66 lines
2.8 KiB
Markdown
66 lines
2.8 KiB
Markdown
# Quickstart: Canonical Operation Viewer Context Decoupling
|
|
|
|
## Goal
|
|
|
|
Verify that canonical operation run viewing is independent of remembered tenant context while preserving tenant entitlement and capability semantics.
|
|
|
|
## Preconditions
|
|
|
|
1. Start the local environment:
|
|
|
|
```bash
|
|
vendor/bin/sail up -d
|
|
```
|
|
|
|
2. Ensure test database and app state are ready:
|
|
|
|
```bash
|
|
vendor/bin/sail artisan optimize:clear
|
|
```
|
|
|
|
## Manual Verification Flow
|
|
|
|
1. Sign in as a user who is a member of one workspace and entitled to at least two tenants in that workspace.
|
|
2. Open a canonical run linked to tenant A while tenant B is selected in the header.
|
|
3. Confirm the page still renders the run and shows a non-blocking mismatch message.
|
|
4. Clear tenant context or open the same run from a fresh session with no selected tenant.
|
|
5. Confirm the run still renders.
|
|
6. Open a tenantless run.
|
|
7. Confirm the page renders with workspace-level framing and no tenant selection requirement.
|
|
8. Open the same run from a notification-style or verification-surface `View run` entry point with no selected tenant.
|
|
9. Confirm the canonical viewer still resolves the same run.
|
|
10. Open a run linked to an onboarding, archived, or other tenant state already excluded from selector rules.
|
|
11. Confirm the page remains viewable, lifecycle-aware messaging is shown, and tenant follow-up actions are reduced or absent without blocking the viewer.
|
|
12. Open a canonical run for a tenant the current user is not entitled to.
|
|
13. Confirm the response is deny-as-not-found.
|
|
14. Open a run type that resolves a capability the current user lacks while workspace and tenant scope are otherwise valid.
|
|
15. Confirm the response is forbidden.
|
|
|
|
## Focused Test Command
|
|
|
|
```bash
|
|
vendor/bin/sail artisan test --compact \
|
|
tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php \
|
|
tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php \
|
|
tests/Feature/Operations/TenantlessOperationRunViewerTest.php \
|
|
tests/Feature/OpsUx/OperateHubShellTest.php \
|
|
tests/Feature/Monitoring/OperationsTenantScopeTest.php \
|
|
tests/Feature/RunAuthorizationTenantIsolationTest.php \
|
|
tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php
|
|
```
|
|
|
|
## Formatting
|
|
|
|
Run the required formatter after implementation changes:
|
|
|
|
```bash
|
|
vendor/bin/sail bin pint --dirty --format agent
|
|
```
|
|
|
|
## Expected Outcome
|
|
|
|
- Canonical run viewing succeeds for authorized users regardless of remembered tenant context mismatch.
|
|
- Tenant-linked runs still enforce direct tenant entitlement.
|
|
- Tenantless runs and onboarding, archived, or otherwise selector-excluded tenant-linked runs remain viewable when authorized.
|
|
- `View run` deep links remain canonical and trustworthy across tenant, notification, verification, and monitoring surfaces.
|
|
- Reduced or unavailable tenant follow-up actions do not invalidate the canonical viewer. |