ahmido
c86b399b43
Some checks failed
Main Confidence / confidence (push) Failing after 53s
## Summary This PR delivers three related improvements: ### 1. Finding Ownership Semantics (Spec 219) - Add responsibility/accountability labels to findings and finding exceptions - `owner_user_id` = accountable party (governance owner) - `assignee_user_id` = responsible party (technical implementer) - Expose Assign/Reassign actions in FindingResource with audit logging - Add ownership columns and filters to finding list - Propagate owner from finding to exception on creation - Tests: ownership semantics, assignment audit, workflow actions ### 2. Constitution v2.7.0 — LEAN-001 Pre-Production Lean Doctrine - New principle forbidding legacy aliases, migration shims, dual-write logic, and compatibility fixtures in a pre-production codebase - AI-agent 4-question verification gate before adding any compatibility path - Review rule: compatibility shims without answering the gate questions = merge blocker - Exit condition: LEAN-001 expires at first production deployment - Spec template: added default "Compatibility posture" block - Agent instructions: added "Pre-production compatibility check" section ### 3. Backup Set Operation Type Unification - Unified `backup_set.add_policies` and `backup_set.remove_policies` into single canonical `backup_set.update` - Removed all legacy aliases, constants, and test fixtures - Added lifecycle coverage for `backup_set.update` in config - Updated all 14+ test files referencing legacy types ### Spec Artifacts - `specs/219-finding-ownership-semantics/` — full spec, plan, tasks, research, data model, contracts, checklist ### Tests - All affected tests pass (OperationCatalog, backup set, finding workflow, ownership semantics) Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #256
183 lines
6.1 KiB
PHP
183 lines
6.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Filament\Resources\BackupSetResource;
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSet;
|
|
use App\Models\OperationRun;
|
|
use App\Support\BackupHealth\TenantBackupHealthAssessment;
|
|
use Carbon\CarbonImmutable;
|
|
use Filament\Facades\Filament;
|
|
|
|
afterEach(function (): void {
|
|
CarbonImmutable::setTestNow();
|
|
});
|
|
|
|
it('renders backup sets with lifecycle summary, related context, and secondary technical detail', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Nightly backup',
|
|
'item_count' => 12,
|
|
'created_by' => 'owner@example.test',
|
|
'metadata' => [
|
|
'policy_types' => ['deviceConfiguration'],
|
|
'include_assignments' => true,
|
|
],
|
|
]);
|
|
|
|
\App\Models\BackupItem::factory()->for($backupSet)->for($tenant)->create([
|
|
'payload' => [],
|
|
'metadata' => [
|
|
'source' => 'metadata_only',
|
|
'assignments_fetch_failed' => true,
|
|
'integrity_warning' => 'Protected values are intentionally hidden.',
|
|
],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$run = OperationRun::factory()->for($tenant)->create([
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'type' => 'backup_set.update',
|
|
'context' => [
|
|
'backup_set_id' => (int) $backupSet->getKey(),
|
|
],
|
|
]);
|
|
|
|
$this->get(BackupSetResource::getUrl('view', ['record' => $backupSet], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Backup quality')
|
|
->assertSee('1 degraded item')
|
|
->assertSee('1 metadata-only')
|
|
->assertSee('1 assignment issue')
|
|
->assertSee('1 integrity warning')
|
|
->assertSee('Timing')
|
|
->assertSee('Archive')
|
|
->assertSee('More')
|
|
->assertSee('/admin/operations/'.$run->getKey(), false)
|
|
->assertDontSee('Related record')
|
|
->assertDontSee('>Completed</span>', false)
|
|
->assertSeeInOrder(['Nightly backup', 'Backup quality', 'Lifecycle overview', 'Related context', 'Technical detail']);
|
|
});
|
|
|
|
it('keeps operations context and technical empty states readable for sparse backup sets', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Sparse backup',
|
|
'item_count' => 0,
|
|
'metadata' => [],
|
|
]);
|
|
|
|
$this->get(BackupSetResource::getUrl('view', ['record' => $backupSet], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('No items captured')
|
|
->assertSee('No backup metadata was recorded for this backup set.')
|
|
->assertSee('Metadata keys')
|
|
->assertDontSee('Related record');
|
|
});
|
|
|
|
it('keeps backup quality counts visible for archived backup sets', function (): void {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
$this->actingAs($user);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Archived backup',
|
|
'item_count' => 1,
|
|
]);
|
|
|
|
$item = \App\Models\BackupItem::factory()->for($backupSet)->for($tenant)->create([
|
|
'payload' => [],
|
|
'metadata' => [
|
|
'source' => 'metadata_only',
|
|
],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$item->delete();
|
|
$backupSet->delete();
|
|
|
|
$this->get(BackupSetResource::getUrl('view', ['record' => $backupSet], tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Archived')
|
|
->assertSee('1 degraded item')
|
|
->assertSee('1 metadata-only');
|
|
});
|
|
|
|
it('confirms stale latest-backup continuity on the enterprise detail page', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Stale dashboard backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subDays(2),
|
|
]);
|
|
|
|
BackupItem::factory()->for($backupSet)->for($tenant)->create([
|
|
'payload' => ['id' => 'policy-stale'],
|
|
'metadata' => [],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$this->get(BackupSetResource::getUrl('view', [
|
|
'record' => $backupSet,
|
|
'backup_health_reason' => TenantBackupHealthAssessment::REASON_LATEST_BACKUP_STALE,
|
|
], panel: 'tenant', tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Backup posture')
|
|
->assertSee('Latest backup is stale')
|
|
->assertSee('The latest completed backup was 2 days ago.');
|
|
});
|
|
|
|
it('confirms degraded latest-backup continuity on the enterprise detail page', function (): void {
|
|
CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 7, 12, 0, 0, 'UTC'));
|
|
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
$this->actingAs($user);
|
|
|
|
Filament::setTenant($tenant, true);
|
|
|
|
$backupSet = BackupSet::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'name' => 'Degraded dashboard backup',
|
|
'item_count' => 1,
|
|
'completed_at' => now()->subMinutes(45),
|
|
]);
|
|
|
|
BackupItem::factory()->for($backupSet)->for($tenant)->create([
|
|
'payload' => [],
|
|
'metadata' => [
|
|
'source' => 'metadata_only',
|
|
'assignments_fetch_failed' => true,
|
|
],
|
|
'assignments' => [],
|
|
]);
|
|
|
|
$this->get(BackupSetResource::getUrl('view', [
|
|
'record' => $backupSet,
|
|
'backup_health_reason' => TenantBackupHealthAssessment::REASON_LATEST_BACKUP_DEGRADED,
|
|
], panel: 'tenant', tenant: $tenant))
|
|
->assertOk()
|
|
->assertSee('Backup posture')
|
|
->assertSee('Latest backup is degraded')
|
|
->assertSee('degraded input quality');
|
|
});
|