From 09eced89405b5b259605b54cbbc8a5b50c0c6194 Mon Sep 17 00:00:00 2001 From: Ahmed Darrazi Date: Sun, 21 Dec 2025 01:21:52 +0100 Subject: [PATCH] fix: Improve tenant permission error handling - Return error details when Graph API calls fail instead of empty array - Mark permissions as 'error' status when live check fails - Include error source and details in database records - Fix TenantSetupTest to clear granted_stub config --- .../Intune/TenantPermissionService.php | 37 +++++++++++++++++-- tests/Feature/Filament/TenantSetupTest.php | 2 + 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/app/Services/Intune/TenantPermissionService.php b/app/Services/Intune/TenantPermissionService.php index 43760c3..32f3a7f 100644 --- a/app/Services/Intune/TenantPermissionService.php +++ b/app/Services/Intune/TenantPermissionService.php @@ -44,10 +44,18 @@ public function getGrantedPermissions(Tenant $tenant): array public function compare(Tenant $tenant, ?array $grantedStatuses = null, bool $persist = true, bool $liveCheck = false): array { $required = $this->getRequiredPermissions(); + $liveCheckFailed = false; + $liveCheckDetails = null; // If liveCheck is requested, fetch actual permissions from Graph if ($liveCheck && $grantedStatuses === null) { $grantedStatuses = $this->fetchLivePermissions($tenant); + + if (isset($grantedStatuses['__error'])) { + $liveCheckFailed = true; + $liveCheckDetails = $grantedStatuses['__error']['details'] ?? null; + unset($grantedStatuses['__error']); + } } $granted = $this->normalizeGrantedStatuses( @@ -60,8 +68,12 @@ public function compare(Tenant $tenant, ?array $grantedStatuses = null, bool $pe foreach ($required as $permission) { $key = $permission['key']; - $status = $granted[$key]['status'] ?? 'missing'; - $details = $granted[$key]['details'] ?? null; + $status = $liveCheckFailed + ? 'error' + : ($granted[$key]['status'] ?? 'missing'); + $details = $liveCheckFailed + ? ($liveCheckDetails ?? ['source' => 'graph_api']) + : ($granted[$key]['details'] ?? null); if ($persist) { TenantPermission::updateOrCreate( @@ -175,7 +187,16 @@ private function fetchLivePermissions(Tenant $tenant): array ); if (! $response->success) { - return []; + return [ + '__error' => [ + 'status' => 'error', + 'details' => [ + 'source' => 'graph_api', + 'status' => $response->status, + 'errors' => $response->errors, + ], + ], + ]; } $grantedPermissions = $response->data['permissions'] ?? []; @@ -196,7 +217,15 @@ private function fetchLivePermissions(Tenant $tenant): array 'error' => $e->getMessage(), ]); - return []; + return [ + '__error' => [ + 'status' => 'error', + 'details' => [ + 'source' => 'graph_api', + 'message' => $e->getMessage(), + ], + ], + ]; } } } diff --git a/tests/Feature/Filament/TenantSetupTest.php b/tests/Feature/Filament/TenantSetupTest.php index df38c39..5661fa2 100644 --- a/tests/Feature/Filament/TenantSetupTest.php +++ b/tests/Feature/Filament/TenantSetupTest.php @@ -158,6 +158,8 @@ public function request(string $method, string $path, array $options = []): Grap 'name' => 'UI Tenant', ]); + config(['intune_permissions.granted_stub' => []]); + $permissions = config('intune_permissions.permissions', []); $firstKey = $permissions[0]['key'] ?? 'DeviceManagementConfiguration.ReadWrite.All';