ahmido
ef380b67d1
Implements Spec 104: Provider Permission Posture. What changed - Generates permission posture findings after each tenant permission compare (queued) - Stores immutable posture snapshots as StoredReports (JSONB payload) - Adds global Finding resolved lifecycle (`resolved_at`, `resolved_reason`) with `resolve()` / `reopen()` - Adds alert pipeline event type `permission_missing` (Alerts v1) and Filament option for Alert Rules - Adds retention pruning command + daily schedule for StoredReports - Adds badge mappings for `resolved` finding status and `permission_posture` finding type UX fixes discovered during manual verification - Hide “Diff” section for non-drift findings (only drift findings show diff) - Required Permissions page: “Re-run verification” now links to Tenant view (not onboarding) - Preserve Technical Details `<details>` open state across Livewire re-renders (Alpine state) Verification - Ran `vendor/bin/sail artisan test --compact --filter=PermissionPosture` (50 tests) - Ran `vendor/bin/sail artisan test --compact --filter="FindingResolved|FindingBadge|PermissionMissingAlert"` (20 tests) - Ran `vendor/bin/sail bin pint --dirty` Filament v5 / Livewire v4 compliance - Filament v5 + Livewire v4: no Livewire v3 usage. Panel provider registration (Laravel 11+) - No new panels added. Existing panel providers remain registered via `bootstrap/providers.php`. Global search rule - No changes to global-searchable resources. Destructive actions - No new destructive Filament actions were added in this PR. Assets / deploy notes - No new Filament assets registered. Existing deploy step `php artisan filament:assets` remains unchanged. Test coverage - New/updated Pest feature tests cover generator behavior, job integration, alerting, retention pruning, and resolved lifecycle. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #127
72 lines
2.2 KiB
PHP
72 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace Database\Factories;
|
|
|
|
use App\Models\Finding;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Database\Eloquent\Factories\Factory;
|
|
|
|
/**
|
|
* @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Finding>
|
|
*/
|
|
class FindingFactory extends Factory
|
|
{
|
|
/**
|
|
* Define the model's default state.
|
|
*
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function definition(): array
|
|
{
|
|
return [
|
|
'tenant_id' => Tenant::factory(),
|
|
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
|
'scope_key' => hash('sha256', fake()->uuid()),
|
|
'baseline_operation_run_id' => null,
|
|
'current_operation_run_id' => null,
|
|
'fingerprint' => hash('sha256', fake()->uuid()),
|
|
'subject_type' => 'assignment',
|
|
'subject_external_id' => fake()->uuid(),
|
|
'severity' => Finding::SEVERITY_MEDIUM,
|
|
'status' => Finding::STATUS_NEW,
|
|
'acknowledged_at' => null,
|
|
'acknowledged_by_user_id' => null,
|
|
'evidence_jsonb' => [],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* State for permission posture findings.
|
|
*/
|
|
public function permissionPosture(): static
|
|
{
|
|
return $this->state(fn (array $attributes): array => [
|
|
'finding_type' => Finding::FINDING_TYPE_PERMISSION_POSTURE,
|
|
'source' => 'permission_check',
|
|
'subject_type' => 'permission',
|
|
'subject_external_id' => 'DeviceManagementConfiguration.ReadWrite.All',
|
|
'severity' => Finding::SEVERITY_MEDIUM,
|
|
'evidence_jsonb' => [
|
|
'permission_key' => 'DeviceManagementConfiguration.ReadWrite.All',
|
|
'permission_type' => 'application',
|
|
'expected_status' => 'granted',
|
|
'actual_status' => 'missing',
|
|
'blocked_features' => ['policy-sync', 'backup'],
|
|
'checked_at' => now()->toIso8601String(),
|
|
],
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* State for resolved findings.
|
|
*/
|
|
public function resolved(): static
|
|
{
|
|
return $this->state(fn (array $attributes): array => [
|
|
'status' => Finding::STATUS_RESOLVED,
|
|
'resolved_at' => now(),
|
|
'resolved_reason' => 'permission_granted',
|
|
]);
|
|
}
|
|
}
|