feat(worbench-setup): make plugin development self-contained

.lando.dist.yml

@@ -1,12 +1,30 @@
-#file: noinspection ComposeUnknownKeys
-name: eclipse-world
+#file: noinspection ComposeUnknownKeys,YAMLSchemaValidation
+name: eclipse-world-plugin
+recipe: laravel
+config:
+  webroot: workbench/public
+  php: '8.3'
+  via: nginx
+  database: mariadb:10.11
 services:
   appserver:
     type: php:custom
     xdebug: "debug,develop,coverage"
-    via: cli
+    environment:
+      TZ: "Europe/Ljubljana"
+      APP_BASE_PATH: "/app/workbench"
+      TESTBENCH_WORKING_PATH: "/app"
     overrides:
-      image: slimdeluxe/php:8.2-v1.1
+      image: slimdeluxe/php:8.3-v1.3
+      platform: linux/amd64
+    run:
+      - composer install --no-interaction --prefer-dist
+      - composer run setup --no-interaction
+      - composer run build --no-interaction
+  appserver_nginx:
+    scanner:
+      path: /admin/login
+      retry: 5
 tooling:
   php:
     service: appserver

README.md

@@ -59,6 +59,25 @@ Should you want to contribute, please see the development guidelines in the [Dat
     ````
 4. You can now develop and run tests. Happy coding 😉
 
+#### Workbench + Lando (browser testing)
+
+This package ships with a minimal Testbench Workbench so you can run the Filament UI without a separate app:
+
+1. Clone the repository
+2. Start the container
+   ```shell
+   lando start
+   ```
+
+3. Open the admin panel at `https://eclipse-world-plugin.lndo.site/admin`
+
+**No login required** - you'll be automatically signed in as a test user with full permissions.
+
+Notes:
+- The container serves `workbench/public` as the webroot.
+- Use `lando test` for `package:test` and `lando testbench` for other Testbench commands.
+- No Telescope, websockets or health checks are enabled to keep the setup minimal.
+
 💡 To manually test the plugin in the browser, see our [recommendation](https://github.com/DataLinx/eclipsephp-core/blob/main/docs/Documentation.md#-plugin-development), which is also [how Filament suggests package development](https://filamentphp.com/docs/3.x/support/contributing#developing-with-a-local-copy-of-filament).  
 However, the plugin should be universal and not dependent on our app setup or core package.
 

composer.json

@@ -72,9 +72,11 @@
             "@php vendor/bin/testbench serve --ansi"
         ],
         "setup": [
+            "@php -r \"if (!file_exists('workbench/.env')) { copy('workbench/.env.example', 'workbench/.env'); echo '.env file created from .env.example\\n'; }\"",
+            "@php vendor/bin/testbench key:generate --ansi",
             "npm install",
-            "@php vendor/bin/testbench vendor:publish --provider='Spatie\\Permission\\PermissionServiceProvider'",
             "@php vendor/bin/testbench vendor:publish --tag='filament-shield-config'",
+            "@php vendor/bin/testbench filament:assets",
             "@php vendor/bin/testbench package:sync-skeleton"
         ]
     },

phpunit.xml.dist

@@ -19,7 +19,7 @@
         <server name="BCRYPT_ROUNDS" value="4"/>
         <server name="CACHE_STORE" value="array"/>
         <server name="DB_CONNECTION" value="sqlite"/>
-        <server name="DB_DATABASE" value=":memory:"/>
+        <server name="DB_DATABASE" value="workbench/database/database.sqlite"/>
         <server name="MAIL_MAILER" value="array"/>
         <server name="QUEUE_CONNECTION" value="sync"/>
         <server name="SESSION_DRIVER" value="array"/>

testbench.yaml

@@ -1,13 +1,21 @@
 laravel: '@testbench'
 
+env:
+  - DB_CONNECTION=sqlite
+  - DB_DATABASE=/app/workbench/database/database.sqlite
+  - APP_KEY=base64:ZQvPGC7uVADkjOgtGIIuCI8u3/Pzu+VaRObIbHsgjCc=
+  - APP_ENV=local
+  - APP_DEBUG=true
+  - SESSION_DRIVER=database
+  - CACHE_STORE=database
+  - QUEUE_CONNECTION=sync
+
 providers:
   - Workbench\App\Providers\WorkbenchServiceProvider
 
 migrations:
   - workbench/database/migrations
-
-seeders:
-  - Workbench\Database\Seeders\DatabaseSeeder
+  - database/migrations
 
 workbench:
   start: '/'
@@ -16,7 +24,7 @@ workbench:
   discovers:
     web: true
     api: false
-    commands: false
+    commands: true
     components: false
     views: false
   build:
@@ -26,7 +34,3 @@ workbench:
     - migrate-fresh
   assets:
     - laravel-assets
-  sync:
-    - from: storage
-      to: workbench/storage
-      reverse: true

workbench/.env.example

@@ -1,8 +1,8 @@
 APP_NAME=Laravel
 APP_ENV=local
-APP_KEY=AckfSECXIvnK5r28GVIWUAxmbBSjTsmF
+APP_KEY=
 APP_DEBUG=true
-APP_URL=http://localhost
+APP_URL=https://eclipse-world-plugin.lndo.site
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
@@ -21,23 +21,26 @@ LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
 DB_CONNECTION=sqlite
+DB_DATABASE=/app/workbench/database/database.sqlite
 # DB_HOST=127.0.0.1
 # DB_PORT=3306
-# DB_DATABASE=laravel
 # DB_USERNAME=root
 # DB_PASSWORD=
 
-SESSION_DRIVER=cookie
+SESSION_DRIVER=database
 SESSION_LIFETIME=120
 SESSION_ENCRYPT=false
 SESSION_PATH=/
-SESSION_DOMAIN=null
+SESSION_DOMAIN=.eclipse-world-plugin.lndo.site
+SESSION_SECURE_COOKIE=true
+SESSION_HTTP_ONLY=true
+SESSION_SAME_SITE=lax
 
 BROADCAST_CONNECTION=log
 FILESYSTEM_DISK=local
-QUEUE_CONNECTION=database
+QUEUE_CONNECTION=sync
 
-CACHE_STORE=database
+CACHE_STORE=array
 # CACHE_PREFIX=
 
 MEMCACHED_HOST=127.0.0.1

workbench/.gitignore

@@ -1,3 +1,23 @@
 .env
 .env.dusk
-storage
+storage/app/*
+!storage/app/.gitkeep
+!storage/app/public/
+storage/app/public/*
+!storage/app/public/.gitkeep
+storage/framework/sessions/*
+!storage/framework/sessions/.gitkeep
+storage/framework/testing/*
+!storage/framework/testing/.gitkeep
+storage/framework/views/*
+!storage/framework/views/.gitkeep
+storage/logs/*
+!storage/logs/.gitkeep
+stubs/
+resources/views/vendor/
+lang/
+vendor
+public/build
+public/hot
+/public/css
+/public/js

workbench/app/Http/Middleware/WorkbenchBootstrap.php

@@ -0,0 +1,179 @@
+<?php
+
+namespace Workbench\App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Artisan;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Log;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+use Spatie\Permission\PermissionRegistrar;
+use Workbench\App\Models\User;
+
+class WorkbenchBootstrap
+{
+    public function handle(Request $request, Closure $next)
+    {
+        if (config('app.env') === 'local' && ! Auth::guard('web')->check()) {
+            $user = User::query()->first();
+
+            if (! $user) {
+                try {
+                    $user = User::query()->firstOrCreate(
+                        ['email' => 'test@example.com'],
+                        [
+                            'name' => 'Admin User',
+                            'password' => Hash::make('password'),
+                            'email_verified_at' => now(),
+                        ],
+                    );
+                } catch (\Throwable $e) {
+                    Log::error('[Workbench] User creation failed', ['message' => $e->getMessage()]);
+                    // In case of a race/unique constraint, fetch the existing one
+                    $user = User::query()->where('email', 'test@example.com')->first();
+                }
+            }
+
+            if ($user) {
+                $this->bootstrapPermissionsAndAssign($user);
+                Auth::guard('web')->login($user);
+                $request->session()->regenerate();
+
+                if ($request->is('admin/login')) {
+                    return redirect()->to('/admin');
+                }
+            }
+        }
+
+        return $next($request);
+    }
+
+    private function bootstrapPermissionsAndAssign(User $user): void
+    {
+        // Use cache to prevent running this multiple times
+        $cacheKey = 'workbench:permissions:bootstrapped';
+
+        if (Cache::has($cacheKey)) {
+            // Just ensure user has roles if already bootstrapped
+            $this->ensureUserHasRoles($user);
+
+            return;
+        }
+
+        try {
+            // Use lock to prevent concurrent execution
+            Cache::lock('workbench:bootstrap-permissions', 30)->block(10, function () use ($user, $cacheKey) {
+                // Double-check inside the lock
+                if (Cache::has($cacheKey)) {
+                    return;
+                }
+
+                // Normalize guards first
+                DB::table('permissions')->whereNull('guard_name')->orWhere('guard_name', '')->update(['guard_name' => 'web']);
+                DB::table('roles')->whereNull('guard_name')->orWhere('guard_name', '')->update(['guard_name' => 'web']);
+
+                // Generate Filament Shield permissions if none exist yet
+                if (Permission::query()->count() === 0) {
+                    Artisan::call('shield:generate', [
+                        '--all' => true,
+                        '--panel' => 'admin',
+                    ]);
+                }
+
+                // Reset caches/registrar to ensure guards are picked up
+                Artisan::call('permission:cache-reset');
+                app(PermissionRegistrar::class)->forgetCachedPermissions();
+
+                // Ensure roles with correct guard
+                $this->ensureRolesHaveCorrectGuard();
+
+                // Create roles
+                $superAdmin = Role::firstOrCreate(['name' => 'super_admin', 'guard_name' => 'web']);
+                $panelUser = Role::firstOrCreate(['name' => 'panel_user', 'guard_name' => 'web']);
+
+                // Only assign permissions if the role doesn't already have them
+                $this->assignPermissionsToRole($superAdmin);
+
+                // Assign roles to user
+                $this->ensureUserHasRoles($user);
+
+                // Mark as bootstrapped (cache for 1 hour)
+                Cache::put($cacheKey, true, 3600);
+            });
+        } catch (\Throwable $e) {
+            Log::error('[Workbench] Bootstrap permissions failed', ['message' => $e->getMessage()]);
+        }
+    }
+
+    private function ensureRolesHaveCorrectGuard(): void
+    {
+        $existingSuper = Role::where('name', 'super_admin')->first();
+        if ($existingSuper && $existingSuper->guard_name !== 'web') {
+            $existingSuper->guard_name = 'web';
+            $existingSuper->save();
+        }
+
+        $existingPanel = Role::where('name', 'panel_user')->first();
+        if ($existingPanel && $existingPanel->guard_name !== 'web') {
+            $existingPanel->guard_name = 'web';
+            $existingPanel->save();
+        }
+    }
+
+    private function assignPermissionsToRole(Role $role): void
+    {
+        // Check if role already has permissions to avoid duplicate inserts
+        if ($role->permissions()->count() > 0) {
+            return;
+        }
+
+        $permissions = Permission::query()->where('guard_name', 'web')->get();
+        if ($permissions->isNotEmpty()) {
+            // Use DB transaction to ensure atomicity
+            DB::transaction(function () use ($role, $permissions) {
+                // Clear existing permissions first to avoid duplicates
+                $role->permissions()->detach();
+
+                // Batch insert to avoid individual constraint violations
+                $pivotData = $permissions->map(function ($permission) use ($role) {
+                    return [
+                        'role_id' => $role->id,
+                        'permission_id' => $permission->id,
+                    ];
+                })->toArray();
+
+                // Use insert ignore equivalent for SQLite
+                foreach ($pivotData as $data) {
+                    DB::table('role_has_permissions')
+                        ->insertOrIgnore($data);
+                }
+            });
+        }
+    }
+
+    private function ensureUserHasRoles(User $user): void
+    {
+        $superAdmin = Role::where('name', 'super_admin')->where('guard_name', 'web')->first();
+        $panelUser = Role::where('name', 'panel_user')->where('guard_name', 'web')->first();
+
+        $rolesToAssign = collect([$superAdmin, $panelUser])
+            ->filter()
+            ->pluck('name')
+            ->toArray();
+
+        if (! empty($rolesToAssign)) {
+            // Only sync if user doesn't already have these roles
+            $existingRoles = $user->roles()->pluck('name')->toArray();
+            $missingRoles = array_diff($rolesToAssign, $existingRoles);
+
+            if (! empty($missingRoles)) {
+                $user->assignRole($missingRoles);
+            }
+        }
+    }
+}