ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
f1a73490e4
TenantAtlas/apps/platform/tests/Feature/Filament/RestoreRunUiEnforcementTest.php
ahmido f1a73490e4 feat: finalize dashboard recovery honesty (#215) 
## Summary
- add a dedicated Recovery Readiness dashboard widget for backup posture and recovery evidence
- group Needs Attention items by domain and elevate the recovery call-to-action
- align restore-run and recovery posture tests with the extracted widget and continuity flows
- include the related spec artifacts for 184-dashboard-recovery-honesty

## Verification
- `cd /Users/ahmeddarrazi/Documents/projects/TenantAtlas/apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd /Users/ahmeddarrazi/Documents/projects/TenantAtlas/apps/platform && ./vendor/bin/sail artisan test --compact --filter="DashboardKpisWidget|DashboardRecoveryPosture|TenantDashboardDbOnly|TenantpilotSeedBackupHealthBrowserFixtureCommand|NeedsAttentionWidget"`
- browser smoke verified on the calm, unvalidated, and weakened dashboard states

## Notes
- Livewire v4.0+ compliant with Filament v5
- no panel provider changes; Laravel 11+ provider registration remains in `bootstrap/providers.php`
- Recovery Readiness stays within the existing tenant dashboard asset strategy; no new Filament asset registration required

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #215
2026-04-08 23:21:36 +00:00

198 lines
6.8 KiB
PHP
Raw Blame History

<?php
use App\Filament\Resources\RestoreRunResource;
use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
use App\Models\BackupSet;
use App\Models\RestoreRun;
use App\Models\Tenant;
use App\Services\Auth\CapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\Auth\UiTooltips;
use Filament\Actions\Action;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;
use Livewire\Features\SupportTesting\Testable;
use Livewire\Livewire;
use function Pest\Laravel\mock;
uses(RefreshDatabase::class);
beforeEach(function (): void {
Http::preventStrayRequests();
});
function getRestoreRunEmptyStateAction(Testable $component, string $name): ?Action
{
foreach ($component->instance()->getTable()->getEmptyStateActions() as $action) {
if ($action instanceof Action && $action->getName() === $name) {
return $action;
}
}
return null;
}
test('non-members are denied access to RestoreRun tenant routes (404)', function () {
$tenant = Tenant::factory()->create();
$otherTenant = Tenant::factory()->create();
[$user] = createUserWithTenant($otherTenant, role: 'owner');
$this->actingAs($user)
->get(RestoreRunResource::getUrl('index', tenant: $tenant))
->assertStatus(404);
});
test('members without capability see RestoreRun actions disabled with standard tooltip and cannot execute', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'readonly');
$backupSet = BackupSet::factory()->create([
'tenant_id' => $tenant->getKey(),
'status' => 'completed',
]);
$restoreRun = RestoreRun::factory()->create([
'tenant_id' => $tenant->getKey(),
'backup_set_id' => $backupSet->getKey(),
'status' => 'completed',
'deleted_at' => null,
]);
Filament::setTenant($tenant, true);
Livewire::actingAs($user)
->test(ListRestoreRuns::class)
->assertTableActionDisabled('archive', $restoreRun)
->assertTableActionExists('archive', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $restoreRun)
->callTableAction('archive', $restoreRun);
expect($restoreRun->fresh()->trashed())->toBeFalse();
});
test('members with capability can execute RestoreRun actions', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'owner');
$backupSet = BackupSet::factory()->create([
'tenant_id' => $tenant->getKey(),
'status' => 'completed',
]);
$restoreRun = RestoreRun::factory()->create([
'tenant_id' => $tenant->getKey(),
'backup_set_id' => $backupSet->getKey(),
'status' => 'completed',
'deleted_at' => null,
]);
Filament::setTenant($tenant, true);
Livewire::actingAs($user)
->test(ListRestoreRuns::class)
->assertTableActionEnabled('archive', $restoreRun)
->callTableAction('archive', $restoreRun);
expect($restoreRun->fresh()->trashed())->toBeTrue();
});
test('restore runs list shows empty state create action enabled for members with manage capability', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'owner');
Filament::setTenant($tenant, true);
$component = Livewire::actingAs($user)
->test(ListRestoreRuns::class)
->assertTableEmptyStateActionsExistInOrder(['create']);
$action = getRestoreRunEmptyStateAction($component, 'create');
expect($action)->not->toBeNull();
expect($action->isVisible())->toBeTrue();
expect($action->isDisabled())->toBeFalse();
expect($action->getLabel())->toBe('New restore run');
});
test('restore runs list shows empty state create action disabled for members without manage capability', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'readonly');
Filament::setTenant($tenant, true);
$component = Livewire::actingAs($user)
->test(ListRestoreRuns::class)
->assertTableEmptyStateActionsExistInOrder(['create']);
$action = getRestoreRunEmptyStateAction($component, 'create');
expect($action)->not->toBeNull();
expect($action->isVisible())->toBeTrue();
expect($action->isDisabled())->toBeTrue();
expect($action->getTooltip())->toBe(UiTooltips::insufficientPermission());
});
test('readonly members can inspect restore-run history while mutations remain disabled', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'readonly');
$backupSet = BackupSet::factory()->create([
'tenant_id' => $tenant->getKey(),
'status' => 'completed',
]);
$restoreRun = RestoreRun::factory()->for($tenant)->for($backupSet)->completedOutcome()->create();
Filament::setTenant($tenant, true);
Livewire::actingAs($user)
->test(ListRestoreRuns::class)
->assertCanSeeTableRecords([$restoreRun])
->assertTableActionDisabled('archive', $restoreRun);
$this->actingAs($user)
->get(RestoreRunResource::getUrl('view', [
'record' => (int) $restoreRun->getKey(),
], panel: 'tenant', tenant: $tenant))
->assertOk();
});
test('in-scope members without restore-history view capability receive 403 on restore-run list and detail drillthroughs', function () {
$tenant = Tenant::factory()->create();
[$user] = createUserWithTenant($tenant, role: 'owner');
$backupSet = BackupSet::factory()->create([
'tenant_id' => $tenant->getKey(),
'status' => 'completed',
]);
$restoreRun = RestoreRun::factory()->for($tenant)->for($backupSet)->failedOutcome()->create();
mock(CapabilityResolver::class, function ($mock) use ($tenant): void {
$mock->shouldReceive('primeMemberships')->andReturnNull();
$mock->shouldReceive('isMember')
->andReturnUsing(static fn ($user, Tenant $resolvedTenant): bool => (int) $resolvedTenant->getKey() === (int) $tenant->getKey());
$mock->shouldReceive('can')
->andReturnUsing(static function ($user, Tenant $resolvedTenant, string $capability) use ($tenant): bool {
expect((int) $resolvedTenant->getKey())->toBe((int) $tenant->getKey());
return match ($capability) {
Capabilities::TENANT_VIEW => false,
default => true,
};
});
});
Filament::setTenant($tenant, true);
$this->actingAs($user)
->get(RestoreRunResource::getUrl('index', tenant: $tenant))
->assertForbidden();
$this->get(RestoreRunResource::getUrl('view', [
'record' => (int) $restoreRun->getKey(),
], panel: 'tenant', tenant: $tenant))
->assertForbidden();
});
Reference in New Issue View Git Blame Copy Permalink