaceTest.php tests/Feature/Filament/DatabaseNotificationsPollingTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
## Notes
- branch: `195-action-surface-closure`
- target: `dev`
- no new assets, migrations, or provider-registration changes
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #230
128 lines
4.7 KiB
PHP
128 lines
4.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\OperationRun;
|
|
use App\Models\PlatformUser;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Models\Workspace;
|
|
use App\Support\Auth\PlatformCapabilities;
|
|
use App\Support\Providers\ProviderConsentStatus;
|
|
use App\Support\Providers\ProviderVerificationStatus;
|
|
use App\Support\System\SystemDirectoryLinks;
|
|
use App\Support\System\SystemOperationRunLinks;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('requires directory-view capability on residual system directory detail pages', function (): void {
|
|
$workspace = Workspace::factory()->create();
|
|
$tenant = Tenant::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
]);
|
|
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get(SystemDirectoryLinks::tenantDetail($tenant))
|
|
->assertForbidden();
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
|
->assertForbidden();
|
|
});
|
|
|
|
it('keeps the residual system tenant detail page read-mostly and contextual', function (): void {
|
|
$workspace = Workspace::factory()->create(['name' => 'Residual Directory Workspace']);
|
|
$tenant = Tenant::factory()->active()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'name' => 'Residual Directory Tenant',
|
|
]);
|
|
|
|
ProviderConnection::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'provider' => 'microsoft',
|
|
'display_name' => 'Residual Default Connection',
|
|
'is_default' => true,
|
|
'is_enabled' => true,
|
|
'consent_status' => ProviderConsentStatus::Granted->value,
|
|
'verification_status' => ProviderVerificationStatus::Healthy->value,
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
]);
|
|
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::DIRECTORY_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$this->actingAs($platformUser, 'platform')
|
|
->get(SystemDirectoryLinks::tenantDetail($tenant))
|
|
->assertSuccessful()
|
|
->assertSee('Residual Directory Tenant')
|
|
->assertSee('Residual Directory Workspace')
|
|
->assertSee('Connectivity signals')
|
|
->assertSee('Residual Default Connection')
|
|
->assertSee('Open in /admin')
|
|
->assertSee(SystemDirectoryLinks::adminTenant($tenant), false)
|
|
->assertSee('Open operations runs')
|
|
->assertSee(SystemOperationRunLinks::index(), false)
|
|
->assertSee(SystemOperationRunLinks::view($run), false)
|
|
->assertDontSee('Enter break-glass mode')
|
|
->assertDontSee('Emergency: Assign Owner');
|
|
});
|
|
|
|
it('keeps the residual system workspace detail page read-mostly and link-driven', function (): void {
|
|
$workspace = Workspace::factory()->create(['name' => 'Residual Workspace Detail']);
|
|
$tenant = Tenant::factory()->active()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'name' => 'Workspace Detail Tenant',
|
|
]);
|
|
|
|
$run = OperationRun::factory()->create([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
]);
|
|
|
|
$platformUser = PlatformUser::factory()->create([
|
|
'capabilities' => [
|
|
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
|
PlatformCapabilities::DIRECTORY_VIEW,
|
|
],
|
|
'is_active' => true,
|
|
]);
|
|
|
|
$response = $this->actingAs($platformUser, 'platform')
|
|
->get(SystemDirectoryLinks::workspaceDetail($workspace))
|
|
->assertSuccessful()
|
|
->assertSee('Residual Workspace Detail')
|
|
->assertSee('Tenants summary')
|
|
->assertSee('Workspace Detail Tenant')
|
|
->assertSee(SystemDirectoryLinks::tenantDetail($tenant), false)
|
|
->assertSee('Open in /admin')
|
|
->assertSee(SystemDirectoryLinks::adminWorkspace($workspace), false)
|
|
->assertSee('Open operations runs')
|
|
->assertSee(SystemOperationRunLinks::index(), false)
|
|
->assertSee(SystemOperationRunLinks::view($run), false)
|
|
->assertDontSee('Enter break-glass mode')
|
|
->assertDontSee('Emergency: Assign Owner');
|
|
|
|
$html = $response->getContent();
|
|
|
|
expect($html)->toContain('wire:name="Filament\\Livewire\\DatabaseNotifications"');
|
|
expect($html)->not->toContain('__lazyLoad');
|
|
});
|