ahmido
5bcb4f6ab8
## Summary
- add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs
- enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows
- surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer
- add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption
## Testing
- vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php
- vendor/bin/sail bin pint --dirty --format agent
## Manual validation
- validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run}
- validated 404 vs 403 route behavior for non-membership vs in-scope capability denial
- validated initiator-null blocked system-run behavior without creating a user terminal notification
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #179
127 lines
3.7 KiB
PHP
127 lines
3.7 KiB
PHP
<?php
|
|
|
|
namespace App\Jobs\Operations;
|
|
|
|
use App\Jobs\Middleware\EnsureQueuedExecutionLegitimate;
|
|
use App\Models\OperationRun;
|
|
use App\Models\Policy;
|
|
use App\Services\OperationRunService;
|
|
use App\Services\Operations\TargetScopeConcurrencyLimiter;
|
|
use Illuminate\Bus\Queueable;
|
|
use Illuminate\Contracts\Queue\ShouldQueue;
|
|
use Illuminate\Foundation\Bus\Dispatchable;
|
|
use Illuminate\Queue\InteractsWithQueue;
|
|
use Illuminate\Queue\SerializesModels;
|
|
use RuntimeException;
|
|
use Throwable;
|
|
|
|
class PolicyBulkDeleteWorkerJob implements ShouldQueue
|
|
{
|
|
use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
|
|
|
|
public ?OperationRun $operationRun = null;
|
|
|
|
/**
|
|
* @param array<string, mixed> $context
|
|
*/
|
|
public function __construct(
|
|
public int $tenantId,
|
|
public int $userId,
|
|
public int $policyId,
|
|
?OperationRun $operationRun = null,
|
|
public array $context = [],
|
|
) {
|
|
$this->operationRun = $operationRun;
|
|
}
|
|
|
|
public function middleware(): array
|
|
{
|
|
return [new EnsureQueuedExecutionLegitimate];
|
|
}
|
|
|
|
public function handle(OperationRunService $runs, TargetScopeConcurrencyLimiter $limiter): void
|
|
{
|
|
if (! $this->operationRun instanceof OperationRun) {
|
|
throw new RuntimeException('OperationRun is required for policy bulk delete worker.');
|
|
}
|
|
|
|
$this->operationRun->refresh();
|
|
|
|
if ($this->operationRun->status === 'completed') {
|
|
return;
|
|
}
|
|
|
|
$context = is_array($this->operationRun->context) ? $this->operationRun->context : [];
|
|
$targetScope = is_array($context['target_scope'] ?? null) ? $context['target_scope'] : [];
|
|
|
|
$lock = $limiter->acquireSlot($this->tenantId, $targetScope);
|
|
|
|
if (! $lock) {
|
|
$delay = (int) config('tenantpilot.bulk_operations.poll_interval_seconds', 3);
|
|
$this->release(max(1, $delay));
|
|
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$policy = Policy::query()
|
|
->where('tenant_id', $this->tenantId)
|
|
->whereKey($this->policyId)
|
|
->first();
|
|
|
|
if (! $policy instanceof Policy) {
|
|
$runs->incrementSummaryCounts($this->operationRun, [
|
|
'processed' => 1,
|
|
'failed' => 1,
|
|
]);
|
|
|
|
$runs->appendFailures($this->operationRun, [[
|
|
'code' => 'policy.not_found',
|
|
'message' => 'Policy '.$this->policyId.' not found.',
|
|
]]);
|
|
|
|
$runs->maybeCompleteBulkRun($this->operationRun);
|
|
|
|
return;
|
|
}
|
|
|
|
if ($policy->ignored_at) {
|
|
$runs->incrementSummaryCounts($this->operationRun, [
|
|
'processed' => 1,
|
|
'skipped' => 1,
|
|
]);
|
|
|
|
$runs->maybeCompleteBulkRun($this->operationRun);
|
|
|
|
return;
|
|
}
|
|
|
|
$policy->ignore();
|
|
|
|
$runs->incrementSummaryCounts($this->operationRun, [
|
|
'processed' => 1,
|
|
'succeeded' => 1,
|
|
'deleted' => 1,
|
|
]);
|
|
|
|
$runs->maybeCompleteBulkRun($this->operationRun);
|
|
} catch (Throwable $e) {
|
|
$runs->incrementSummaryCounts($this->operationRun, [
|
|
'processed' => 1,
|
|
'failed' => 1,
|
|
]);
|
|
|
|
$runs->appendFailures($this->operationRun, [[
|
|
'code' => 'policy.delete_failed',
|
|
'message' => $e->getMessage(),
|
|
]]);
|
|
|
|
$runs->maybeCompleteBulkRun($this->operationRun);
|
|
|
|
throw $e;
|
|
} finally {
|
|
$lock->release();
|
|
}
|
|
}
|
|
}
|