Skip to content

fix audit log + add Pest test #1786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dbarzin merged 3 commits into from
Dec 1, 2025
Merged

fix audit log + add Pest test #1786

dbarzin merged 3 commits into from
Dec 1, 2025

Conversation

@dbarzin
Copy link
Owner

@dbarzin dbarzin commented Dec 1, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores

    • Version bumped to 2025.12.01.
    • Build pipeline adds an extra dependency update step.

  • Improvements

    • Audit logs UI: clearer subject display, updated link construction and history route/name for consistent navigation.
    • Enabled SQL query logging when debug mode is on.

  • Tests

    • Added feature tests covering audit logs index, show, and history pages.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 1, 2025
edited
Loading

Walkthrough

Version bump and build-step addition; controller import switched to Symfony Response; audit-log route renamed and URL-generation calls refactored across views/models; AppServiceProvider debug SQL logging enabled; seeder insert approach adjusted; new feature tests added for audit logs.

Changes

Cohort / File(s) Summary
Version files
package.json, version.txt		 Bumped version from 2025.11.28 to 2025.12.01.
Build script
build.sh		 Added "2b. composer update" step that unsets two global Composer repos and runs composer update.
Controller import
app/Http/Controllers/Admin/AuditLogsController.php		 Reordered imports and replaced Illuminate\Http\Response with Symfony\Component\HttpFoundation\Response for HTTP status constants.
Routes
routes/web.php		 Replaced history/{type}/{id} route with audit-logs/history/{type}/{id} and renamed route to admin.audit-logs.history.
Views – audit logs
resources/views/admin/auditLogs/index.blade.php, resources/views/admin/auditLogs/show.blade.php, resources/views/admin/auditLogs/history.blade.php		 Changed subject_type display to use Str::afterLast(...); replaced prior App\Models\AuditLog::subjectURL(...) usages with Mercator\Core\Models\AuditLog::URL(subject_type, subject_id) or instance subjectURL() where applicable; updated history route references to admin.audit-logs.history.
View – certificates
resources/views/admin/certificates/show.blade.php		 Updated audit-history link route name to admin.audit-logs.history (parameters preserved).
ServiceProvider
app/Providers/AppServiceProvider.php		 Fixed conditional to enable DB query logging when config('app.debug') is true (activated previously-disabled DB::listen block).
Seeder
database/seeders/RolesTableSeeder.php		 Moved Role import and changed Role::insert($roles) to Role::query()->insert($roles).
Tests
tests/Feature/Controller/AuditLogControllerTest.php		 Added feature tests covering audit logs: index, show, and history flows; seeds permissions/roles and related model factories.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

  • Verify all references to the renamed route admin.audit-logs.history (views, controllers, and route names) are consistent.
  • Confirm Mercator\Core\Models\AuditLog::URL(...) and instance subjectURL() usages match implemented signatures.
  • Check controller use of Symfony\Component\HttpFoundation\Response constants doesn’t break other middleware or response handling.
  • Review AppServiceProvider DB::listen activation to ensure logging only occurs in intended environments.
  • Run the new feature tests to validate seeding and deterministic behavior.

Poem

🐇 I hopped through routes and nudged a version bright,
I swapped out links and gave the build one more bite.
Mercator maps the logs, the seeder plants its rows,
Debug whispers queries where the silent logger grows.
A rabbit's tiny cheer — the repo gently glows.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check ❓ Inconclusive The title 'fix audit log + add Pest test' partially relates to the changeset but is vague and overly broad. While the PR does fix audit log functionality and adds tests, it encompasses significantly more changes including build script updates, version bumps, database seeder modifications, and route restructuring. Consider a more specific title that captures the primary scope, such as 'Refactor audit log URL handling and add feature tests' or 'Migrate audit log URLs to Mercator Core and enhance test coverage'.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dev
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 0c37833 and dccc109.

📒 Files selected for processing (1)
  • tests/Feature/Controller/AuditLogControllerTest.php (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • tests/Feature/Controller/AuditLogControllerTest.php

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 PHPStan (2.1.32)

Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Package operations: 193 installs, 0 updates, 0 removals

  • Downloading pestphp/pest-plugin (v3.0.0)
  • Downloading squizlabs/php_codesniffer (3.13.5)
  • Downloading dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
  • Downloading react/event-loop (v1.6.0)
  • Downloading evenement/evenement (v3.0.2)
  • Downloading react/stream (v1.4.0)
  • Downloading clue/ndjson-react (v1.3.0)
  • Downloading psr/log (3.0.2)
  • Downloading composer/pcre (3.3.2)
  • Downloading composer/xdebug-handler (3.0.5)
  • Downloading ramsey/collection (2.1.1)
  • Downloading brick/math (0.14.1)
  • Downloading ramsey/uuid (4.9.1)
  • Downloading voku/portable-ascii (2.0.3)
  • Downloading symfony/polyfill-php80 (v1.33.0)
  • Downloading symfony/polyfill-mbstring (v1.33.0)
  • Downloading symfony/polyfill-ctype (v1.33.0)
  • Downloading phpoption/phpoption (1.9.4)
  • Down

... [truncated 7754 characters] ...

p line 48:

Source path "../mercator-core" is not found for package sourcentis/mercator
-core

install [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--dry-run] [--download-only] [--dev] [--no-suggest] [--no-dev] [--no-autoloader] [--no-progress] [--no-install] [--audit] [--audit-format AUDIT-FORMAT] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--] [...]

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Dec 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (3)
build.sh (1)

29-34: Consider hardening the new Composer step (global config + set -e)

The new step does what it says, but there are two potential gotchas:

  • composer config --global --unset repositories.mercator-core / repositories.mercator-dummy mutate the global Composer config for the user running the script. If those repositories are only meant for this project, you may prefer a project‑local config instead of --global.
  • With set -e, if those keys are not present in the global config and Composer returns a non‑zero exit code, the whole build will abort. To make the script more robust you could allow these unsets to be best‑effort.

For example:

-### --- 2b. composer update
-composer config --global --unset repositories.mercator-core
-composer config --global --unset repositories.mercator-dummy
-composer update
+### --- 2b. composer update
+composer config --global --unset repositories.mercator-core || true
+composer config --global --unset repositories.mercator-dummy || true
+composer update

And keep (or drop) --global depending on whether you truly want to clean the user’s global Composer setup.

tests/Feature/Controller/AuditLogControllerTest.php (2)

37-37: Fix typo in comment.

"objets" should be "objects".

-        // create some objets
+        // create some objects

64-64: Update test description to match the test scope.

The test description says "can display logs index page" but this test is actually for the show page, not the index page.

-    test('can display logs index page', function () {
+    test('can display log show page', function () {
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between dd0ccf1 and 3f5b827.

⛔ Files ignored due to path filters (2)
  • composer.lock is excluded by !**/*.lock
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (9)
  • app/Http/Controllers/Admin/AuditLogsController.php (1 hunks)
  • build.sh (1 hunks)
  • package.json (1 hunks)
  • resources/views/admin/auditLogs/history.blade.php (1 hunks)
  • resources/views/admin/auditLogs/index.blade.php (2 hunks)
  • resources/views/admin/auditLogs/show.blade.php (1 hunks)
  • routes/web.php (1 hunks)
  • tests/Feature/Controller/AuditLogControllerTest.php (1 hunks)
  • version.txt (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
routes/web.php (1)
app/Http/Controllers/Admin/AuditLogsController.php (1)
  • AuditLogsController (12-77)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (6)
package.json (1)

15-15: Version bump aligns with release metadata

The updated "version": "2025.12.01" is consistent with version.txt and the build script’s use of that file. Nothing else to flag here.

app/Http/Controllers/Admin/AuditLogsController.php (1)

9-10: Model namespace and Response import look correct

Using Mercator\Core\Models\AuditLog for the show(AuditLog $auditLog) type-hint and switching to Symfony\Component\HttpFoundation\Response for HTTP status constants are both consistent and should be functionally equivalent to the previous setup.

version.txt (1)

1-1: version.txt kept in sync

The version string 2025.12.01 matches package.json and the build script’s date-based versioning. All good.

resources/views/admin/auditLogs/index.blade.php (1)

54-55: Index view updates are consistent with the new URL helper and route

  • Str::afterLast($log->subject_type, '\\') is a nice improvement for displaying the short class name instead of the full FQCN.
  • Using \Mercator\Core\Models\AuditLog::URL($log->subject_type, $log->subject_id) centralizes subject URL generation and keeps the view thin.
  • The history button now targets route('admin.audit-logs.history', ['type' => $log->subject_type, 'id' => $log->subject_id]), which matches the new route name and parameters.

All of this looks coherent with the routing and model changes.

Also applies to: 57-58, 76-77

resources/views/admin/auditLogs/history.blade.php (1)

22-24: History view correctly reuses the centralized AuditLog URL helper

The subject link now uses \Mercator\Core\Models\AuditLog::URL($auditLogs->first()->subject_type, $auditLogs->first()->subject_id), which aligns with the new URL helper used elsewhere. Given the controller aborts when $auditLogs is empty, calling first() here is safe.

resources/views/admin/auditLogs/show.blade.php (1)

29-30: Show view subject display and URL delegation look good

  • Str::afterLast($auditLog->subject_type, '\\') makes the subject type much more readable and matches the index view behavior.
  • Using $auditLog->subjectURL() pushes URL generation into the model, which is cleaner than building it in the view and keeps usage consistent with the new static helper elsewhere.

Assuming the new subjectURL() method is covered by the added tests, this looks solid.

Also applies to: 37-38

coderabbitai[bot]
coderabbitai bot reviewed Dec 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
app/Providers/AppServiceProvider.php (1)

34-39: Tighten SQL logging scope and improve log structure

Enabling DB::listen on config('app.debug') is useful, but a couple of tweaks would make this safer and more usable:

  • Consider also scoping this to non‑production environments to avoid accidentally flooding prod logs or leaking sensitive data if APP_DEBUG is ever misconfigured.
  • Log queries as structured data (SQL + bindings + time) rather than a concatenated string to improve readability and searchability.

For example:

-        if (config('app.debug')) {
-            // Log SQL Queries
-            \DB::listen(function ($query): void {
-                \Log::info($query->time.':'.$query->sql);
-            });
-        }
+        if (config('app.debug') && App::environment(['local', 'testing'])) {
+            // Log SQL queries (debug only, non-production)
+            \DB::listen(function ($query): void {
+                \Log::info('sql_query', [
+                    'sql'      => $query->sql,
+                    'bindings' => $query->bindings,
+                    'time_ms'  => $query->time,
+                    'connection' => $query->connectionName ?? null,
+                ]);
+            });
+        }

This keeps the behavior you want while reducing prod risk and making logs more actionable.

database/seeders/RolesTableSeeder.php (1)

15-32: Role::query()->insert($roles) bypasses model events and will leave timestamps as NULL

The insert() method skips Eloquent, so created_at/updated_at won't be auto-set—they'll remain NULL since the seed array doesn't include them. If timestamps should be tracked for roles, either add them explicitly to each array element or use a per-row approach like firstOrCreate() (though that still requires timestamps unless relying on database defaults). For straightforward initial role seeding where timestamps don't matter, the current approach is acceptable.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 3f5b827 and 0c37833.

📒 Files selected for processing (3)
  • app/Providers/AppServiceProvider.php (1 hunks)
  • database/seeders/RolesTableSeeder.php (2 hunks)
  • resources/views/admin/certificates/show.blade.php (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
database/seeders/RolesTableSeeder.php (3)
database/seeders/RoleUserTableSeeder.php (1)
  • run (11-22)
database/seeders/PermissionRoleTableSeeder.php (1)
  • run (13-749)
database/seeders/PermissionsTableSeeder.php (1)
  • run (13-329)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (3)
resources/views/admin/certificates/show.blade.php (1)

18-22: Verify route name for audit log history and prefer ::class over raw FQCN

The new button wiring looks correct conceptually, but two details are worth tightening up:

  1. Route name consistency
    This view calls route('admin.audit-logs.history', [...]). Please verify the actual route definition in routes/web.php to ensure the route name (with or without admin. prefix) matches exactly; otherwise this will 500 at runtime with a "route not defined" error.

  2. Model type string robustness
    Instead of the hardcoded 'App\Models\Certificate', use the class constant:

    

    3. 



    

  • 

           <a class="btn btn-secondary" href="{{ route('admin.audit-logs.history',

    

    • 

  • 

           ['type' => 'App\Models\Certificate', 'id' => $certificate->id]) }}">

    

    • 



    

  • 

           <a class="btn btn-secondary" href="{{ route('admin.audit-logs.history', [

    

    • 

  • 

               'type' => \App\Models\Certificate::class,

    

    • 

  • 

               'id' => $certificate->id,

    

    • 

  • 

           ]) }}">

    

    

    

    • 






database/seeders/RolesTableSeeder.php (2)


7-7: Importing Mercator\Core\Models\Role is consistent with the core model namespace shift


The updated import aligns this seeder with the Mercator\Core\Models namespace used elsewhere; no issues here.




13-15: Spacing after the log improves readability


The blank line after \Log::info('RolesTableSeeder'); visually separates logging from the main seeding logic and matches the style used in other seeders.








      
    

  
  




                    

                  
  
  

    
  
    
    

  

  

  



                      

                    
                  








      

  
  
  




  








      

  
          
 
  

    
  

  


        
        @dbarzin
  dbarzin



        merged commit 483f394
      into

      
  
    master
  


    Dec 1, 2025

      

        6 checks passed
      


      

        
  
          
  
    
    


  
      

  
















  
  

    

      

  




      


    


    

      

        
      

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
          



      

  

    
    

    

  

    Reviewers
  


    


      
  

    


  
      @coderabbitai
  
    coderabbitai[bot]



    
      
        
      
    
    coderabbitai[bot] left review comments

  



      






    
    

    

  


      
  

    Assignees
  



        


    No one assigned







      


  


  

    Labels
  



    

    None yet







      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    

      
        

          
  

    Development
  



            


Successfully merging this pull request may close these issues.





  
  



      
    

  




      

    

  
      

  

    

      2 participants
    

    

        
          @dbarzin