TenantAtlas/apps/platform/tests/Feature/Evidence/EvidenceOverviewPageTest.php

<?php

declare(strict_types=1);

use App\Filament\Resources\EvidenceSnapshotResource;
use App\Models\EvidenceSnapshot;
use App\Models\Tenant;
use App\Support\Evidence\EvidenceCompletenessState;
use App\Support\Evidence\EvidenceSnapshotStatus;
use App\Support\Workspaces\WorkspaceContext;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\Feature\Concerns\BuildsGovernanceArtifactTruthFixtures;

uses(RefreshDatabase::class, BuildsGovernanceArtifactTruthFixtures::class);

it('shows only authorized tenant rows on the workspace evidence overview', function (): void {
    $tenantA = Tenant::factory()->create();
    [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
    $tenantB = Tenant::factory()->create(['workspace_id' => (int) $tenantA->workspace_id]);
    createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');

    $foreignWorkspaceTenant = Tenant::factory()->create();

    foreach ([
        [$tenantA, EvidenceCompletenessState::Complete->value],
        [$tenantB, EvidenceCompletenessState::Partial->value],
        [$foreignWorkspaceTenant, EvidenceCompletenessState::Missing->value],
    ] as [$tenant, $state]) {
        EvidenceSnapshot::query()->create([
            'tenant_id' => (int) $tenant->getKey(),
            'workspace_id' => (int) $tenant->workspace_id,
            'status' => EvidenceSnapshotStatus::Active->value,
            'completeness_state' => $state,
            'summary' => [
                'missing_dimensions' => $state === EvidenceCompletenessState::Missing->value ? 2 : 0,
                'stale_dimensions' => 0,
            ],
            'generated_at' => now(),
        ]);
    }

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
        ->get(route('admin.evidence.overview'))
        ->assertOk()
        ->assertSee('Artifact truth')
        ->assertSee($tenantA->name)
        ->assertSee($tenantB->name)
        ->assertDontSee($foreignWorkspaceTenant->name);
});

it('returns 404 for users without workspace membership on the evidence overview', function (): void {
    $workspaceTenant = Tenant::factory()->create();
    $user = App\Models\User::factory()->create();

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceTenant->workspace_id])
        ->get(route('admin.evidence.overview'))
        ->assertNotFound();
});

it('applies the entitled tenant prefilter on the workspace evidence overview', function (): void {
    $tenantA = Tenant::factory()->create();
    [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
    $tenantB = Tenant::factory()->create(['workspace_id' => (int) $tenantA->workspace_id]);
    createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');

    $snapshots = [];

    foreach ([[$tenantA, EvidenceCompletenessState::Complete->value], [$tenantB, EvidenceCompletenessState::Partial->value]] as [$tenant, $state]) {
        $snapshots[(int) $tenant->getKey()] = EvidenceSnapshot::query()->create([
            'tenant_id' => (int) $tenant->getKey(),
            'workspace_id' => (int) $tenant->workspace_id,
            'status' => EvidenceSnapshotStatus::Active->value,
            'completeness_state' => $state,
            'summary' => ['missing_dimensions' => 0, 'stale_dimensions' => 0],
            'generated_at' => now(),
        ]);
    }

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
        ->get(route('admin.evidence.overview', ['tenant_id' => (int) $tenantB->getKey()]))
        ->assertOk()
        ->assertSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshots[(int) $tenantB->getKey()]], tenant: $tenantB), false)
        ->assertDontSee(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshots[(int) $tenantA->getKey()]], tenant: $tenantA), false);
});

it('shows stale evidence burden and a create-review next step on the overview', function (): void {
    $staleTenant = Tenant::factory()->create(['name' => 'Stale Tenant']);
    [$user, $staleTenant] = createUserWithTenant(tenant: $staleTenant, role: 'owner');

    $freshTenant = Tenant::factory()->create([
        'workspace_id' => (int) $staleTenant->workspace_id,
        'name' => 'Fresh Tenant',
    ]);
    createUserWithTenant(tenant: $freshTenant, user: $user, role: 'owner');

    $staleSnapshot = $this->makeStaleArtifactTruthEvidenceSnapshot($staleTenant);
    $freshSnapshot = $this->makeArtifactTruthEvidenceSnapshot($freshTenant);

    Filament::setTenant(null, true);

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $staleTenant->workspace_id])
        ->get(route('admin.evidence.overview'))
        ->assertOk()
        ->assertSee($staleTenant->name)
        ->assertSee($freshTenant->name)
        ->assertSee('Refresh the stale evidence before relying on this snapshot')
        ->assertSee('Create a current review from this evidence snapshot')
        ->assertSee(EvidenceSnapshotResource::getUrl('view', ['record' => $staleSnapshot], tenant: $staleTenant), false)
        ->assertSee(EvidenceSnapshotResource::getUrl('view', ['record' => $freshSnapshot], tenant: $freshTenant), false);
});