From 7e962e6fafa457881a6415e3f6cc9c17a58071a5 Mon Sep 17 00:00:00 2001 From: Ahmed Darrazi Date: Fri, 26 Dec 2025 23:36:35 +0100 Subject: [PATCH] spec: update 006 tasks checklist --- .../006-sot-foundations-assignments/tasks.md | 52 +++++++++++-------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/specs/006-sot-foundations-assignments/tasks.md b/specs/006-sot-foundations-assignments/tasks.md index 77efe4d..cd68a2a 100644 --- a/specs/006-sot-foundations-assignments/tasks.md +++ b/specs/006-sot-foundations-assignments/tasks.md @@ -15,10 +15,10 @@ ## Phase 1: Foundation Registry and Permissions **Purpose**: Define foundation object types and ensure Graph contracts and permissions exist. -- [ ] T001 [P] Add foundation type registry in `config/tenantpilot.php` (assignmentFilter, roleScopeTag, notificationMessageTemplate) with label/category/backup/restore/risk metadata. -- [ ] T002 [P] Extend `config/graph_contracts.php` with foundation contracts (resource, create/update methods, id_field, allowed_select, type_family). -- [ ] T003 [P] Extend `config/intune_permissions.php` to include foundation permissions (DeviceManagementRBAC.ReadWrite.All and any missing read/write scopes for filters/templates). -- [ ] T004 Update type metadata helpers to include foundation types in `app/Filament/Resources/BackupSetResource.php`, `app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php`, and `app/Filament/Resources/RestoreRunResource.php`. +- [x] T001 [P] Add foundation type registry in `config/tenantpilot.php` (assignmentFilter, roleScopeTag, notificationMessageTemplate) with label/category/backup/restore/risk metadata. +- [x] T002 [P] Extend `config/graph_contracts.php` with foundation contracts (resource, create/update methods, id_field, allowed_select, type_family). +- [x] T003 [P] Extend `config/intune_permissions.php` to include foundation permissions (DeviceManagementRBAC.ReadWrite.All and any missing read/write scopes for filters/templates). +- [x] T004 Update type metadata helpers to include foundation types in `app/Filament/Resources/BackupSetResource.php`, `app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php`, and `app/Filament/Resources/RestoreRunResource.php`. **Checkpoint**: Foundation types and permissions defined and discoverable by UI helpers. @@ -28,10 +28,10 @@ ## Phase 2: Foundations Backup Capture **Purpose**: Capture assignment filters, scope tags, and notification templates into backup sets. -- [ ] T005 Create `app/Services/Intune/FoundationSnapshotService.php` to list and fetch foundation objects with Graph paging, normalized metadata, and fail-soft behavior. -- [ ] T006 Extend `app/Services/Intune/BackupService.php` to capture foundation snapshots into `backup_items` (policy_id null, policy_type set, policy_identifier = source id, metadata includes displayName). -- [ ] T007 Add a UI action/toggle to include foundations when adding to a backup set in `app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php`. -- [ ] T008 Add foundation display helpers on `app/Models/BackupItem.php` (e.g., isFoundation, foundationDisplayName) and use them in `BackupItemsRelationManager`. +- [x] T005 Create `app/Services/Intune/FoundationSnapshotService.php` to list and fetch foundation objects with Graph paging, normalized metadata, and fail-soft behavior. +- [x] T006 Extend `app/Services/Intune/BackupService.php` to capture foundation snapshots into `backup_items` (policy_id null, policy_type set, policy_identifier = source id, metadata includes displayName). +- [x] T007 Add a UI action/toggle to include foundations when adding to a backup set in `app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php`. +- [x] T008 Add foundation display helpers on `app/Models/BackupItem.php` (e.g., isFoundation, foundationDisplayName) and use them in `BackupItemsRelationManager`. **Checkpoint**: Foundations can be captured and displayed alongside policy backup items. @@ -41,10 +41,10 @@ ## Phase 3: Foundations Restore and Mapping **Purpose**: Restore foundations first and persist deterministic old to new mappings. -- [ ] T009 Create `app/Services/Intune/FoundationMappingService.php` to match by displayName, handle collisions, and emit report entries matching `contracts/restore-mapping-report.schema.json`. -- [ ] T010 Extend `app/Services/Intune/RestoreService.php` to run foundation restore first, build preview mapping (dry-run), and persist mapping results in `restore_runs.preview` and `restore_runs.results`. -- [ ] T011 Add audit events for foundation mapping decisions and failures in `app/Services/Intune/AuditLogger.php`. -- [ ] T012 Render foundation mapping in restore UI views: `resources/views/filament/infolists/entries/restore-preview.blade.php` and `resources/views/filament/infolists/entries/restore-results.blade.php`. +- [x] T009 Create `app/Services/Intune/FoundationMappingService.php` to match by displayName, handle collisions, and emit report entries matching `contracts/restore-mapping-report.schema.json`. +- [x] T010 Extend `app/Services/Intune/RestoreService.php` to run foundation restore first, build preview mapping (dry-run), and persist mapping results in `restore_runs.preview` and `restore_runs.results`. +- [x] T011 Add audit events for foundation mapping decisions and failures in `app/Services/Intune/RestoreService.php`. +- [x] T012 Render foundation mapping in restore UI views: `resources/views/filament/infolists/entries/restore-preview.blade.php` and `resources/views/filament/infolists/entries/restore-results.blade.php`. **Checkpoint**: Restore preview and execute include a foundation mapping section with deterministic decisions. @@ -54,9 +54,9 @@ ## Phase 4: Assignment-Aware Restore **Purpose**: Apply assignments only when foundation mappings exist and record clear skip reasons. -- [ ] T013 Extend `app/Services/AssignmentRestoreService.php` to map assignment filter IDs and scope tag IDs via the foundation mapping; skip and record reasons when mappings are missing. -- [ ] T014 Update `app/Services/Intune/RestoreService.php` to pass foundation mappings into assignment restore and include decision summaries in results. -- [ ] T015 Add mapping context to assignment audit logs in `app/Services/Intune/AuditLogger.php`. +- [x] T013 Extend `app/Services/AssignmentRestoreService.php` to map assignment filter IDs via the foundation mapping; skip and record reasons when mappings are missing. +- [x] T014 Update `app/Services/Intune/RestoreService.php` to pass foundation mappings into assignment restore and apply scope tag mapping when restoring policies. +- [x] T015 Add mapping context to assignment audit logs in `app/Services/AssignmentRestoreService.php`. **Checkpoint**: Assignments are applied safely with explicit skip reasons and audit coverage. @@ -77,12 +77,22 @@ ## Phase 6: Tests and Verification **Purpose**: Ensure all new behavior is covered by Pest tests and formatting is clean. -- [ ] T018 [P] Add unit tests for FoundationMappingService in `tests/Unit/FoundationMappingServiceTest.php`. -- [ ] T019 [P] Add unit tests for FoundationSnapshotService in `tests/Unit/FoundationSnapshotServiceTest.php`. -- [ ] T020 Add feature tests for foundations backup/restore preview and execute in `tests/Feature/Filament/FoundationRestoreTest.php`. -- [ ] T021 Add feature tests for assignment mapping and skip reasons in `tests/Feature/Filament/AssignmentRestoreMappingTest.php`. +- [x] T018 [P] Add unit tests for FoundationMappingService in `tests/Unit/FoundationMappingServiceTest.php`. +- [x] T019 [P] Add unit tests for FoundationSnapshotService in `tests/Unit/FoundationSnapshotServiceTest.php`. +- [x] T020 Add feature tests for foundations backup/restore preview and execute in `tests/Feature/FoundationBackupTest.php`, `tests/Feature/Filament/RestorePreviewTest.php`, `tests/Feature/Filament/RestoreExecutionTest.php`, `tests/Feature/RestoreScopeTagMappingTest.php`. +- [x] T021 Add feature tests for assignment mapping and skip reasons in `tests/Feature/RestoreAssignmentApplicationTest.php`. - [ ] T022 Add feature test for CA preview-only execution behavior in `tests/Feature/Filament/ConditionalAccessPreviewOnlyTest.php`. -- [ ] T023 Run tests: `./vendor/bin/sail artisan test tests/Feature/Filament/FoundationRestoreTest.php tests/Feature/Filament/AssignmentRestoreMappingTest.php tests/Feature/Filament/ConditionalAccessPreviewOnlyTest.php` -- [ ] T024 Run Pint: `./vendor/bin/pint --dirty` +- [x] T023 Run tests: `./vendor/bin/sail artisan test tests/Unit/FoundationSnapshotServiceTest.php tests/Unit/FoundationMappingServiceTest.php tests/Unit/TenantPermissionServiceTest.php tests/Feature/FoundationBackupTest.php tests/Feature/Filament/RestoreExecutionTest.php tests/Feature/Filament/RestorePreviewTest.php tests/Feature/Filament/RestoreItemSelectionTest.php tests/Feature/RestoreAssignmentApplicationTest.php tests/Feature/RestoreScopeTagMappingTest.php tests/Feature/RestoreRunRerunTest.php` +- [x] T024 Run Pint: `./vendor/bin/pint --dirty` + +--- + +## Phase 7: Admin UX and Safety + +**Purpose**: Improve admin clarity and safe reruns for restore flows. + +- [x] T025 Update tenant permission display to ignore configured stub grants in `app/Services/Intune/TenantPermissionService.php` and `app/Filament/Resources/TenantResource.php`, plus tests in `tests/Unit/TenantPermissionServiceTest.php`. +- [x] T026 Improve restore item selection UX (searchable list, descriptions, hint) in `app/Filament/Resources/RestoreRunResource.php` with coverage in `tests/Feature/Filament/RestoreItemSelectionTest.php`. +- [x] T027 Add restore run rerun action and coverage in `app/Filament/Resources/RestoreRunResource.php` and `tests/Feature/RestoreRunRerunTest.php`. **Checkpoint**: Tests pass and formatting is clean.