ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
19 Commits 2 Branches 0 Tags 3.6 MiB
82ccc1b1ce
Commit Graph

19 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ahmed Darrazi
82ccc1b1ce fix: Allow re-adding soft-deleted backup items by restoring them 
Fixes bug where removed backup items could not be re-added via UI.

🐛 Problem:
- When a BackupItem is soft-deleted (removed from BackupSet), it disappears from UI
- User tries to re-add the same policy → receives 'added successfully' notification
- Policy doesn't actually get added → BackupService filtered it out as already existing
- Confusing UX: notification says success but nothing changes

🔍 Root Cause:
BackupService checked for existence of policies including soft-deleted ones:
  $existingPolicyIds = $backupSet->items()->withTrashed()->pluck('policy_id')
  $policyIds = array_diff($policyIds, $existingPolicyIds) //  Filters out soft-deleted

This prevented re-adding policies that were previously removed.

 Solution:
When a policy is re-added that already exists as soft-deleted:
1. Restore the soft-deleted BackupItem instead of ignoring it
2. Only create new items for truly new policies
3. Show restored policies in the UI dropdown (removed withTrashed() from RelationManager)

📝 Changes:
- BackupService::addPoliciesToSet():
  * Separate soft-deleted items from new policies
  * Restore soft-deleted items automatically
  * Track restored_count in audit logs
- BackupItemsRelationManager: Removed withTrashed() so soft-deleted items appear in dropdown again
- BackupItemReaddTest: Updated to expect restore behavior instead of ignore

 Tests: 3 passed (11 assertions)

Impact:
-  Removed policies can now be re-added via UI
-  Restores existing backup data instead of creating duplicates
-  Proper audit trail with restored_count
 2025-12-22 14:57:55 +01:00
Ahmed Darrazi
28f440718a fix(spec-004): Use documented CRUD on /assignments instead of undocumented /assign 
Changes:
- Replace POST /assign with standard CRUD operations
- Restore strategy: DELETE existing + POST new assignments
- Graph Contract: assignments_create/update/delete_path + methods
- Handle 201 Created (POST) and 204 No Content (DELETE)
- Fail-soft: continue if individual assignment fails

Based on: Microsoft Learn Graph API docs + real-world usage patterns
 2025-12-22 01:14:03 +01:00
Ahmed Darrazi
1fa15b4db2 spec: Feature 004 & 005 with production-tested Graph API strategies 
Feature 004 (Assignments & Scope Tags):
- Use fallback strategy for assignments read (direct + $expand)
- Use POST /directoryObjects/getByIds for stable group resolution
- POST /assign only (not PATCH) for assignments write
- Handle 204 No Content responses

Feature 005 (Bulk Operations):
- Policies: Local delete only (ignored_at flag, no Graph DELETE)
- Policy Versions: Eligibility checks + retention policy
- BulkOperationRun model for progress tracking
- Livewire polling for UI updates (not automatic)
- Chunked processing + circuit breaker (abort >50% fail)
- array $ids in Job constructor (not Collection)
 2025-12-22 01:07:03 +01:00
Ahmed Darrazi
1e66f3e335 docs: update 001 plan - T179/T185 moved to feature 003 2025-12-22 00:20:32 +01:00
Ahmed Darrazi
388a7b889d chore: remove duplicate feature 185-settings-catalog-readable 2025-12-22 00:18:58 +01:00
ahmido
321312d446 dev-merges/c709b36 (#3) 
## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #3
 2025-12-21 23:15:12 +00:00
ahmido
7148aa7f9d chore/agent-guidelines-and-templates (#2) 
## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #2
 2025-12-14 21:44:32 +00:00
ahmido
9848d29478 chore: add PR and issue templates (#1) 
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #1
 2025-12-14 21:39:47 +00:00
Ahmed Darrazi
d505f3c65c feat: merge 001-filament-json 2025-12-14 20:23:18 +01:00
Ahmed Darrazi
05be853d93 Merge remote-tracking branch 'origin/spec/003-settings-catalog-readable' into dev 2025-12-14 20:12:14 +01:00
Ahmed Darrazi
a01888f629 Merge remote-tracking branch 'origin/spec/002-filament-json' into dev 2025-12-14 20:11:54 +01:00
Ahmed Darrazi
cbca4b591e merge: add spec 001 rbac onboardin 2025-12-14 20:02:15 +01:00
Ahmed Darrazi
18316146a5 spec: add 003 settings catalog readable 2025-12-14 19:56:31 +01:00
Ahmed Darrazi
9752e5e90e spec: add 002 filament json 2025-12-14 19:56:17 +01:00
Ahmed Darrazi
469f0fac8c spec: add 001 rbac onboarding 2025-12-14 19:56:02 +01:00
Ahmed Darrazi
2ddb3dd20a chore(specs): add baseline specs folder 2025-12-14 19:42:35 +01:00
Ahmed Darrazi
3c25d759b4 Intune RBAC: graceful unsupported-account handling, health-check fixes, tests and docs updates 2025-12-13 01:25:06 +01:00
Ahmed Darrazi
6d14d2544f feat: TenantPilot v1 - Complete implementation (Phases 1-12) 
Complete implementation of TenantPilot v1 Intune Management Platform with
comprehensive backup, versioning, and restore capabilities.

CONSTITUTION & SPEC
- Ratified constitution v1.0.0 with 7 core principles
- Complete spec.md with 7 user stories (US1-7)
- Detailed plan.md with constitution compliance check
- Task breakdown with 125+ tasks across 12 phases

CORE FEATURES (US1-4)
- Policy inventory with Graph-based sync (US1)
- Backup creation with immutable JSONB snapshots (US2)
- Version history with diff viewer (human + JSON) (US3)
- Defensive restore with preview/dry-run (US4)

TENANT MANAGEMENT (US6-7)
- Full tenant CRUD with Entra ID app configuration
- Admin consent callback flow integration
- Tenant connectivity verification
- Permission health status monitoring
- 'Highlander' pattern: single current tenant with is_current flag

GRAPH ABSTRACTION
- Complete isolation layer (7 classes)
- GraphClientInterface with mockable implementations
- Error mapping, logging, and standardized responses
- Rate-limit aware design

DOMAIN SERVICES
- BackupService: immutable snapshot creation
- RestoreService: preview, selective restore, conflict detection
- VersionService: immutable version capture
- VersionDiff: human-readable and structured diffs
- PolicySyncService: Graph-based policy import
- TenantConfigService: connectivity testing
- TenantPermissionService: permission health checks
- AuditLogger: comprehensive audit trail

DATA MODEL
- 11 migrations with tenant-aware schema
- 8 Eloquent models with proper relationships
- SoftDeletes on Tenant, BackupSet, BackupItem, PolicyVersion, RestoreRun
- JSONB storage for snapshots, metadata, permissions
- Encrypted storage for client secrets
- Partial unique index for is_current tenant

FILAMENT ADMIN UI
- 5 main resources: Tenant, Policy, PolicyVersion, BackupSet, RestoreRun
- RelationManagers: Versions (Policy), BackupItems (BackupSet)
- Actions: Verify config, Admin consent, Make current, Delete/Force delete
- Filters: Status, Type, Platform, Archive state
- Permission panel with status indicators
- ActionGroup pattern for cleaner row actions

HOUSEKEEPING (Phases 10-12)
- Soft delete with archive status for all entities
- Force delete protection (blocks if dependencies exist)
- Tenant deactivation with cascade prevention
- Audit logging for all delete operations

TESTING
- 36 tests passing (125 assertions, 11.21s)
- Feature tests: Policy, Backup, Restore, Version, Tenant, Housekeeping
- Unit tests: VersionDiff, TenantCurrent, Permissions, Scopes
- Full TDD coverage for critical flows

CONFIGURATION
- config/tenantpilot.php: 10+ policy types with metadata
- config/intune_permissions.php: required Graph permissions
- config/graph.php: Graph client configuration

SAFETY & COMPLIANCE
- Constitution compliance: 7/7 principles ✓
- Safety-first operations: preview, confirmation, validation
- Immutable versioning: no in-place modifications
- Defensive restore: dry-run, selective, conflict detection
- Comprehensive auditability: all critical operations logged
- Tenant-aware architecture: multi-tenant ready
- Graph abstraction: isolated, mockable, testable
- Spec-driven development: spec → plan → tasks → implementation

OPERATIONAL READINESS
- Laravel Sail for local development
- Dokploy deployment documentation
- Queue/worker ready architecture
- Migration safety notes
- Environment variable documentation

Tests: 36 passed
Duration: 11.21s
Status: Production-ready (98% complete)
 2025-12-12 02:27:54 +01:00
Ahmed Darrazi
3401823d03 Initial commit from Specify template 2025-12-10 22:27:21 +01:00