mock(GraphClientInterface::class, function ($mock): void { $mock->shouldReceive('listPolicies')->never(); $mock->shouldReceive('getPolicy')->never(); $mock->shouldReceive('getOrganization')->never(); $mock->shouldReceive('applyPolicy')->never(); $mock->shouldReceive('getServicePrincipalPermissions')->never(); $mock->shouldReceive('request')->never(); }); [$user, $tenant] = createUserWithTenant(role: 'owner', fixtureProfile: 'credential-enabled'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); Livewire::test(ListEntraGroups::class) ->callAction('sync_groups'); $run = OperationRun::query() ->where('tenant_id', (int) $tenant->getKey()) ->where('type', 'entra_group_sync') ->latest('id') ->first(); expect($run)->not->toBeNull(); expect($run?->status)->toBe('queued'); expect($run?->context['provider_connection_id'] ?? null)->toBeInt(); Queue::assertPushed(EntraGroupSyncJob::class, function (EntraGroupSyncJob $job) use ($run): bool { return $job->providerConnectionId === ($run?->context['provider_connection_id'] ?? null) && $job->operationRun?->is($run); }); }); it('blocks role definitions sync before queue when no provider connection is available', function (): void { Bus::fake(); $tenant = Tenant::factory()->create([ 'app_client_id' => 'client-123', 'app_client_secret' => 'secret', 'status' => 'active', ]); [$user, $tenant] = createUserWithTenant( tenant: $tenant, role: 'owner', ensureDefaultMicrosoftProviderConnection: false, ); $result = app(RoleDefinitionsSyncService::class)->startManualSync($tenant, $user); expect($result->status)->toBe('blocked'); expect($result->run->context['reason_code'] ?? null)->toBe(ProviderReasonCodes::ProviderConnectionMissing); Bus::assertNotDispatched(SyncRoleDefinitionsJob::class); });