feat/004-assignments-scope-tags #4
@ -281,7 +281,13 @@ public static function infolist(Schema $schema): Schema
|
||||
->label('Features')
|
||||
->formatStateUsing(fn ($state) => is_array($state) ? implode(', ', $state) : (string) $state),
|
||||
Infolists\Components\TextEntry::make('status')
|
||||
->badge(),
|
||||
->badge()
|
||||
->color(fn (string $state): string => match ($state) {
|
||||
'granted' => 'success',
|
||||
'missing' => 'warning',
|
||||
'error' => 'danger',
|
||||
default => 'gray',
|
||||
}),
|
||||
])
|
||||
->columnSpanFull(),
|
||||
]);
|
||||
@ -908,7 +914,7 @@ public static function verifyTenant(
|
||||
actorEmail: $user?->email,
|
||||
actorName: $user?->name,
|
||||
status: match ($permissions['overall_status']) {
|
||||
'ok' => 'success',
|
||||
'granted' => 'success',
|
||||
'error' => 'error',
|
||||
default => 'partial',
|
||||
},
|
||||
|
||||
@ -105,7 +105,7 @@ public function compare(Tenant $tenant, ?array $grantedStatuses = null, bool $pe
|
||||
$overall = match (true) {
|
||||
$hasErrors => 'error',
|
||||
$hasMissing => 'missing',
|
||||
default => 'ok',
|
||||
default => 'granted',
|
||||
};
|
||||
|
||||
return [
|
||||
@ -148,7 +148,7 @@ public function configuredGrantedStatuses(): array
|
||||
|
||||
foreach ($configured as $key) {
|
||||
$normalized[$key] = [
|
||||
'status' => 'ok',
|
||||
'status' => 'granted',
|
||||
'details' => ['source' => 'configured'],
|
||||
];
|
||||
}
|
||||
@ -204,7 +204,7 @@ private function fetchLivePermissions(Tenant $tenant): array
|
||||
|
||||
foreach ($grantedPermissions as $permission) {
|
||||
$normalized[$permission] = [
|
||||
'status' => 'ok',
|
||||
'status' => 'granted',
|
||||
'details' => ['source' => 'graph_api', 'checked_at' => now()->toIso8601String()],
|
||||
];
|
||||
}
|
||||
|
||||
@ -104,8 +104,10 @@
|
||||
'Policy.ReadWrite.ConditionalAccess',
|
||||
|
||||
// Feature 004 - Assignments & Scope Tags (NEU seit 2025-12-22):
|
||||
// TODO: Nach Azure AD Setup verschieben nach "Tatsächlich granted"
|
||||
'DeviceManagementRBAC.Read.All', // Scope Tag Namen auflösen
|
||||
'Group.Read.All', // Group Namen für Assignments auflösen
|
||||
// Diese Berechtigungen MÜSSEN in Azure AD hinzugefügt werden!
|
||||
// Status wird als "missing" angezeigt, bis sie granted sind.
|
||||
// Nach dem Hinzufügen: Verschiebe diese nach "Tatsächlich granted" (oben)
|
||||
// 'DeviceManagementRBAC.Read.All', // → Noch nicht granted
|
||||
// 'Group.Read.All', // → Noch nicht granted
|
||||
],
|
||||
];
|
||||
|
||||
@ -42,14 +42,14 @@ function requiredPermissions(): array
|
||||
TenantPermission::create([
|
||||
'tenant_id' => $tenant->id,
|
||||
'permission_key' => $permission['key'],
|
||||
'status' => 'ok',
|
||||
'status' => 'granted',
|
||||
]);
|
||||
}
|
||||
|
||||
$result = app(TenantPermissionService::class)->compare($tenant);
|
||||
|
||||
expect($result['overall_status'])->toBe('ok');
|
||||
expect(TenantPermission::where('tenant_id', $tenant->id)->where('status', 'ok')->count())
|
||||
expect($result['overall_status'])->toBe('granted');
|
||||
expect(TenantPermission::where('tenant_id', $tenant->id)->where('status', 'granted')->count())
|
||||
->toBe(count(requiredPermissions()));
|
||||
});
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user