ahmido
5bcb4f6ab8
## Summary
- add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs
- enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows
- surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer
- add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption
## Testing
- vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php
- vendor/bin/sail bin pint --dirty --format agent
## Manual validation
- validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run}
- validated 404 vs 403 route behavior for non-membership vs in-scope capability denial
- validated initiator-null blocked system-run behavior without creating a user terminal notification
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #179
54 lines
1.4 KiB
PHP
54 lines
1.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Operations;
|
|
|
|
use App\Models\OperationRun;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
|
|
final readonly class QueuedExecutionContext
|
|
{
|
|
/**
|
|
* @param array{workspace_id:int,tenant_id:int|null,provider_connection_id:int|null} $targetScope
|
|
* @param list<string> $prerequisiteClasses
|
|
* @param array<string, mixed> $metadata
|
|
*/
|
|
public function __construct(
|
|
public OperationRun $run,
|
|
public string $operationType,
|
|
public int $workspaceId,
|
|
public ?Tenant $tenant,
|
|
public ?User $initiator,
|
|
public ExecutionAuthorityMode $authorityMode,
|
|
public ?string $requiredCapability,
|
|
public ?int $providerConnectionId,
|
|
public array $targetScope,
|
|
public array $prerequisiteClasses = [],
|
|
public array $metadata = [],
|
|
) {}
|
|
|
|
/**
|
|
* @return array{identity_type:string,user_id:int|null}|null
|
|
*/
|
|
public function initiatorSnapshot(): ?array
|
|
{
|
|
if ($this->authorityMode === ExecutionAuthorityMode::SystemAuthority) {
|
|
return [
|
|
'identity_type' => 'system',
|
|
'user_id' => null,
|
|
];
|
|
}
|
|
|
|
if (! $this->initiator instanceof User) {
|
|
return null;
|
|
}
|
|
|
|
return [
|
|
'identity_type' => 'user',
|
|
'user_id' => (int) $this->initiator->getKey(),
|
|
];
|
|
}
|
|
}
|