Changes:
- Status labels: 'ok' → 'granted' (clearer meaning)
- Badge colors: granted=green, missing=orange, error=red
- Updated tests to match new status values
This makes the permission status more intuitive and visually
distinguishable on the Tenant detail page (/admin/tenants/1).
- Created docs/PERMISSIONS.md with complete permission requirements
- Added logging for 403 errors in ScopeTagResolver
- Updated README with link to permissions documentation
Issue: Scope tags show 'Unknown (ID: 0)' due to missing permission
Required: DeviceManagementRBAC.Read.All with admin consent
User must:
1. Go to Azure Portal → App Registration
2. Add DeviceManagementRBAC.Read.All permission
3. Grant admin consent
4. Wait 5-10 min for propagation
5. Clear cache: php artisan cache:clear
Fixes bug where removed backup items could not be re-added via UI.
🐛 Problem:
- When a BackupItem is soft-deleted (removed from BackupSet), it disappears from UI
- User tries to re-add the same policy → receives 'added successfully' notification
- Policy doesn't actually get added → BackupService filtered it out as already existing
- Confusing UX: notification says success but nothing changes
🔍 Root Cause:
BackupService checked for existence of policies including soft-deleted ones:
$existingPolicyIds = $backupSet->items()->withTrashed()->pluck('policy_id')
$policyIds = array_diff($policyIds, $existingPolicyIds) // ❌ Filters out soft-deleted
This prevented re-adding policies that were previously removed.
✅ Solution:
When a policy is re-added that already exists as soft-deleted:
1. Restore the soft-deleted BackupItem instead of ignoring it
2. Only create new items for truly new policies
3. Show restored policies in the UI dropdown (removed withTrashed() from RelationManager)
📝 Changes:
- BackupService::addPoliciesToSet():
* Separate soft-deleted items from new policies
* Restore soft-deleted items automatically
* Track restored_count in audit logs
- BackupItemsRelationManager: Removed withTrashed() so soft-deleted items appear in dropdown again
- BackupItemReaddTest: Updated to expect restore behavior instead of ignore
✅ Tests: 3 passed (11 assertions)
Impact:
- ✅ Removed policies can now be re-added via UI
- ✅ Restores existing backup data instead of creating duplicates
- ✅ Proper audit trail with restored_count
