ahmido
c7b38606a9
Implements platform feature branch `285-workspace-rbac-environment-access`. Summary: - switch managed environment authorization to workspace-first role resolution with explicit environment-scope narrowing - rewire Filament pages, resources, policies, and user tenant access helpers to the shared access-scope resolver - add Spec 285 coverage across unit, feature, and browser tests plus full spec artifacts Validation: - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Auth/WorkspaceFirstCapabilityResolverTest.php tests/Unit/Auth/ManagedEnvironmentAccessScopeResolverTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/WorkspaceFirstManagedEnvironmentAccessTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Filament/WorkspaceMembershipRoleManagementTest.php tests/Feature/Rbac/GovernanceArtifactsWorkspaceFirstAuthorizationTest.php tests/Feature/Rbac/OperationRunWorkspaceFirstAuthorizationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php tests/Feature/ProviderConnections/ProviderConnectionHealthCheckStartSurfaceTest.php tests/Feature/Tenants/TenantProviderBackedActionStartTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Audit/TenantMembershipAuditLogTest.php tests/Feature/Filament/TenantMembersTest.php tests/Feature/TenantRBAC/TenantMembershipCrudTest.php tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` Target branch: `platform-dev`. Follow-up integration path after merge: - `platform-dev` -> `dev`. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #344
115 lines
3.5 KiB
PHP
115 lines
3.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Filament\Widgets\Alerts;
|
|
|
|
use App\Filament\Resources\AlertDeliveryResource;
|
|
use App\Filament\Resources\AlertDestinationResource;
|
|
use App\Filament\Resources\AlertRuleResource;
|
|
use App\Models\AlertDelivery;
|
|
use App\Models\AlertDestination;
|
|
use App\Models\AlertRule;
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\User;
|
|
use App\Services\Auth\ManagedEnvironmentAccessScopeResolver;
|
|
use App\Support\OperateHub\OperateHubShell;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Widgets\StatsOverviewWidget;
|
|
use Filament\Widgets\StatsOverviewWidget\Stat;
|
|
use Illuminate\Database\Eloquent\Builder;
|
|
|
|
class AlertsKpiHeader extends StatsOverviewWidget
|
|
{
|
|
protected static bool $isLazy = false;
|
|
|
|
protected int|string|array $columnSpan = 'full';
|
|
|
|
/**
|
|
* @return array<Stat>
|
|
*/
|
|
protected function getStats(): array
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
return [];
|
|
}
|
|
|
|
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
|
|
|
|
if (! is_int($workspaceId)) {
|
|
return [];
|
|
}
|
|
|
|
$stats = [];
|
|
|
|
if (AlertRuleResource::canViewAny()) {
|
|
$totalRules = (int) AlertRule::query()
|
|
->where('workspace_id', $workspaceId)
|
|
->count();
|
|
|
|
$enabledRules = (int) AlertRule::query()
|
|
->where('workspace_id', $workspaceId)
|
|
->where('is_enabled', true)
|
|
->count();
|
|
|
|
$stats[] = Stat::make('Enabled rules', $enabledRules)
|
|
->description('Total '.$totalRules);
|
|
}
|
|
|
|
if (AlertDestinationResource::canViewAny()) {
|
|
$totalDestinations = (int) AlertDestination::query()
|
|
->where('workspace_id', $workspaceId)
|
|
->count();
|
|
|
|
$enabledDestinations = (int) AlertDestination::query()
|
|
->where('workspace_id', $workspaceId)
|
|
->where('is_enabled', true)
|
|
->count();
|
|
|
|
$stats[] = Stat::make('Enabled targets', $enabledDestinations)
|
|
->description('Total '.$totalDestinations);
|
|
}
|
|
|
|
if (AlertDeliveryResource::canViewAny()) {
|
|
$deliveriesQuery = $this->deliveriesQueryForViewer($user, $workspaceId);
|
|
|
|
$deliveries24Hours = (int) (clone $deliveriesQuery)
|
|
->where('created_at', '>=', now()->subDay())
|
|
->count();
|
|
|
|
$failed7Days = (int) (clone $deliveriesQuery)
|
|
->where('created_at', '>=', now()->subDays(7))
|
|
->where('status', AlertDelivery::STATUS_FAILED)
|
|
->count();
|
|
|
|
$stats[] = Stat::make('Deliveries (24h)', $deliveries24Hours);
|
|
$stats[] = Stat::make('Failed (7d)', $failed7Days);
|
|
}
|
|
|
|
return $stats;
|
|
}
|
|
|
|
private function deliveriesQueryForViewer(User $user, int $workspaceId): Builder
|
|
{
|
|
$query = AlertDelivery::query()
|
|
->where('workspace_id', $workspaceId);
|
|
|
|
app(ManagedEnvironmentAccessScopeResolver::class)->applyWorkspaceScopeToQuery(
|
|
query: $query,
|
|
user: $user,
|
|
workspaceId: $workspaceId,
|
|
qualifiedEnvironmentColumn: 'alert_deliveries.managed_environment_id',
|
|
);
|
|
|
|
$activeTenant = app(OperateHubShell::class)->activeEntitledTenant(request());
|
|
|
|
if ($activeTenant instanceof ManagedEnvironment) {
|
|
$query->where('managed_environment_id', (int) $activeTenant->getKey());
|
|
}
|
|
|
|
return $query;
|
|
}
|
|
}
|