,status:'granted'|'missing'|'error',details:array|null} * @phpstan-type FeatureImpact array{feature:string,missing:int,required_application:int,required_delegated:int,blocked:bool} * @phpstan-type FilterState array{status:'missing'|'present'|'all',type:'application'|'delegated'|'all',features:array,search:string} * @phpstan-type ViewModel array{ * tenant: array{id:int,external_id:string,name:string}, * overview: array{ * overall: string, * counts: array{missing_application:int,missing_delegated:int,present:int,error:int}, * feature_impacts: array * }, * permissions: array, * filters: FilterState, * copy: array{application:string,delegated:string} * } */ public function __construct(private readonly TenantPermissionService $permissionService) {} /** * @param array $filters * @return ViewModel */ public function build(Tenant $tenant, array $filters = []): array { $comparison = $this->permissionService->compare( $tenant, persist: false, liveCheck: false, useConfiguredStub: false, ); /** @var array $allPermissions */ $allPermissions = collect($comparison['permissions'] ?? []) ->filter(fn (mixed $row): bool => is_array($row)) ->map(fn (array $row): array => self::normalizePermissionRow($row)) ->values() ->all(); $state = self::normalizeFilterState($filters); $filteredPermissions = self::applyFilterState($allPermissions, $state); return [ 'tenant' => [ 'id' => (int) $tenant->getKey(), 'external_id' => (string) $tenant->external_id, 'name' => (string) $tenant->name, ], 'overview' => [ 'overall' => self::deriveOverallStatus($allPermissions), 'counts' => self::deriveCounts($allPermissions), 'feature_impacts' => self::deriveFeatureImpacts($allPermissions), ], 'permissions' => $filteredPermissions, 'filters' => $state, 'copy' => [ 'application' => self::deriveCopyPayload($allPermissions, 'application', $state['features']), 'delegated' => self::deriveCopyPayload($allPermissions, 'delegated', $state['features']), ], ]; } /** * @param array $permissions */ public static function deriveOverallStatus(array $permissions): string { $hasMissingApplication = collect($permissions)->contains( fn (array $row): bool => $row['status'] === 'missing' && $row['type'] === 'application', ); if ($hasMissingApplication) { return VerificationReportOverall::Blocked->value; } $hasErrors = collect($permissions)->contains( fn (array $row): bool => $row['status'] === 'error', ); $hasMissingDelegated = collect($permissions)->contains( fn (array $row): bool => $row['status'] === 'missing' && $row['type'] === 'delegated', ); if ($hasErrors || $hasMissingDelegated) { return VerificationReportOverall::NeedsAttention->value; } return VerificationReportOverall::Ready->value; } /** * @param array $permissions * @return array{missing_application:int,missing_delegated:int,present:int,error:int} */ public static function deriveCounts(array $permissions): array { $counts = [ 'missing_application' => 0, 'missing_delegated' => 0, 'present' => 0, 'error' => 0, ]; foreach ($permissions as $row) { if (($row['status'] ?? null) === 'missing') { if (($row['type'] ?? null) === 'delegated') { $counts['missing_delegated'] += 1; } else { $counts['missing_application'] += 1; } continue; } if (($row['status'] ?? null) === 'granted') { $counts['present'] += 1; continue; } if (($row['status'] ?? null) === 'error') { $counts['error'] += 1; } } return $counts; } /** * @param array $permissions * @return array */ public static function deriveFeatureImpacts(array $permissions): array { /** @var array $impacts */ $impacts = []; foreach ($permissions as $row) { $features = array_values(array_unique($row['features'] ?? [])); foreach ($features as $feature) { if (! isset($impacts[$feature])) { $impacts[$feature] = [ 'feature' => $feature, 'missing' => 0, 'required_application' => 0, 'required_delegated' => 0, 'blocked' => false, ]; } if (($row['type'] ?? null) === 'delegated') { $impacts[$feature]['required_delegated'] += 1; } else { $impacts[$feature]['required_application'] += 1; } if (($row['status'] ?? null) === 'missing') { $impacts[$feature]['missing'] += 1; if (($row['type'] ?? null) === 'application') { $impacts[$feature]['blocked'] = true; } } } } $values = array_values($impacts); usort($values, static function (array $a, array $b): int { $blocked = (int) ($b['blocked'] <=> $a['blocked']); if ($blocked !== 0) { return $blocked; } $missing = (int) (($b['missing'] ?? 0) <=> ($a['missing'] ?? 0)); if ($missing !== 0) { return $missing; } return strcmp((string) ($a['feature'] ?? ''), (string) ($b['feature'] ?? '')); }); return $values; } /** * Copy payload semantics: * - Always Missing-only * - Always Type fixed by button (application vs delegated) * - Respects Feature filter only * - Ignores Search * * @param array $permissions * @param 'application'|'delegated' $type * @param array $featureFilter */ public static function deriveCopyPayload(array $permissions, string $type, array $featureFilter = []): string { $featureFilter = array_values(array_unique(array_filter(array_map('strval', $featureFilter)))); $payload = collect($permissions) ->filter(function (array $row) use ($type, $featureFilter): bool { if (($row['status'] ?? null) !== 'missing') { return false; } if (($row['type'] ?? null) !== $type) { return false; } if ($featureFilter === []) { return true; } $rowFeatures = $row['features'] ?? []; return count(array_intersect($featureFilter, $rowFeatures)) > 0; }) ->pluck('key') ->map(fn (mixed $key): string => (string) $key) ->filter() ->unique() ->sort() ->values() ->all(); return implode("\n", $payload); } /** * @param array $permissions * @return array */ public static function applyFilterState(array $permissions, array $state): array { $status = $state['status'] ?? 'missing'; $type = $state['type'] ?? 'all'; $features = $state['features'] ?? []; $search = $state['search'] ?? ''; $search = is_string($search) ? trim($search) : ''; $searchLower = strtolower($search); $features = array_values(array_unique(array_filter(array_map('strval', $features)))); $filtered = collect($permissions) ->filter(function (array $row) use ($status, $type, $features): bool { $rowStatus = $row['status'] ?? null; $rowType = $row['type'] ?? null; if ($status === 'missing' && ! in_array($rowStatus, ['missing', 'error'], true)) { return false; } if ($status === 'present' && $rowStatus !== 'granted') { return false; } if ($type !== 'all' && $rowType !== $type) { return false; } if ($features === []) { return true; } $rowFeatures = $row['features'] ?? []; return count(array_intersect($features, $rowFeatures)) > 0; }) ->when($searchLower !== '', function ($collection) use ($searchLower) { return $collection->filter(function (array $row) use ($searchLower): bool { $key = strtolower((string) ($row['key'] ?? '')); $description = strtolower((string) ($row['description'] ?? '')); return str_contains($key, $searchLower) || ($description !== '' && str_contains($description, $searchLower)); }); }) ->values() ->all(); usort($filtered, static function (array $a, array $b): int { $weight = static function (array $row): int { return match ($row['status'] ?? null) { 'missing' => 0, 'error' => 1, default => 2, }; }; $cmp = $weight($a) <=> $weight($b); if ($cmp !== 0) { return $cmp; } return strcmp((string) ($a['key'] ?? ''), (string) ($b['key'] ?? '')); }); return $filtered; } /** * @param array $filters * @return FilterState */ public static function normalizeFilterState(array $filters): array { $status = (string) ($filters['status'] ?? 'missing'); $type = (string) ($filters['type'] ?? 'all'); $features = $filters['features'] ?? []; $search = (string) ($filters['search'] ?? ''); if (! in_array($status, ['missing', 'present', 'all'], true)) { $status = 'missing'; } if (! in_array($type, ['application', 'delegated', 'all'], true)) { $type = 'all'; } if (! is_array($features)) { $features = []; } $features = array_values(array_unique(array_filter(array_map('strval', $features)))); return [ 'status' => $status, 'type' => $type, 'features' => $features, 'search' => $search, ]; } /** * @param array $row * @return TenantPermissionRow */ private static function normalizePermissionRow(array $row): array { $key = (string) ($row['key'] ?? ''); $type = (string) ($row['type'] ?? 'application'); $description = $row['description'] ?? null; $features = $row['features'] ?? []; $status = (string) ($row['status'] ?? 'missing'); $details = $row['details'] ?? null; if (! in_array($type, ['application', 'delegated'], true)) { $type = 'application'; } if (! is_string($description) || $description === '') { $description = null; } if (! is_array($features)) { $features = []; } $features = array_values(array_unique(array_filter(array_map('strval', $features)))); if (! in_array($status, ['granted', 'missing', 'error'], true)) { $status = 'missing'; } if (! is_array($details)) { $details = null; } return [ 'key' => $key, 'type' => $type, 'description' => $description, 'features' => $features, 'status' => $status, 'details' => $details, ]; } }