browser()->timeout(40_000); function spec394BrowserConfigurePermissions(): void { config()->set('intune_permissions.permissions', [ [ 'key' => 'DeviceManagementApps.Read.All', 'type' => 'application', 'description' => 'Read Intune apps', 'features' => ['backup'], ], [ 'key' => 'Group.Read.All', 'type' => 'delegated', 'description' => 'Read groups', 'features' => ['restore'], ], ]); config()->set('entra_permissions.permissions', []); } function spec394BrowserConnection(ManagedEnvironment $environment, array $attributes = []): ProviderConnection { return ProviderConnection::factory() ->platform() ->verifiedHealthy() ->create(array_replace([ 'managed_environment_id' => (int) $environment->getKey(), 'workspace_id' => (int) $environment->workspace_id, 'provider' => 'microsoft', 'is_default' => true, ], $attributes)); } function spec394BrowserPermission( ManagedEnvironment $environment, ProviderConnection $connection, string $permissionKey, string $status = 'granted', ): void { ManagedEnvironmentPermission::query()->create([ 'managed_environment_id' => (int) $environment->getKey(), 'workspace_id' => (int) $environment->workspace_id, 'permission_key' => $permissionKey, 'status' => $status, 'details' => [ 'source' => 'spec394-browser-smoke', 'provider_connection_id' => (int) $connection->getKey(), 'managed_environment_id' => (int) $environment->getKey(), 'workspace_id' => (int) $environment->workspace_id, 'provider' => 'microsoft', 'grant_id' => 'raw-grant-id-must-not-render', ], 'last_checked_at' => now(), ]); } /** * @return array{user: User, workspace: Workspace, staleEnvironment: ManagedEnvironment, staleConnection: ProviderConnection, readyEnvironment: ManagedEnvironment, missingEnvironment: ManagedEnvironment} */ function spec394BrowserFixture(): array { spec394BrowserConfigurePermissions(); [$user, $staleEnvironment] = createUserWithTenant( role: 'owner', workspaceRole: 'owner', ensureDefaultMicrosoftProviderConnection: false, ); $workspace = $staleEnvironment->workspace()->firstOrFail(); $staleEnvironment->forceFill(['name' => 'Spec394 Browser Stale Environment'])->save(); $readyEnvironment = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Spec394 Browser Ready Environment', ]); $user->tenants()->syncWithoutDetaching([ (int) $readyEnvironment->getKey() => ['role' => 'owner'], ]); $missingEnvironment = ManagedEnvironment::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'name' => 'Spec394 Browser Missing Permissions Environment', ]); $user->tenants()->syncWithoutDetaching([ (int) $missingEnvironment->getKey() => ['role' => 'owner'], ]); $staleConnection = spec394BrowserConnection($staleEnvironment, [ 'display_name' => 'Spec394 Browser Expired Connection', 'last_health_check_at' => now()->subDays(31), ]); spec394BrowserPermission($staleEnvironment, $staleConnection, 'DeviceManagementApps.Read.All'); spec394BrowserPermission($staleEnvironment, $staleConnection, 'Group.Read.All'); $readyConnection = spec394BrowserConnection($readyEnvironment, [ 'display_name' => 'Spec394 Browser Ready Connection', ]); spec394BrowserPermission($readyEnvironment, $readyConnection, 'DeviceManagementApps.Read.All'); spec394BrowserPermission($readyEnvironment, $readyConnection, 'Group.Read.All'); $missingConnection = spec394BrowserConnection($missingEnvironment, [ 'display_name' => 'Spec394 Browser Missing Connection', ]); spec394BrowserPermission($missingEnvironment, $missingConnection, 'DeviceManagementApps.Read.All', 'missing'); spec394BrowserPermission($missingEnvironment, $missingConnection, 'Group.Read.All', 'missing'); return [ 'user' => $user, 'workspace' => $workspace, 'staleEnvironment' => $staleEnvironment, 'staleConnection' => $staleConnection, 'readyEnvironment' => $readyEnvironment, 'missingEnvironment' => $missingEnvironment, ]; } function spec394BrowserActAs(User $user, Workspace $workspace, ManagedEnvironment $environment): void { test()->actingAs($user)->withSession([ WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(), WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY => [ (string) $workspace->getKey() => (int) $environment->getKey(), ], ]); } it('smokes stale provider freshness and ready required-permissions semantics', function (): void { $fixture = spec394BrowserFixture(); spec394BrowserActAs($fixture['user'], $fixture['workspace'], $fixture['staleEnvironment']); visit(ProviderConnectionResource::getUrl('view', [ 'record' => $fixture['staleConnection'], 'environment_id' => (int) $fixture['staleEnvironment']->getKey(), ], panel: 'admin')) ->waitForText('Verification expired') ->assertDontSee('Healthy') ->assertDontSee('Ready -') ->assertNoJavaScriptErrors() ->assertNoConsoleLogs(); spec394BrowserActAs($fixture['user'], $fixture['workspace'], $fixture['readyEnvironment']); visit(RequiredPermissionsLinks::requiredPermissions($fixture['readyEnvironment'])) ->waitForText('2 permission(s) currently granted.') ->assertSee('Ready') ->assertSee('2 permission(s) currently granted.') ->assertSee('Out of 2 required permissions, 2 are currently granted.') ->assertDontSee('Present 0') ->assertDontSee('raw-grant-id-must-not-render') ->assertNoJavaScriptErrors() ->assertNoConsoleLogs(); spec394BrowserActAs($fixture['user'], $fixture['workspace'], $fixture['missingEnvironment']); visit(RequiredPermissionsLinks::requiredPermissions($fixture['missingEnvironment'], ['status' => 'all'])) ->waitForText('Missing application permissions') ->assertSee('Missing delegated permissions') ->assertSee('Required') ->assertSee('Granted') ->assertSee('Missing') ->assertSee('Blocked') ->assertSee('Expired') ->assertSee('Unknown') ->assertSee('Copy missing application permissions') ->assertSee('Copy missing delegated permissions') ->assertDontSee('Present 0') ->assertDontSee('Missing (app)') ->assertDontSee('raw-grant-id-must-not-render') ->assertNoJavaScriptErrors() ->assertNoConsoleLogs(); });