create(); $policy = Policy::create([ 'tenant_id' => $tenant->id, 'external_id' => 'policy-1', 'policy_type' => 'deviceConfiguration', 'display_name' => 'Policy A', 'platform' => 'windows', ]); $service = app(VersionService::class); $service->captureVersion($policy, ['value' => 1], 'tester'); $service->captureVersion($policy, ['value' => 2], 'tester'); $user = User::factory()->create(); [$user, $tenant] = createUserWithTenant(tenant: $tenant, user: $user, role: 'owner'); $this->actingAs($user) ->get(route('filament.admin.resources.policy-versions.index', filamentTenantRouteParams($tenant))) ->assertOk() ->assertSee('Policy A') ->assertSee((string) PolicyVersion::max('version_number')); }); test('policy version detail renders readable normalized RBAC assignment content', function () { $tenant = Tenant::factory()->create(); [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner'); $policy = Policy::factory()->create([ 'tenant_id' => $tenant->id, 'external_id' => 'rbac-assign-1', 'policy_type' => 'intuneRoleAssignment', 'display_name' => 'Current assignment name', 'platform' => 'all', 'last_synced_at' => null, ]); $version = PolicyVersion::factory()->create([ 'tenant_id' => $tenant->id, 'policy_id' => $policy->id, 'policy_type' => 'intuneRoleAssignment', 'platform' => 'all', 'snapshot' => [ '@odata.type' => '#microsoft.graph.deviceAndAppManagementRoleAssignment', 'displayName' => 'Helpdesk Assignment', 'description' => 'Delegated access for helpdesk operators', 'scopeType' => 'allDevicesAssignment', 'members' => [ ['displayName' => 'Helpdesk Group', 'id' => 'group-1'], 'group-2', ], 'scopeMembers' => ['scope-group-1'], 'resourceScopes' => ['/', '/deviceManagement/managedDevices'], 'roleDefinition' => [ 'id' => 'role-1', 'displayName' => 'Policy and Profile Manager', ], ], ]); $tenant->makeCurrent(); $response = $this->actingAs($user) ->get(\App\Filament\Resources\PolicyVersionResource::getUrl('view', ['record' => $version]).'?tab=normalized-settings&tenant='.(string) $tenant->external_id); $response->assertOk(); $response->assertSee('Helpdesk Assignment'); $response->assertSee('Role assignment'); $response->assertSee('Policy and Profile Manager (role-1)'); $response->assertSee('Helpdesk Group (group-1)'); $response->assertSee('group-2'); $response->assertSee('scope-group-1'); $response->assertSee('/deviceManagement/managedDevices'); }); test('policy version detail returns 404 for non-members on RBAC versions', function () { $tenant = Tenant::factory()->create(); [$owner, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner'); $policy = Policy::factory()->create([ 'tenant_id' => $tenant->id, 'external_id' => 'rbac-assign-404', 'policy_type' => 'intuneRoleAssignment', 'display_name' => 'Hidden assignment', 'platform' => 'all', 'last_synced_at' => null, ]); $version = PolicyVersion::factory()->create([ 'tenant_id' => $tenant->id, 'policy_id' => $policy->id, 'policy_type' => 'intuneRoleAssignment', 'platform' => 'all', 'snapshot' => [ 'displayName' => 'Hidden assignment', ], ]); $outsider = User::factory()->create(); WorkspaceMembership::factory()->create([ 'workspace_id' => (int) $tenant->workspace_id, 'user_id' => (int) $outsider->getKey(), 'role' => 'owner', ]); $tenant->makeCurrent(); $this->actingAs($outsider) ->get(\App\Filament\Resources\PolicyVersionResource::getUrl('view', ['record' => $version]).'?tenant='.(string) $tenant->external_id) ->assertNotFound(); });