146 lines
5.6 KiB
PHP
146 lines
5.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\Finding;
|
|
use App\Services\Findings\FindingWorkflowService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('resolves a finding with reason', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$finding = Finding::factory()->for($tenant)->permissionPosture()->create();
|
|
|
|
$finding = app(FindingWorkflowService::class)->resolve($finding, $tenant, $user, 'permission_granted');
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
|
|
->and($finding->resolved_at)->not->toBeNull()
|
|
->and($finding->resolved_reason)->toBe('permission_granted');
|
|
|
|
$fresh = Finding::query()->find($finding->getKey());
|
|
expect($fresh->status)->toBe(Finding::STATUS_RESOLVED)
|
|
->and($fresh->resolved_at)->not->toBeNull();
|
|
});
|
|
|
|
it('reopens a resolved finding through the workflow service', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$finding = Finding::factory()->for($tenant)->permissionPosture()->resolved()->create();
|
|
|
|
$finding = app(FindingWorkflowService::class)->reopen($finding, $tenant, $user);
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_REOPENED)
|
|
->and($finding->reopened_at)->not->toBeNull()
|
|
->and($finding->resolved_at)->toBeNull()
|
|
->and($finding->resolved_reason)->toBeNull();
|
|
});
|
|
|
|
it('supports legacy model helper compatibility for resolve and reopen', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$finding = Finding::factory()->for($tenant)->permissionPosture()->create();
|
|
|
|
$finding->resolve('permission_granted');
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
|
|
->and($finding->resolved_at)->not->toBeNull()
|
|
->and($finding->resolved_reason)->toBe('permission_granted');
|
|
|
|
$finding->reopen([
|
|
'display_name' => 'Recovered Permission',
|
|
'permission_key' => 'User.Read.All',
|
|
]);
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_NEW)
|
|
->and($finding->resolved_at)->toBeNull()
|
|
->and($finding->resolved_reason)->toBeNull()
|
|
->and($finding->evidence_jsonb)->toMatchArray([
|
|
'display_name' => 'Recovered Permission',
|
|
'permission_key' => 'User.Read.All',
|
|
]);
|
|
});
|
|
|
|
it('supports legacy model helper compatibility for acknowledge', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$finding = Finding::factory()->for($tenant)->permissionPosture()->create();
|
|
|
|
$finding->acknowledge($user);
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_ACKNOWLEDGED)
|
|
->and($finding->acknowledged_at)->not->toBeNull()
|
|
->and($finding->acknowledged_by_user_id)->toBe($user->getKey());
|
|
});
|
|
|
|
it('exposes v2 open and terminal status helpers', function (): void {
|
|
expect(Finding::openStatuses())->toBe([
|
|
Finding::STATUS_NEW,
|
|
Finding::STATUS_TRIAGED,
|
|
Finding::STATUS_IN_PROGRESS,
|
|
Finding::STATUS_REOPENED,
|
|
]);
|
|
|
|
expect(Finding::terminalStatuses())->toBe([
|
|
Finding::STATUS_RESOLVED,
|
|
Finding::STATUS_CLOSED,
|
|
Finding::STATUS_RISK_ACCEPTED,
|
|
]);
|
|
|
|
expect(Finding::openStatusesForQuery())->toContain(Finding::STATUS_ACKNOWLEDGED);
|
|
});
|
|
|
|
it('maps legacy acknowledged status to triaged in v2 helpers', function (): void {
|
|
expect(Finding::canonicalizeStatus(Finding::STATUS_ACKNOWLEDGED))
|
|
->toBe(Finding::STATUS_TRIAGED);
|
|
|
|
expect(Finding::isOpenStatus(Finding::STATUS_ACKNOWLEDGED))->toBeTrue();
|
|
expect(Finding::isTerminalStatus(Finding::STATUS_ACKNOWLEDGED))->toBeFalse();
|
|
});
|
|
|
|
it('preserves acknowledged metadata when resolving an acknowledged finding', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$finding = Finding::factory()->for($tenant)->permissionPosture()->acknowledged()->create([
|
|
'acknowledged_by_user_id' => $user->getKey(),
|
|
]);
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_ACKNOWLEDGED);
|
|
|
|
$finding = app(FindingWorkflowService::class)->resolve($finding, $tenant, $user, 'permission_granted');
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
|
|
->and($finding->acknowledged_at)->not->toBeNull()
|
|
->and($finding->acknowledged_by_user_id)->toBe($user->getKey())
|
|
->and($finding->resolved_at)->not->toBeNull();
|
|
});
|
|
|
|
it('has STATUS_RESOLVED constant', function (): void {
|
|
expect(Finding::STATUS_RESOLVED)->toBe('resolved');
|
|
});
|
|
|
|
it('has FINDING_TYPE_PERMISSION_POSTURE constant', function (): void {
|
|
expect(Finding::FINDING_TYPE_PERMISSION_POSTURE)->toBe('permission_posture');
|
|
});
|
|
|
|
it('casts resolved_at as datetime', function (): void {
|
|
$finding = Finding::factory()->permissionPosture()->resolved()->create();
|
|
$fresh = Finding::query()->find($finding->getKey());
|
|
|
|
expect($fresh->resolved_at)->toBeInstanceOf(\Illuminate\Support\Carbon::class);
|
|
});
|
|
|
|
it('creates permission posture findings via factory state', function (): void {
|
|
$finding = Finding::factory()->permissionPosture()->create();
|
|
|
|
expect($finding->finding_type)->toBe(Finding::FINDING_TYPE_PERMISSION_POSTURE)
|
|
->and($finding->source)->toBe('permission_check')
|
|
->and($finding->subject_type)->toBe('permission')
|
|
->and($finding->severity)->toBe(Finding::SEVERITY_MEDIUM)
|
|
->and($finding->evidence_jsonb)->toHaveKey('permission_key');
|
|
});
|
|
|
|
it('creates resolved findings via factory state', function (): void {
|
|
$finding = Finding::factory()->resolved()->create();
|
|
|
|
expect($finding->status)->toBe(Finding::STATUS_RESOLVED)
|
|
->and($finding->resolved_at)->not->toBeNull()
|
|
->and($finding->resolved_reason)->toBe('permission_granted');
|
|
});
|