ahmido
37c6d0622c
## Summary - implement the Action Surface Contract v1.1 runtime changes for Spec 169 - add the new explicit ActionSurfaceType contract, validator/discovery updates, and enrolled surface declarations - update Filament action-surface documentation, focused guard tests, and spec artifacts for the completed feature ## Included - clickable-row vs explicit-inspect enforcement across monitoring, reporting, CRUD, and system reference surfaces - helper-first, workflow-next, destructive-last overflow ordering checks - system panel list discovery in the primary action-surface validator - Spec 169 artifacts: spec, plan, tasks, research, data model, quickstart, and logical contract ## Verification - focused Pest verification pack completed for: - tests/Feature/Guards/ActionSurfaceValidatorTest.php - tests/Feature/Guards/ActionSurfaceContractTest.php - tests/Feature/Rbac/TenantActionSurfaceConsistencyTest.php - integrated browser smoke test completed for admin-side reference surfaces: - /admin/operations - /admin/audit-log - /admin/finding-exceptions/queue - /admin/reviews - /admin/tenants ## Notes - system panel browser smoke coverage could not be exercised in the same session because /system routes require platform authentication in the integrated browser - Livewire target remains v4-compliant and no provider registration or asset strategy changes are introduced by this PR Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #200
148 lines
5.9 KiB
PHP
148 lines
5.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Filament\Pages\Monitoring;
|
|
|
|
use App\Filament\Resources\EvidenceSnapshotResource;
|
|
use App\Models\EvidenceSnapshot;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Support\Badges\BadgeCatalog;
|
|
use App\Support\Badges\BadgeDomain;
|
|
use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
|
|
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
|
|
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
|
|
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceSlot;
|
|
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceType;
|
|
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthEnvelope;
|
|
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use BackedEnum;
|
|
use Filament\Actions\Action;
|
|
use Filament\Pages\Page;
|
|
use Illuminate\Auth\AuthenticationException;
|
|
use UnitEnum;
|
|
|
|
class EvidenceOverview extends Page
|
|
{
|
|
protected static bool $isDiscovered = false;
|
|
|
|
protected static bool $shouldRegisterNavigation = false;
|
|
|
|
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-shield-check';
|
|
|
|
protected static string|UnitEnum|null $navigationGroup = 'Monitoring';
|
|
|
|
protected static ?string $title = 'Evidence Overview';
|
|
|
|
protected string $view = 'filament.pages.monitoring.evidence-overview';
|
|
|
|
/**
|
|
* @var list<array<string, mixed>>
|
|
*/
|
|
public array $rows = [];
|
|
|
|
public ?int $tenantFilter = null;
|
|
|
|
public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
|
|
{
|
|
return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::ListOnlyReadOnly, ActionSurfaceType::ReadOnlyRegistryReport)
|
|
->satisfy(ActionSurfaceSlot::ListHeader, 'The overview header exposes a clear-filters action when a tenant prefilter is active.')
|
|
->satisfy(ActionSurfaceSlot::InspectAffordance, ActionSurfaceInspectAffordance::ClickableRow->value)
|
|
->exempt(ActionSurfaceSlot::ListRowMoreMenu, 'The overview exposes a single drill-down link per row without a More menu.')
|
|
->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'The overview does not expose bulk actions.')
|
|
->satisfy(ActionSurfaceSlot::ListEmptyState, 'The empty state explains the current scope and offers a clear-filters CTA.');
|
|
}
|
|
|
|
public function mount(): void
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
throw new AuthenticationException;
|
|
}
|
|
|
|
$workspaceContext = app(WorkspaceContext::class);
|
|
$workspace = $workspaceContext->currentWorkspaceForMemberOrFail($user, request());
|
|
$workspaceId = (int) $workspace->getKey();
|
|
|
|
$accessibleTenants = $user->tenants()
|
|
->where('tenants.workspace_id', $workspaceId)
|
|
->orderBy('tenants.name')
|
|
->get()
|
|
->filter(fn (Tenant $tenant): bool => (int) $tenant->workspace_id === $workspaceId && $user->can('evidence.view', $tenant))
|
|
->values();
|
|
|
|
$this->tenantFilter = is_numeric(request()->query('tenant_id')) ? (int) request()->query('tenant_id') : null;
|
|
|
|
$tenantIds = $accessibleTenants->pluck('id')->map(static fn (mixed $id): int => (int) $id)->all();
|
|
|
|
$query = EvidenceSnapshot::query()
|
|
->with('tenant')
|
|
->where('workspace_id', $workspaceId)
|
|
->whereIn('tenant_id', $tenantIds)
|
|
->where('status', 'active')
|
|
->latest('generated_at');
|
|
|
|
if ($this->tenantFilter !== null) {
|
|
$query->where('tenant_id', $this->tenantFilter);
|
|
}
|
|
|
|
$snapshots = $query->get()->unique('tenant_id')->values();
|
|
|
|
$this->rows = $snapshots->map(function (EvidenceSnapshot $snapshot): array {
|
|
$truth = $this->snapshotTruth($snapshot);
|
|
$freshnessSpec = BadgeCatalog::spec(BadgeDomain::GovernanceArtifactFreshness, $truth->freshnessState);
|
|
|
|
return [
|
|
'tenant_name' => $snapshot->tenant?->name ?? 'Unknown tenant',
|
|
'tenant_id' => (int) $snapshot->tenant_id,
|
|
'snapshot_id' => (int) $snapshot->getKey(),
|
|
'completeness_state' => (string) $snapshot->completeness_state,
|
|
'generated_at' => $snapshot->generated_at?->toDateTimeString(),
|
|
'missing_dimensions' => (int) (($snapshot->summary['missing_dimensions'] ?? 0)),
|
|
'stale_dimensions' => (int) (($snapshot->summary['stale_dimensions'] ?? 0)),
|
|
'artifact_truth' => [
|
|
'label' => $truth->primaryLabel,
|
|
'color' => $truth->primaryBadgeSpec()->color,
|
|
'icon' => $truth->primaryBadgeSpec()->icon,
|
|
'explanation' => $truth->primaryExplanation,
|
|
],
|
|
'freshness' => [
|
|
'label' => $freshnessSpec->label,
|
|
'color' => $freshnessSpec->color,
|
|
'icon' => $freshnessSpec->icon,
|
|
],
|
|
'next_step' => $truth->nextStepText(),
|
|
'view_url' => $snapshot->tenant
|
|
? EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], tenant: $snapshot->tenant)
|
|
: null,
|
|
];
|
|
})->all();
|
|
}
|
|
|
|
/**
|
|
* @return array<Action>
|
|
*/
|
|
protected function getHeaderActions(): array
|
|
{
|
|
return [
|
|
Action::make('clear_filters')
|
|
->label('Clear filters')
|
|
->color('gray')
|
|
->visible(fn (): bool => $this->tenantFilter !== null)
|
|
->url(route('admin.evidence.overview')),
|
|
];
|
|
}
|
|
|
|
private function snapshotTruth(EvidenceSnapshot $snapshot, bool $fresh = false): ArtifactTruthEnvelope
|
|
{
|
|
$presenter = app(ArtifactTruthPresenter::class);
|
|
|
|
return $fresh
|
|
? $presenter->forEvidenceSnapshotFresh($snapshot)
|
|
: $presenter->forEvidenceSnapshot($snapshot);
|
|
}
|
|
}
|