ahmido
aeef285d1d
## Summary Implements feature branch `286-ui-copy-ia-localization-neutralization`. This change set: - aligns chooser, managed-environment landing, dashboard, shell, and workspace context copy to environment-first terminology - neutralizes the bounded policy and baseline helper copy called out by Spec 286 - adds focused feature, guard, and browser coverage plus the complete Spec 286 artifact set - records the discovered `Capture snapshot` modal issue as out-of-scope runtime debt in the Spec 286 close-out notes ## Validation - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Localization/EnvironmentContextTerminologyTest.php tests/Feature/Filament/EnvironmentContextSurfaceCopyTest.php tests/Feature/Filament/Localization/PolicyInventoryLocalizationTest.php tests/Feature/Guards/EnvironmentCopyNeutralizationGuardTest.php` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec286EnvironmentCopyNeutralizationSmokeTest.php` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` ## Notes - Target branch: `platform-dev` - Filament remains on v5 with Livewire v4. - Provider registration remains unchanged in `apps/platform/bootstrap/providers.php`. - No new destructive actions, asset strategy changes, or global-search posture changes are introduced in this slice. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #345
117 lines
4.3 KiB
PHP
117 lines
4.3 KiB
PHP
<?php
|
|
|
|
use App\Filament\Pages\BaselineCompareLanding;
|
|
use App\Models\BaselineProfile;
|
|
use App\Models\BaselineSnapshot;
|
|
use App\Models\BaselineTenantAssignment;
|
|
use App\Models\Finding;
|
|
use App\Models\OperationRun;
|
|
use App\Support\OperationRunOutcome;
|
|
use App\Support\OperationRunStatus;
|
|
use App\Support\OperationRunType;
|
|
use Filament\Facades\Filament;
|
|
use Livewire\Livewire;
|
|
|
|
it('shows RBAC-specific baseline compare labels and assignment exclusion messaging', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
$tenant->makeCurrent();
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$profile = BaselineProfile::factory()->active()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'name' => 'RBAC Baseline',
|
|
'scope_jsonb' => [
|
|
'policy_types' => [],
|
|
'foundation_types' => ['intuneRoleDefinition'],
|
|
],
|
|
]);
|
|
|
|
$snapshot = BaselineSnapshot::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
$profile->update(['active_snapshot_id' => (int) $snapshot->getKey()]);
|
|
|
|
BaselineTenantAssignment::factory()->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'managed_environment_id' => (int) $tenant->getKey(),
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
]);
|
|
|
|
OperationRun::factory()->create([
|
|
'managed_environment_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => OperationRunType::BaselineCompare->value,
|
|
'status' => OperationRunStatus::Completed->value,
|
|
'outcome' => OperationRunOutcome::Succeeded->value,
|
|
'completed_at' => now(),
|
|
'context' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'baseline_compare' => [
|
|
'reason_code' => 'drift_detected',
|
|
'rbac_role_definitions' => [
|
|
'total_compared' => 4,
|
|
'unchanged' => 1,
|
|
'modified' => 1,
|
|
'missing' => 1,
|
|
'unexpected' => 1,
|
|
],
|
|
'coverage' => [
|
|
'effective_types' => ['intuneRoleDefinition'],
|
|
'covered_types' => ['intuneRoleDefinition'],
|
|
'uncovered_types' => [],
|
|
'proof' => true,
|
|
],
|
|
'fidelity' => 'content',
|
|
],
|
|
],
|
|
]);
|
|
|
|
Finding::factory()->create([
|
|
'managed_environment_id' => (int) $tenant->getKey(),
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'source' => 'baseline.compare',
|
|
'scope_key' => 'baseline_profile:'.$profile->getKey(),
|
|
'severity' => Finding::SEVERITY_HIGH,
|
|
'status' => Finding::STATUS_NEW,
|
|
'subject_type' => 'policy',
|
|
'subject_external_id' => 'rbac-role-1',
|
|
'evidence_fidelity' => 'content',
|
|
'evidence_jsonb' => [
|
|
'change_type' => 'different_version',
|
|
'policy_type' => 'intuneRoleDefinition',
|
|
'subject_key' => hash('sha256', 'intuneRoleDefinition|rbac-role-1'),
|
|
'display_name' => 'Security Reader',
|
|
'summary' => [
|
|
'kind' => 'rbac_role_definition',
|
|
],
|
|
'baseline' => ['policy_version_id' => 10],
|
|
'current' => ['policy_version_id' => 11],
|
|
'rbac_role_definition' => [
|
|
'diff_kind' => 'permission_change',
|
|
],
|
|
'fidelity' => 'content',
|
|
'provenance' => [
|
|
'baseline_profile_id' => (int) $profile->getKey(),
|
|
'baseline_snapshot_id' => (int) $snapshot->getKey(),
|
|
'compare_operation_run_id' => 1,
|
|
'inventory_sync_run_id' => 1,
|
|
],
|
|
],
|
|
]);
|
|
|
|
Livewire::test(BaselineCompareLanding::class)
|
|
->assertSee('RBAC role definitions')
|
|
->assertSee('Compared')
|
|
->assertSee('Modified')
|
|
->assertSee('Missing')
|
|
->assertSee('Unexpected')
|
|
->assertSee('Role Assignments are not included')
|
|
->assertDontSee('Intune RBAC Role Definitions')
|
|
->assertDontSee('RBAC restore');
|
|
});
|