mock(GraphClientInterface::class, function ($mock): void { $mock->shouldReceive('listPolicies')->never(); $mock->shouldReceive('getPolicy')->never(); $mock->shouldReceive('getOrganization')->never(); $mock->shouldReceive('applyPolicy')->never(); $mock->shouldReceive('getServicePrincipalPermissions')->never(); $mock->shouldReceive('request')->never(); }); [$user, $tenant] = createUserWithTenant(role: 'operator'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::factory()->create([ 'tenant_id' => $tenant->getKey(), 'provider' => 'microsoft', 'entra_tenant_id' => fake()->uuid(), ]); Livewire::test(EditProviderConnection::class, ['record' => $connection->getRouteKey()]) ->callAction('check_connection'); $opRun = OperationRun::query() ->where('tenant_id', $tenant->getKey()) ->where('type', 'provider.connection.check') ->latest('id') ->first(); expect($opRun)->not->toBeNull(); expect($opRun?->status)->toBe('queued'); expect($opRun?->outcome)->toBe('pending'); expect($opRun?->context)->toMatchArray([ 'provider' => 'microsoft', 'module' => 'health_check', 'provider_connection_id' => (int) $connection->getKey(), 'target_scope' => [ 'entra_tenant_id' => $connection->entra_tenant_id, ], ]); $notifications = session('filament.notifications', []); expect($notifications)->not->toBeEmpty(); expect(collect($notifications)->last()['actions'][0]['url'] ?? null) ->toBe(OperationRunLinks::view($opRun, $tenant)); Queue::assertPushed(ProviderConnectionHealthCheckJob::class, 1); }); it('dedupes connection checks and does not enqueue a second job', function (): void { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'operator'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::factory()->create([ 'tenant_id' => $tenant->getKey(), 'provider' => 'microsoft', 'entra_tenant_id' => fake()->uuid(), ]); $component = Livewire::test(EditProviderConnection::class, ['record' => $connection->getRouteKey()]); $component->callAction('check_connection'); $component->callAction('check_connection'); expect(OperationRun::query() ->where('tenant_id', $tenant->getKey()) ->where('type', 'provider.connection.check') ->count())->toBe(1); Queue::assertPushed(ProviderConnectionHealthCheckJob::class, 1); }); it('disables connection check action for readonly users', function (): void { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'readonly'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); $connection = ProviderConnection::factory()->create([ 'tenant_id' => $tenant->getKey(), 'provider' => 'microsoft', 'entra_tenant_id' => fake()->uuid(), 'status' => 'connected', ]); Livewire::test(EditProviderConnection::class, ['record' => $connection->getRouteKey()]) ->assertActionVisible('check_connection') ->assertActionDisabled('check_connection') ->assertActionVisible('compliance_snapshot') ->assertActionDisabled('compliance_snapshot'); Queue::assertNothingPushed(); expect(OperationRun::query()->where('tenant_id', $tenant->getKey())->count())->toBe(0); });