diff --git a/app/Filament/Resources/TenantResource.php b/app/Filament/Resources/TenantResource.php index 567b830..9153efc 100644 --- a/app/Filament/Resources/TenantResource.php +++ b/app/Filament/Resources/TenantResource.php @@ -281,7 +281,13 @@ public static function infolist(Schema $schema): Schema ->label('Features') ->formatStateUsing(fn ($state) => is_array($state) ? implode(', ', $state) : (string) $state), Infolists\Components\TextEntry::make('status') - ->badge(), + ->badge() + ->color(fn (string $state): string => match ($state) { + 'granted' => 'success', + 'missing' => 'warning', + 'error' => 'danger', + default => 'gray', + }), ]) ->columnSpanFull(), ]); @@ -908,7 +914,7 @@ public static function verifyTenant( actorEmail: $user?->email, actorName: $user?->name, status: match ($permissions['overall_status']) { - 'ok' => 'success', + 'granted' => 'success', 'error' => 'error', default => 'partial', }, diff --git a/app/Services/Intune/TenantPermissionService.php b/app/Services/Intune/TenantPermissionService.php index 32f3a7f..65eb18b 100644 --- a/app/Services/Intune/TenantPermissionService.php +++ b/app/Services/Intune/TenantPermissionService.php @@ -105,7 +105,7 @@ public function compare(Tenant $tenant, ?array $grantedStatuses = null, bool $pe $overall = match (true) { $hasErrors => 'error', $hasMissing => 'missing', - default => 'ok', + default => 'granted', }; return [ @@ -148,7 +148,7 @@ public function configuredGrantedStatuses(): array foreach ($configured as $key) { $normalized[$key] = [ - 'status' => 'ok', + 'status' => 'granted', 'details' => ['source' => 'configured'], ]; } @@ -204,7 +204,7 @@ private function fetchLivePermissions(Tenant $tenant): array foreach ($grantedPermissions as $permission) { $normalized[$permission] = [ - 'status' => 'ok', + 'status' => 'granted', 'details' => ['source' => 'graph_api', 'checked_at' => now()->toIso8601String()], ]; } diff --git a/config/intune_permissions.php b/config/intune_permissions.php index 9c16179..62c8215 100644 --- a/config/intune_permissions.php +++ b/config/intune_permissions.php @@ -104,8 +104,10 @@ 'Policy.ReadWrite.ConditionalAccess', // Feature 004 - Assignments & Scope Tags (NEU seit 2025-12-22): - // TODO: Nach Azure AD Setup verschieben nach "Tatsächlich granted" - 'DeviceManagementRBAC.Read.All', // Scope Tag Namen auflösen - 'Group.Read.All', // Group Namen für Assignments auflösen + // Diese Berechtigungen MÜSSEN in Azure AD hinzugefügt werden! + // Status wird als "missing" angezeigt, bis sie granted sind. + // Nach dem Hinzufügen: Verschiebe diese nach "Tatsächlich granted" (oben) + // 'DeviceManagementRBAC.Read.All', // → Noch nicht granted + // 'Group.Read.All', // → Noch nicht granted ], ]; diff --git a/tests/Unit/TenantPermissionServiceTest.php b/tests/Unit/TenantPermissionServiceTest.php index 5a36be1..74c2c51 100644 --- a/tests/Unit/TenantPermissionServiceTest.php +++ b/tests/Unit/TenantPermissionServiceTest.php @@ -42,14 +42,14 @@ function requiredPermissions(): array TenantPermission::create([ 'tenant_id' => $tenant->id, 'permission_key' => $permission['key'], - 'status' => 'ok', + 'status' => 'granted', ]); } $result = app(TenantPermissionService::class)->compare($tenant); - expect($result['overall_status'])->toBe('ok'); - expect(TenantPermission::where('tenant_id', $tenant->id)->where('status', 'ok')->count()) + expect($result['overall_status'])->toBe('granted'); + expect(TenantPermission::where('tenant_id', $tenant->id)->where('status', 'granted')->count()) ->toBe(count(requiredPermissions())); });