ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dd7139ebe3
TenantAtlas/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php
ahmido dd7139ebe3 Spec392 customer output gating (#463) 
Implements Spec392 customer output gating for review pack downloads, rendered reports, management PDFs, and customer workspace CTAs.

Validation:
- php vendor/bin/pest --filter=Spec392: 12 passed / 58 assertions
- php vendor/bin/pest --filter='ReviewPack|CustomerReviewWorkspace|StoredReport': 283 passed / 1 skipped / 2053 assertions
- affected browser matrix: 12 passed / 420 assertions
- php vendor/bin/pint --dirty: pass
- git diff --check: pass

Notes:
- Deprecated limited-download semantics remain removed.
- Unsafe customer-facing output returns 403/no output.
- Internal preview/report access is operator-only.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #463
2026-06-20 20:54:50 +00:00

101 lines
3.6 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Http\Controllers;
use App\Models\ManagedEnvironment;
use App\Models\ReviewPack;
use App\Models\User;
use App\Services\Audit\WorkspaceAuditLogger;
use App\Support\Audit\AuditActionId;
use App\Support\Auth\Capabilities;
use App\Support\ReviewPacks\CustomerOutputGate;
use App\Support\ReviewPackStatus;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
use Symfony\Component\HttpFoundation\StreamedResponse;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class ReviewPackDownloadController extends Controller
{
public function __invoke(Request $request, ReviewPack $reviewPack): StreamedResponse
{
$user = $request->user();
$tenant = $reviewPack->tenant;
if (! $user instanceof User || ! $tenant instanceof ManagedEnvironment) {
throw new NotFoundHttpException;
}
if (! $user->canAccessTenant($tenant)) {
throw new NotFoundHttpException;
}
if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
abort(403);
}
if ($reviewPack->status !== ReviewPackStatus::Ready->value) {
throw new NotFoundHttpException;
}
if ($reviewPack->expires_at && $reviewPack->expires_at->isPast()) {
throw new NotFoundHttpException;
}
if (! filled($reviewPack->file_path) || ! filled($reviewPack->file_disk)) {
throw new NotFoundHttpException;
}
$disk = Storage::disk($reviewPack->file_disk ?? 'exports');
if (! $disk->exists($reviewPack->file_path)) {
throw new NotFoundHttpException;
}
$internalPreview = $request->boolean(CustomerOutputGate::INTERNAL_PREVIEW_QUERY_KEY);
$gateDecision = app(CustomerOutputGate::class)->decisionForReviewPack($reviewPack, $user);
if (! $gateDecision->canStream($internalPreview)) {
abort(403);
}
app(WorkspaceAuditLogger::class)->log(
workspace: $tenant->workspace,
action: AuditActionId::ReviewPackDownloaded,
context: [
'metadata' => [
'review_pack_id' => (int) $reviewPack->getKey(),
'environment_review_id' => $reviewPack->environment_review_id !== null
? (int) $reviewPack->environment_review_id
: null,
'source_surface' => (string) $request->query('source_surface', 'review_pack'),
'review_id' => $request->query('review_id'),
'tenant_filter_id' => $request->query('tenant_filter_id'),
'interpretation_version' => $request->query('interpretation_version'),
'download_mode' => $internalPreview ? 'internal_preview' : 'customer_output',
'customer_output_gate_state' => $gateDecision->state,
'customer_output_guidance_state' => $gateDecision->guidanceState,
],
],
actor: $user,
resourceType: 'review_pack',
resourceId: (string) $reviewPack->getKey(),
targetLabel: sprintf('Review pack #%d', (int) $reviewPack->getKey()),
tenant: $tenant,
operationRunId: $reviewPack->operation_run_id,
);
$filename = sprintf(
'review-pack-%s-%s.zip',
$tenant?->external_id ?? 'unknown',
$reviewPack->generated_at?->format('Y-m-d') ?? now()->format('Y-m-d'),
);
return $disk->download($reviewPack->file_path, $filename, [
'X-Review-Pack-SHA256' => $reviewPack->sha256 ?? '',
]);
}
}
Reference in New Issue View Git Blame Copy Permalink