ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ad16eee591
TenantAtlas/apps/platform/tests/Feature/Authorization/ReasonTranslationScopeSafetyTest.php
ahmido ad16eee591 Spec 204: harden platform core vocabulary (#234) 
## Summary
- add the Spec 204 platform vocabulary foundation, including canonical glossary terms, registry ownership descriptors, canonical operation type and alias resolution, and explicit reason ownership and platform reason-family metadata
- harden platform-facing compare, snapshot, evidence, monitoring, review, and reporting surfaces so they prefer governed-subject and canonical operation semantics while preserving intentional Intune-owned terminology
- extend Spec 204 unit, feature, Filament, and architecture coverage and add the full spec artifacts, checklist, and completed task ledger

## Verification
- ran the focused recent-change Sail verification pack for the new glossary and reason-semantics work
- ran the full Spec 204 quickstart verification pack under Sail
- ran `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- ran an integrated-browser smoke pass covering tenant dashboard, operations, operation detail, baseline compare, evidence, reviews, review packs, provider connections, inventory items, backup schedules, onboarding, and the system dashboard/operations/failures/run-detail surfaces

## Notes
- provider registration is unchanged and remains in `bootstrap/providers.php`
- no new destructive actions or asset-registration changes are introduced by this branch

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #234
2026-04-14 06:09:42 +00:00

83 lines
3.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
it('shows translated guidance to entitled viewers on canonical operation run pages', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$run = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'user_id' => (int) $user->getKey(),
'type' => 'inventory_sync',
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Blocked->value,
'context' => [
'reason_code' => 'missing_capability',
'execution_legitimacy' => [
'reason_code' => 'missing_capability',
],
],
'failure_summary' => [[
'code' => 'operation.blocked',
'reason_code' => 'missing_capability',
'message' => 'Operation blocked because the initiating actor no longer has the required capability.',
]],
]);
Filament::setTenant($tenant, true);
$this->actingAs($user)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertSuccessful()
->assertSee('Permission required')
->assertSee('The initiating actor no longer has the capability required for this queued run.')
->assertSee('Review workspace or tenant access before retrying.')
->assertDontSee('execution_denial')
->assertDontSee('platform_core');
});
it('returns not found before any translated guidance can leak to non-members', function (): void {
$workspaceTenant = Tenant::factory()->create();
[$owner, $visibleTenant] = createUserWithTenant(tenant: $workspaceTenant, role: 'owner');
$hiddenTenant = Tenant::factory()->for($visibleTenant->workspace)->create();
createUserWithTenant(tenant: $hiddenTenant, user: $owner, role: 'owner');
$outsider = \App\Models\User::factory()->create();
createUserWithTenant(tenant: $visibleTenant, user: $outsider, role: 'owner');
$run = OperationRun::factory()->create([
'tenant_id' => (int) $hiddenTenant->getKey(),
'workspace_id' => (int) $hiddenTenant->workspace_id,
'type' => 'inventory_sync',
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Blocked->value,
'context' => [
'reason_code' => 'missing_capability',
],
'failure_summary' => [[
'code' => 'operation.blocked',
'reason_code' => 'missing_capability',
'message' => 'Operation blocked because the initiating actor no longer has the required capability.',
]],
]);
$this->actingAs($outsider)
->withSession([
WorkspaceContext::SESSION_KEY => (int) $hiddenTenant->workspace_id,
])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertNotFound();
});
Reference in New Issue View Git Blame Copy Permalink