Merge remote-tracking branch 'origin/dev' into 097-settings-foundation

2026-02-15 23:27:24 +01:00 · 2026-02-15 23:27:24 +01:00 · 9ce5febe7f
commit 9ce5febe7f
parent c76ae297e3 9d0c884251
2 changed files with 39 additions and 4 deletions
--- a/app/Services/Intune/TenantPermissionService.php
+++ b/app/Services/Intune/TenantPermissionService.php
@ -143,7 +143,7 @@ public function compare(
        $hasErrors = false;
        $checkedAt = now();

-        $canPersist = $persist;
+        $canPersist = $persist && $tenant->workspace_id !== null;

        if ($canPersist && $liveCheckMeta['attempted'] === true && $liveCheckMeta['succeeded'] === false) {
            // Enterprise-safe: never overwrite stored inventory when we could not refresh it.
@ -191,6 +191,7 @@ public function compare(
                        'permission_key' => $key,
                    ],
                    [
+                        'workspace_id' => $tenant->workspace_id,
                        'status' => $status,
                        'details' => $details,
                        'last_checked_at' => $checkedAt,
--- a/tests/Unit/TenantPermissionServiceTest.php
+++ b/tests/Unit/TenantPermissionServiceTest.php
@ -31,7 +31,7 @@ function requiredPermissions(): array
            ]));
    });

-    $tenant = Tenant::create([
+    $tenant = Tenant::factory()->create([
        'tenant_id' => 'tenant-ok',
        'name' => 'Tenant OK',
    ]);
@ -64,7 +64,7 @@ function requiredPermissions(): array
            ]));
    });

-    $tenant = Tenant::create([
+    $tenant = Tenant::factory()->create([
        'tenant_id' => 'tenant-missing',
        'name' => 'Tenant Missing',
    ]);
@ -100,7 +100,7 @@ function requiredPermissions(): array
            ->andReturn(new GraphResponse(false, [], 500, ['Graph API error']));
    });

-    $tenant = Tenant::create([
+    $tenant = Tenant::factory()->create([
        'tenant_id' => 'tenant-error',
        'name' => 'Tenant Error',
    ]);
@ -159,3 +159,37 @@ function requiredPermissions(): array
    config()->set('intune_permissions.permissions', $originalPermissions);
    config()->set('intune_permissions.granted_stub', $originalStub);
 });
+
+it('persists permissions with workspace_id even when model events are disabled', function () {
+    $tenant = Tenant::factory()->create();
+
+    ensureDefaultProviderConnection($tenant, 'microsoft');
+
+    TenantPermission::withoutEvents(function () use ($tenant): void {
+        app(TenantPermissionService::class)->compare($tenant);
+    });
+
+    $this->assertDatabaseHas('tenant_permissions', [
+        'tenant_id' => $tenant->id,
+        'workspace_id' => $tenant->workspace_id,
+    ]);
+});
+
+it('does not persist when tenant workspace_id is missing', function () {
+    $tenant = Tenant::withoutEvents(function (): Tenant {
+        return Tenant::create([
+            'tenant_id' => 'tenant-no-workspace',
+            'external_id' => 'tenant-no-workspace',
+            'name' => 'Tenant No Workspace',
+            'status' => Tenant::STATUS_ACTIVE,
+            'environment' => 'other',
+            'workspace_id' => null,
+        ]);
+    });
+
+    ensureDefaultProviderConnection($tenant, 'microsoft');
+
+    app(TenantPermissionService::class)->compare($tenant, persist: true);
+
+    expect(TenantPermission::query()->where('tenant_id', (int) $tenant->getKey())->count())->toBe(0);
+});