ahmido
aacd82849a
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Add `CustomerReviewWorkspace` page for tenant pre-filtered reviews Add customer workspace links to `EvidenceSnapshotResource`, `ReviewPackResource`, and `TenantReviewResource` Implement audit logging for `TenantReviewOpened` and `ReviewPackDownloaded` actions Update ReviewPack download controller to enforce tenant-scoped RBAC Add tests for ReviewPack download authorization and audit logging Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #289
100 lines
3.7 KiB
PHP
100 lines
3.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\TenantReviewResource;
|
|
use App\Models\ReviewPack;
|
|
use App\Models\Tenant;
|
|
use App\Support\TenantReviewStatus;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Storage;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
pest()->browser()->timeout(20_000);
|
|
|
|
beforeEach(function (): void {
|
|
Storage::fake('exports');
|
|
});
|
|
|
|
it('smokes the customer review workspace handoff from tenant review detail', function (): void {
|
|
$tenantPublished = Tenant::factory()->create(['name' => 'Published Tenant']);
|
|
[$user, $tenantPublished] = createUserWithTenant(
|
|
tenant: $tenantPublished,
|
|
role: 'owner',
|
|
workspaceRole: 'manager',
|
|
);
|
|
|
|
$tenantWithoutPublished = Tenant::factory()->create([
|
|
'workspace_id' => (int) $tenantPublished->workspace_id,
|
|
'name' => 'No Published Tenant',
|
|
]);
|
|
|
|
createUserWithTenant(
|
|
tenant: $tenantWithoutPublished,
|
|
user: $user,
|
|
role: 'owner',
|
|
workspaceRole: 'manager',
|
|
);
|
|
|
|
$publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
|
|
$noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
|
|
|
|
$publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
|
|
$publishedReview->forceFill([
|
|
'status' => TenantReviewStatus::Published->value,
|
|
'published_at' => now(),
|
|
'published_by_user_id' => (int) $user->getKey(),
|
|
])->save();
|
|
|
|
$internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
|
|
$internalOnlyReview->forceFill([
|
|
'status' => TenantReviewStatus::Ready->value,
|
|
'published_at' => null,
|
|
'published_by_user_id' => null,
|
|
])->save();
|
|
|
|
Storage::disk('exports')->put('review-packs/customer-review-workspace-smoke.zip', 'PK-test');
|
|
|
|
ReviewPack::factory()->ready()->create([
|
|
'tenant_id' => (int) $tenantPublished->getKey(),
|
|
'workspace_id' => (int) $tenantPublished->workspace_id,
|
|
'tenant_review_id' => (int) $publishedReview->getKey(),
|
|
'evidence_snapshot_id' => (int) $publishedSnapshot->getKey(),
|
|
'initiated_by_user_id' => (int) $user->getKey(),
|
|
'file_path' => 'review-packs/customer-review-workspace-smoke.zip',
|
|
'file_disk' => 'exports',
|
|
]);
|
|
|
|
$this->actingAs($user)->withSession([
|
|
WorkspaceContext::SESSION_KEY => (int) $tenantPublished->workspace_id,
|
|
WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
|
|
(string) $tenantPublished->workspace_id => (int) $tenantPublished->getKey(),
|
|
],
|
|
]);
|
|
|
|
visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview], $tenantPublished))
|
|
->waitForText('Related context')
|
|
->assertSee('Open customer workspace')
|
|
->assertNoJavaScriptErrors()
|
|
->assertNoConsoleLogs()
|
|
->click('Open customer workspace')
|
|
->waitForText('Customer-safe review workspace')
|
|
->assertSee('Clear filters')
|
|
->assertSee('Open latest review')
|
|
->assertDontSee('Publish review')
|
|
->assertDontSee('Refresh review')
|
|
->click('Clear filters')
|
|
->waitForText('No published review available yet')
|
|
->assertSee('No published review available yet')
|
|
->click('Open latest review')
|
|
->waitForText('Outcome summary')
|
|
->assertDontSee('Publish review')
|
|
->assertDontSee('Refresh review')
|
|
->assertDontSee('Create next review')
|
|
->assertDontSee('Export executive pack')
|
|
->assertDontSee('Archive review')
|
|
->assertNoJavaScriptErrors()
|
|
->assertNoConsoleLogs();
|
|
}); |