ahmido
ef380b67d1
Implements Spec 104: Provider Permission Posture. What changed - Generates permission posture findings after each tenant permission compare (queued) - Stores immutable posture snapshots as StoredReports (JSONB payload) - Adds global Finding resolved lifecycle (`resolved_at`, `resolved_reason`) with `resolve()` / `reopen()` - Adds alert pipeline event type `permission_missing` (Alerts v1) and Filament option for Alert Rules - Adds retention pruning command + daily schedule for StoredReports - Adds badge mappings for `resolved` finding status and `permission_posture` finding type UX fixes discovered during manual verification - Hide “Diff” section for non-drift findings (only drift findings show diff) - Required Permissions page: “Re-run verification” now links to Tenant view (not onboarding) - Preserve Technical Details `<details>` open state across Livewire re-renders (Alpine state) Verification - Ran `vendor/bin/sail artisan test --compact --filter=PermissionPosture` (50 tests) - Ran `vendor/bin/sail artisan test --compact --filter="FindingResolved|FindingBadge|PermissionMissingAlert"` (20 tests) - Ran `vendor/bin/sail bin pint --dirty` Filament v5 / Livewire v4 compliance - Filament v5 + Livewire v4: no Livewire v3 usage. Panel provider registration (Laravel 11+) - No new panels added. Existing panel providers remain registered via `bootstrap/providers.php`. Global search rule - No changes to global-searchable resources. Destructive actions - No new destructive Filament actions were added in this PR. Assets / deploy notes - No new Filament assets registered. Existing deploy step `php artisan filament:assets` remains unchanged. Test coverage - New/updated Pest feature tests cover generator behavior, job integration, alerting, retention pruning, and resolved lifecycle. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #127
68 lines
1.8 KiB
PHP
68 lines
1.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Models;
|
|
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
|
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
|
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
|
|
|
class AlertRule extends Model
|
|
{
|
|
use HasFactory;
|
|
|
|
public const string EVENT_HIGH_DRIFT = 'high_drift';
|
|
|
|
public const string EVENT_COMPARE_FAILED = 'compare_failed';
|
|
|
|
public const string EVENT_SLA_DUE = 'sla_due';
|
|
|
|
public const string EVENT_PERMISSION_MISSING = 'permission_missing';
|
|
|
|
public const string TENANT_SCOPE_ALL = 'all';
|
|
|
|
public const string TENANT_SCOPE_ALLOWLIST = 'allowlist';
|
|
|
|
protected $guarded = [];
|
|
|
|
protected $casts = [
|
|
'is_enabled' => 'boolean',
|
|
'tenant_allowlist' => 'array',
|
|
'cooldown_seconds' => 'integer',
|
|
'quiet_hours_enabled' => 'boolean',
|
|
];
|
|
|
|
public function workspace(): BelongsTo
|
|
{
|
|
return $this->belongsTo(Workspace::class);
|
|
}
|
|
|
|
public function destinations(): BelongsToMany
|
|
{
|
|
return $this->belongsToMany(AlertDestination::class, 'alert_rule_destinations')
|
|
->using(AlertRuleDestination::class)
|
|
->withPivot(['id', 'workspace_id'])
|
|
->withTimestamps();
|
|
}
|
|
|
|
public function deliveries(): HasMany
|
|
{
|
|
return $this->hasMany(AlertDelivery::class);
|
|
}
|
|
|
|
public function appliesToTenant(int $tenantId): bool
|
|
{
|
|
if ($this->tenant_scope_mode !== self::TENANT_SCOPE_ALLOWLIST) {
|
|
return true;
|
|
}
|
|
|
|
$allowlist = is_array($this->tenant_allowlist) ? $this->tenant_allowlist : [];
|
|
$allowlist = array_values(array_unique(array_map(static fn (mixed $value): int => (int) $value, $allowlist)));
|
|
|
|
return in_array($tenantId, $allowlist, true);
|
|
}
|
|
}
|