ahmido
ec71c2d4e7
## Summary - harden finding lifecycle changes behind the canonical `FindingWorkflowService` gateway - route automated resolve and reopen flows through the same audited workflow path - tighten tenant and workspace scope checks on finding actions and audit visibility - add focused spec artifacts, workflow regression coverage, automation coverage, and audit visibility tests - update legacy finding model tests to use the workflow service after direct lifecycle mutators were removed ## Testing - `vendor/bin/sail bin pint --dirty --format agent` - focused findings and audit slices passed during implementation - `vendor/bin/sail artisan test --compact tests/Feature/Models/FindingResolvedTest.php` - full repository suite passed: `2757 passed`, `8 skipped`, `14448 assertions` ## Notes - Livewire v4.0+ compliance preserved - no new Filament assets or panel providers introduced; provider registration remains in `bootstrap/providers.php` - findings stay on existing Filament action surfaces, with destructive actions still confirmation-gated - no global search behavior was changed for findings resources Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #181
78 lines
2.4 KiB
PHP
78 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Services\Audit;
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\Tenant;
|
|
use App\Models\Workspace;
|
|
use App\Support\Audit\AuditActionId;
|
|
use App\Support\Audit\AuditActorSnapshot;
|
|
use App\Support\Audit\AuditOutcome;
|
|
use App\Support\Audit\AuditTargetSnapshot;
|
|
use Carbon\CarbonInterface;
|
|
|
|
final class AuditRecorder
|
|
{
|
|
public function __construct(
|
|
private readonly AuditEventBuilder $builder,
|
|
) {}
|
|
|
|
/**
|
|
* @param array<string, mixed> $context
|
|
*/
|
|
public function record(
|
|
string|AuditActionId $action,
|
|
array $context = [],
|
|
?Workspace $workspace = null,
|
|
?Tenant $tenant = null,
|
|
?AuditActorSnapshot $actor = null,
|
|
?AuditTargetSnapshot $target = null,
|
|
string|AuditOutcome|null $outcome = null,
|
|
?CarbonInterface $recordedAt = null,
|
|
?string $summary = null,
|
|
?int $operationRunId = null,
|
|
): AuditLog {
|
|
$actionValue = $action instanceof AuditActionId ? $action->value : trim($action);
|
|
|
|
$metadata = is_array($context['metadata'] ?? null) ? $context['metadata'] : [];
|
|
$dedupeKey = is_string($metadata['_dedupe_key'] ?? null) ? trim((string) $metadata['_dedupe_key']) : null;
|
|
|
|
if ($dedupeKey !== '') {
|
|
$metadata['_dedupe_key'] = $dedupeKey;
|
|
$context['metadata'] = $metadata;
|
|
}
|
|
|
|
$attributes = $this->builder->buildRecordAttributes(
|
|
action: $actionValue,
|
|
context: $context,
|
|
workspace: $workspace,
|
|
tenant: $tenant,
|
|
actor: $actor,
|
|
target: $target,
|
|
outcome: $outcome,
|
|
recordedAt: $recordedAt,
|
|
summary: $summary,
|
|
operationRunId: $operationRunId,
|
|
);
|
|
|
|
if ($dedupeKey !== null && $dedupeKey !== '') {
|
|
$existing = AuditLog::query()
|
|
->where('tenant_id', $attributes['tenant_id'])
|
|
->where('action', $attributes['action'])
|
|
->where('resource_type', $attributes['resource_type'])
|
|
->where('resource_id', $attributes['resource_id'])
|
|
->whereRaw("metadata ->> '_dedupe_key' = ?", [$dedupeKey])
|
|
->latest('id')
|
|
->first();
|
|
|
|
if ($existing instanceof AuditLog) {
|
|
return $existing;
|
|
}
|
|
}
|
|
|
|
return AuditLog::query()->create($attributes);
|
|
}
|
|
}
|