set('intune_permissions.permissions', [ [ 'key' => 'DeviceManagementApps.Read.All', 'type' => 'application', 'description' => 'Backup application permission', 'features' => ['backup'], ], [ 'key' => 'Group.Read.All', 'type' => 'delegated', 'description' => 'Backup delegated permission', 'features' => ['backup'], ], [ 'key' => 'Reports.Read.All', 'type' => 'application', 'description' => 'Reporting permission', 'features' => ['reporting'], ], ]); config()->set('entra_permissions.permissions', []); ManagedEnvironmentPermission::query()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'permission_key' => 'Group.Read.All', 'status' => 'missing', 'details' => ['source' => 'fixture'], 'last_checked_at' => now(), ]); ManagedEnvironmentPermission::query()->create([ 'managed_environment_id' => (int) $tenant->getKey(), 'permission_key' => 'Reports.Read.All', 'status' => 'granted', 'details' => ['source' => 'fixture'], 'last_checked_at' => now(), ]); } it('uses route-seeded filters and search while keeping the visible permission matrix aligned', function (): void { [$user, $tenant] = createUserWithTenant(role: 'readonly'); seedEnvironmentRequiredPermissionsFixture($tenant); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(RequiredPermissionsLinks::requiredPermissions($tenant)) ->assertSuccessful() ->assertSee('DeviceManagementApps.Read.All') ->assertSee('Group.Read.All') ->assertDontSee('Reports.Read.All') ->assertSee('data-testid="provider-readiness-guidance-card"', false); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(RequiredPermissionsLinks::requiredPermissions($tenant, [ 'status' => 'present', 'type' => 'application', 'search' => 'Reports', ])) ->assertSuccessful() ->assertSee('Reports.Read.All') ->assertSee('1 permission(s) currently pass.'); }); it('keeps copy payloads feature-scoped and shows the native no-matches state', function (): void { [$user, $tenant] = createUserWithTenant(role: 'readonly'); seedEnvironmentRequiredPermissionsFixture($tenant); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(RequiredPermissionsLinks::requiredPermissions($tenant, [ 'status' => 'all', 'features' => ['backup'], ])) ->assertSuccessful() ->assertSee('DeviceManagementApps.Read.All') ->assertSee('Group.Read.All') ->assertDontSee('Reports.Read.All') ->assertSee('Copy missing application permissions') ->assertSee('Copy missing delegated permissions'); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->get(RequiredPermissionsLinks::requiredPermissions($tenant, [ 'status' => 'all', 'features' => ['backup'], 'search' => 'no-such-permission', ])) ->assertSuccessful() ->assertSee('No matches') ->assertSee('Clear filters'); });