@php use App\Support\Badges\BadgeDomain; use App\Support\Badges\BadgeRenderer; use App\Support\Links\RequiredPermissionsLinks; use Illuminate\Support\Carbon; $tenant = $this->currentTenant(); $vm = $this->viewModel(); $overview = is_array($vm['overview'] ?? null) ? $vm['overview'] : []; $counts = is_array($overview['counts'] ?? null) ? $overview['counts'] : []; $featureImpacts = is_array($overview['feature_impacts'] ?? null) ? $overview['feature_impacts'] : []; $capabilityGroups = is_array($overview['capability_groups'] ?? null) ? $overview['capability_groups'] : []; $primaryCapabilityGroup = is_array($overview['primary_capability_group'] ?? null) ? $overview['primary_capability_group'] : null; $freshness = is_array($overview['freshness'] ?? null) ? $overview['freshness'] : []; $filters = is_array($vm['filters'] ?? null) ? $vm['filters'] : []; $selectedFeatures = is_array($filters['features'] ?? null) ? $filters['features'] : []; $overall = $overview['overall'] ?? null; $overallSpec = $overall !== null ? BadgeRenderer::spec(BadgeDomain::VerificationReportOverall, $overall) : null; $copy = is_array($vm['copy'] ?? null) ? $vm['copy'] : []; $copyApplication = (string) ($copy['application'] ?? ''); $copyDelegated = (string) ($copy['delegated'] ?? ''); $missingApplication = (int) ($counts['missing_application'] ?? 0); $missingDelegated = (int) ($counts['missing_delegated'] ?? 0); $grantedCount = (int) ($counts['granted'] ?? 0); $blockedCount = (int) ($counts['blocked'] ?? 0); $expiredCount = (int) ($counts['expired'] ?? 0); $unknownCount = (int) ($counts['unknown'] ?? 0); $needsReviewCount = $blockedCount + $expiredCount + $unknownCount; $missingTotal = $missingApplication + $missingDelegated + $needsReviewCount; $requiredTotal = (int) ($counts['required'] ?? ($missingTotal + $grantedCount)); $canonicalCountCards = [ ['label' => 'Required', 'value' => $requiredTotal, 'detail' => 'Rows in scope'], ['label' => 'Granted', 'value' => $grantedCount, 'detail' => 'Effective grants'], ['label' => 'Missing', 'value' => $missingApplication + $missingDelegated, 'detail' => "{$missingApplication} app / {$missingDelegated} delegated"], ['label' => 'Blocked', 'value' => $blockedCount, 'detail' => 'Consent or policy'], ['label' => 'Expired', 'value' => $expiredCount, 'detail' => 'Stale evidence'], ['label' => 'Unknown', 'value' => $unknownCount, 'detail' => 'Untrusted evidence'], ]; $reRunUrl = $this->reRunVerificationUrl(); $manageProviderConnectionUrl = $this->manageProviderConnectionUrl(); $guidance = $this->guidanceCase(); $guidancePrimaryAction = is_array($guidance['primary_action'] ?? null) ? $guidance['primary_action'] : []; $canRunProviderVerification = $this->canRunProviderVerification(); $canManageProviderConnection = $this->canManageProviderConnection(); $adminConsentUrl = $canManageProviderConnection && $tenant ? RequiredPermissionsLinks::adminConsentUrl($tenant) : null; $adminConsentPrimaryUrl = $canManageProviderConnection && $tenant ? RequiredPermissionsLinks::adminConsentPrimaryUrl($tenant) : null; $adminConsentLabel = $adminConsentUrl ? 'Open admin consent' : 'Admin consent guide'; $showGuidancePrimaryAction = (is_string($guidancePrimaryAction['url'] ?? null) && $guidancePrimaryAction['url'] !== '') || ($canRunProviderVerification && ($guidancePrimaryAction['action_name'] ?? null) === 'runProviderVerification'); $lastRefreshedAt = is_string($freshness['last_refreshed_at'] ?? null) ? (string) $freshness['last_refreshed_at'] : null; $lastRefreshedLabel = $lastRefreshedAt ? Carbon::parse($lastRefreshedAt)->diffForHumans() : 'Unknown'; $isStale = (bool) ($freshness['is_stale'] ?? true); $hasStoredPermissionData = $lastRefreshedAt !== null; $issues = []; if ($missingApplication > 0) { $issues[] = [ 'severity' => 'Blocker', 'title' => 'Missing application permissions', 'description' => "{$missingApplication} required application permission(s) are missing.", 'links' => array_values(array_filter([ $adminConsentPrimaryUrl ? ['label' => $adminConsentLabel, 'url' => $adminConsentPrimaryUrl, 'external' => true] : null, $canManageProviderConnection && $manageProviderConnectionUrl ? ['label' => 'Manage provider connection', 'url' => $manageProviderConnectionUrl, 'external' => false] : null, ['label' => 'Open environment dashboard', 'url' => $reRunUrl, 'external' => false], ])), ]; } if ($missingDelegated > 0) { $issues[] = [ 'severity' => 'Warning', 'title' => 'Missing delegated permissions', 'description' => "{$missingDelegated} delegated permission(s) are missing.", 'links' => array_values(array_filter([ $adminConsentPrimaryUrl ? ['label' => $adminConsentLabel, 'url' => $adminConsentPrimaryUrl, 'external' => true] : null, ['label' => 'Open provider connection', 'url' => $manageProviderConnectionUrl ?? $reRunUrl, 'external' => false], ])), ]; } if ($blockedCount > 0 || $expiredCount > 0 || $unknownCount > 0) { $issues[] = [ 'severity' => $blockedCount > 0 ? 'Blocker' : 'Warning', 'title' => 'Permission evidence needs review', 'description' => "{$needsReviewCount} permission evidence row(s) are blocked, expired, or not tied to the current provider connection.", 'links' => [ ['label' => 'Open provider connection', 'url' => $manageProviderConnectionUrl ?? $reRunUrl, 'external' => false], ], ]; } if ($isStale) { $issues[] = [ 'severity' => 'Warning', 'title' => 'Freshness warning', 'description' => $hasStoredPermissionData ? "Permission data is older than 30 days (last refresh {$lastRefreshedLabel})." : 'No stored verification data is available yet.', 'links' => [ ['label' => 'Open provider connection', 'url' => $manageProviderConnectionUrl ?? $reRunUrl, 'external' => false], ], ]; } @endphp
@if ($overallSpec) {{ $overallSpec->label }} @endif Stored data · refreshed {{ $lastRefreshedLabel }}{{ $isStale ? ' · stale' : '' }}
@foreach ($canonicalCountCards as $countCard)
{{ $countCard['label'] }}
{{ $countCard['value'] }}
{{ $countCard['detail'] }}
@endforeach
@if (! $hasStoredPermissionData)
No data available
No stored verification data is available for this environment. @if ($canRunProviderVerification) . @elseif ($manageProviderConnectionUrl) Open provider connection. @else Open environment dashboard. @endif
@endif @if (is_array($guidance) && $guidance !== []) @include('filament.partials.provider-readiness-guidance-card', [ 'guidance' => $guidance, 'inlinePrimaryAction' => $showGuidancePrimaryAction, 'primaryActionMethod' => 'runProviderVerification', ]) @endif @if ($capabilityGroups !== [])
Provider capabilities
Capability-first view of the provider prerequisites used by operation start gates.
@if ($primaryCapabilityGroup) @php $primaryStatus = (string) ($primaryCapabilityGroup['status'] ?? 'unknown'); $primarySpec = BadgeRenderer::spec(BadgeDomain::ProviderCapabilityStatus, $primaryStatus); @endphp {{ (string) ($primaryCapabilityGroup['label'] ?? 'Provider capability') }}: {{ $primarySpec->label }} @endif
@foreach ($capabilityGroups as $capabilityGroup) @php if (! is_array($capabilityGroup)) { continue; } $capabilityLabel = (string) ($capabilityGroup['label'] ?? 'Provider capability'); $capabilityStatus = (string) ($capabilityGroup['status'] ?? 'unknown'); $capabilitySpec = BadgeRenderer::spec(BadgeDomain::ProviderCapabilityStatus, $capabilityStatus); $message = (string) ($capabilityGroup['message'] ?? ''); $capabilityCounts = is_array($capabilityGroup['evidence_counts'] ?? null) ? $capabilityGroup['evidence_counts'] : []; $missing = (int) ($capabilityCounts['missing'] ?? 0); $errors = (int) ($capabilityCounts['errors'] ?? 0); $expired = (int) ($capabilityCounts['expired'] ?? 0); $unknown = (int) ($capabilityCounts['unknown'] ?? 0); @endphp
{{ $capabilityLabel }}
{{ $message }}
{{ $capabilitySpec->label }}
{{ $missing }} missing, {{ $errors + $expired + $unknown }} need review
@endforeach
@endif
Permission handoff
Who can fix this? Global Administrator / Privileged Role Administrator.
Primary next step: @if ($adminConsentPrimaryUrl) {{ $adminConsentLabel }} @else Copy missing permissions and hand them to a Global Administrator / Privileged Role Administrator. @endif
@if ($canRunProviderVerification)
After granting consent:
@elseif ($canManageProviderConnection && $manageProviderConnectionUrl) @endif
Copy missing application permissions Copy missing delegated permissions
@if (is_array($featureImpacts) && $featureImpacts !== [])
@foreach ($featureImpacts as $impact) @php $featureKey = is_array($impact) ? ($impact['feature'] ?? null) : null; $featureKey = is_string($featureKey) ? $featureKey : null; $missingCount = is_array($impact) ? (int) ($impact['missing'] ?? 0) : 0; $isBlocked = is_array($impact) ? (bool) ($impact['blocked'] ?? false) : false; if ($featureKey === null) { continue; } $selected = in_array($featureKey, $selectedFeatures, true); @endphp
{{ $featureKey }}
{{ $missingCount }} missing
{{ $isBlocked ? 'Blocked' : ($missingCount > 0 ? 'At risk' : 'OK') }}
@endforeach
@endif
Missing application permissions
Newline-separated list for admin consent.
Close
@if ($copyApplication === '')
Nothing to copy — no missing application permissions in the current feature filter.
@else
Copied Copy 

                                

                            

                        @endif
                    

                


                

                    

                    

                        

                            

                                
Missing delegated permissions

                                
Newline-separated list for delegated consent.

                            

                            Close
                        


                        @if ($copyDelegated === '')
                            

                                Nothing to copy — no missing delegated permissions in the current feature filter.
                            

                        @else
                            

                                

                                    
                                        Copied
                                    
                                    
                                        Copy
                                    
                                


                                

                                    

                                

                            

                        @endif
                    

                

            

        

        
            @if ($issues === [])
                

                    No blockers or warnings detected from stored data.
                

            @else
                

                    @foreach ($issues as $issue)
                        @php
                            $severity = (string) ($issue['severity'] ?? 'Warning');
                            $severityColor = $severity === 'Blocker' ? 'danger' : 'warning';
                            $title = (string) ($issue['title'] ?? 'Issue');
                            $description = (string) ($issue['description'] ?? '');
                            $links = is_array($issue['links'] ?? null) ? $issue['links'] : [];
                        @endphp

                        

                            

                                {{ $severity }}
                                
{{ $title }}

                            

                            
{{ $description }}

                            @if ($links !== [])
                                

                                    @foreach ($links as $link)
                                        @php
                                            $label = is_array($link) ? (string) ($link['label'] ?? '') : '';
                                            $url = is_array($link) ? (string) ($link['url'] ?? '') : '';
                                            $external = is_array($link) ? (bool) ($link['external'] ?? false) : false;
                                        @endphp
                                        @if ($label !== '' && $url !== '')
                                            
                                                {{ $label }}
                                            
                                        @endif
                                    @endforeach
                                

                            @endif
                        

                    @endforeach
                

            @endif
        

        
            

                

                    {{ $grantedCount }} permission(s) currently granted.
                

                

                    {{ $requiredTotal > 0 ? "Out of {$requiredTotal} required permissions, {$grantedCount} are currently granted." : 'No required permissions are configured yet.' }}
                

            

        

        
            

                
                    Expand technical details
                

                

            @if (! $tenant)
                

                    No environment selected.
                

            @else
                

                    

                        
Native permission matrix

                        

                            Search doesn’t affect copy actions. Feature filters do.
                        

                    


                    {{ $this->table }}
                

            @endif