ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
acc8947384
TenantAtlas/apps/platform/tests/Feature/Models/FindingResolvedTest.php
ahmido acc8947384 feat: harden governance action semantics (#229) 
## Summary
- add the Spec 194 governance action catalog, friction classes, reason policies, and regression guards
- align exception, review, evidence, finding, tenant, provider connection, and system run actions to the shared semantics model
- add focused feature, RBAC, audit, unit, and browser coverage, including the tenant detail triage header consistency update

## Verification
- ran the focused Spec 194 verification pack from the quickstart and task plan
- ran targeted tenant triage coverage after the detail-header update
- ran `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Filament Notes
- Filament v5 / Livewire v4 compliance preserved
- provider registration remains in `apps/platform/bootstrap/providers.php`
- globally searchable resources were not changed
- destructive actions remain confirmation-gated and server-authorized
- no new Filament assets were introduced; the existing `cd apps/platform && php artisan filament:assets` deploy step stays unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #229
2026-04-12 21:21:44 +00:00

146 lines
5.7 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\Finding;
use App\Services\Findings\FindingWorkflowService;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('resolves a finding with reason', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->permissionPosture()->create();
$finding = app(FindingWorkflowService::class)->resolve($finding, $tenant, $user, 'permission_granted');
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
->and($finding->resolved_at)->not->toBeNull()
->and($finding->resolved_reason)->toBe('permission_granted');
$fresh = Finding::query()->find($finding->getKey());
expect($fresh->status)->toBe(Finding::STATUS_RESOLVED)
->and($fresh->resolved_at)->not->toBeNull();
});
it('reopens a resolved finding through the workflow service', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->permissionPosture()->resolved()->create();
$finding = app(FindingWorkflowService::class)->reopen($finding, $tenant, $user, 'The finding recurred after a later scan.');
expect($finding->status)->toBe(Finding::STATUS_REOPENED)
->and($finding->reopened_at)->not->toBeNull()
->and($finding->resolved_at)->toBeNull()
->and($finding->resolved_reason)->toBeNull();
});
it('supports legacy model helper compatibility for resolve and reopen', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->permissionPosture()->create();
$finding->resolve('permission_granted');
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
->and($finding->resolved_at)->not->toBeNull()
->and($finding->resolved_reason)->toBe('permission_granted');
$finding->reopen([
'display_name' => 'Recovered Permission',
'permission_key' => 'User.Read.All',
]);
expect($finding->status)->toBe(Finding::STATUS_NEW)
->and($finding->resolved_at)->toBeNull()
->and($finding->resolved_reason)->toBeNull()
->and($finding->evidence_jsonb)->toMatchArray([
'display_name' => 'Recovered Permission',
'permission_key' => 'User.Read.All',
]);
});
it('supports legacy model helper compatibility for acknowledge', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->permissionPosture()->create();
$finding->acknowledge($user);
expect($finding->status)->toBe(Finding::STATUS_ACKNOWLEDGED)
->and($finding->acknowledged_at)->not->toBeNull()
->and($finding->acknowledged_by_user_id)->toBe($user->getKey());
});
it('exposes v2 open and terminal status helpers', function (): void {
expect(Finding::openStatuses())->toBe([
Finding::STATUS_NEW,
Finding::STATUS_TRIAGED,
Finding::STATUS_IN_PROGRESS,
Finding::STATUS_REOPENED,
]);
expect(Finding::terminalStatuses())->toBe([
Finding::STATUS_RESOLVED,
Finding::STATUS_CLOSED,
Finding::STATUS_RISK_ACCEPTED,
]);
expect(Finding::openStatusesForQuery())->toContain(Finding::STATUS_ACKNOWLEDGED);
});
it('maps legacy acknowledged status to triaged in v2 helpers', function (): void {
expect(Finding::canonicalizeStatus(Finding::STATUS_ACKNOWLEDGED))
->toBe(Finding::STATUS_TRIAGED);
expect(Finding::isOpenStatus(Finding::STATUS_ACKNOWLEDGED))->toBeTrue();
expect(Finding::isTerminalStatus(Finding::STATUS_ACKNOWLEDGED))->toBeFalse();
});
it('preserves acknowledged metadata when resolving an acknowledged finding', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$finding = Finding::factory()->for($tenant)->permissionPosture()->acknowledged()->create([
'acknowledged_by_user_id' => $user->getKey(),
]);
expect($finding->status)->toBe(Finding::STATUS_ACKNOWLEDGED);
$finding = app(FindingWorkflowService::class)->resolve($finding, $tenant, $user, 'permission_granted');
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
->and($finding->acknowledged_at)->not->toBeNull()
->and($finding->acknowledged_by_user_id)->toBe($user->getKey())
->and($finding->resolved_at)->not->toBeNull();
});
it('has STATUS_RESOLVED constant', function (): void {
expect(Finding::STATUS_RESOLVED)->toBe('resolved');
});
it('has FINDING_TYPE_PERMISSION_POSTURE constant', function (): void {
expect(Finding::FINDING_TYPE_PERMISSION_POSTURE)->toBe('permission_posture');
});
it('casts resolved_at as datetime', function (): void {
$finding = Finding::factory()->permissionPosture()->resolved()->create();
$fresh = Finding::query()->find($finding->getKey());
expect($fresh->resolved_at)->toBeInstanceOf(\Illuminate\Support\Carbon::class);
});
it('creates permission posture findings via factory state', function (): void {
$finding = Finding::factory()->permissionPosture()->create();
expect($finding->finding_type)->toBe(Finding::FINDING_TYPE_PERMISSION_POSTURE)
->and($finding->source)->toBe('permission_check')
->and($finding->subject_type)->toBe('permission')
->and($finding->severity)->toBe(Finding::SEVERITY_MEDIUM)
->and($finding->evidence_jsonb)->toHaveKey('permission_key');
});
it('creates resolved findings via factory state', function (): void {
$finding = Finding::factory()->resolved()->create();
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
->and($finding->resolved_at)->not->toBeNull()
->and($finding->resolved_reason)->toBe('permission_granted');
});
Reference in New Issue View Git Blame Copy Permalink