Merge remote-tracking branch 'origin/dev' into 097-settings-foundation

2026-02-16 02:08:34 +01:00 · 2026-02-16 02:08:34 +01:00 · b15357516e
commit b15357516e
parent b9ca8c579d 521fb6baaf
2 changed files with 45 additions and 4 deletions
--- a/app/Services/Intune/TenantPermissionService.php
+++ b/app/Services/Intune/TenantPermissionService.php
@ -142,8 +142,9 @@ public function compare(
        $hasMissing = false;
        $hasErrors = false;
        $checkedAt = now();
+        $tenantWorkspaceId = $this->resolveTenantWorkspaceId($tenant);

-        $canPersist = $persist && $tenant->workspace_id !== null;
+        $canPersist = $persist && $tenantWorkspaceId !== null;

        if ($canPersist && $liveCheckMeta['attempted'] === true && $liveCheckMeta['succeeded'] === false) {
            // Enterprise-safe: never overwrite stored inventory when we could not refresh it.
@ -189,9 +190,9 @@ public function compare(
                    [
                        'tenant_id' => $tenant->id,
                        'permission_key' => $key,
+                        'workspace_id' => $tenantWorkspaceId,
                    ],
                    [
-                        'workspace_id' => $tenant->workspace_id,
                        'status' => $status,
                        'details' => $details,
                        'last_checked_at' => $checkedAt,
@ -328,6 +329,29 @@ private function configuredGrantedKeys(): array
        return config('intune_permissions.granted_stub', []);
    }

+    private function resolveTenantWorkspaceId(Tenant $tenant): ?int
+    {
+        $workspaceId = $tenant->getAttribute('workspace_id');
+
+        if (is_numeric($workspaceId)) {
+            return (int) $workspaceId;
+        }
+
+        if (! $tenant->exists) {
+            return null;
+        }
+
+        $workspaceId = Tenant::query()
+            ->whereKey($tenant->getKey())
+            ->value('workspace_id');
+
+        if (! is_numeric($workspaceId)) {
+            return null;
+        }
+
+        return (int) $workspaceId;
+    }
+
    /**
     * Fetch actual granted permissions from Graph API.
     *
--- a/tests/Unit/TenantPermissionServiceTest.php
+++ b/tests/Unit/TenantPermissionServiceTest.php
@ -175,6 +175,25 @@ function requiredPermissions(): array
    ]);
 });

+it('persists permissions when the tenant instance does not have workspace_id loaded', function () {
+    $tenant = Tenant::factory()->create();
+
+    ensureDefaultProviderConnection($tenant, 'microsoft');
+
+    $tenantWithoutWorkspaceId = Tenant::query()
+        ->select(['id', 'tenant_id', 'external_id', 'name', 'status', 'environment'])
+        ->findOrFail((int) $tenant->getKey());
+
+    expect($tenantWithoutWorkspaceId->getAttribute('workspace_id'))->toBeNull();
+
+    app(TenantPermissionService::class)->compare($tenantWithoutWorkspaceId);
+
+    $this->assertDatabaseHas('tenant_permissions', [
+        'tenant_id' => (int) $tenant->getKey(),
+        'workspace_id' => (int) $tenant->workspace_id,
+    ]);
+});
+
 it('does not persist when tenant workspace_id is missing', function () {
    $tenant = Tenant::withoutEvents(function (): Tenant {
        return Tenant::create([
@ -187,8 +206,6 @@ function requiredPermissions(): array
        ]);
    });

-    ensureDefaultProviderConnection($tenant, 'microsoft');
-
    app(TenantPermissionService::class)->compare($tenant, persist: true);

    expect(TenantPermission::query()->where('tenant_id', (int) $tenant->getKey())->count())->toBe(0);