mock(GraphClientInterface::class, function ($mock): void { $mock->shouldReceive('listPolicies')->never(); $mock->shouldReceive('getPolicy')->never(); $mock->shouldReceive('getOrganization')->never(); $mock->shouldReceive('applyPolicy')->never(); $mock->shouldReceive('getServicePrincipalPermissions')->never(); $mock->shouldReceive('request')->never(); }); [$user, $tenant] = createUserWithTenant(role: 'owner'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); Livewire::test(ListEntraGroups::class) ->callAction('sync_groups'); $run = EntraGroupSyncRun::query() ->where('tenant_id', $tenant->getKey()) ->latest('id') ->first(); expect($run)->not->toBeNull(); expect($run?->status)->toBe(EntraGroupSyncRun::STATUS_PENDING); expect($run?->selection_key)->toBe('groups-v1:all'); $opRun = OperationRun::query() ->where('tenant_id', $tenant->getKey()) ->where('type', 'directory_groups.sync') ->latest('id') ->first(); expect($opRun)->not->toBeNull(); expect($opRun?->status)->toBe('queued'); Queue::assertPushed(EntraGroupSyncJob::class, function (EntraGroupSyncJob $job) use ($tenant, $run, $opRun): bool { return $job->tenantId === (int) $tenant->getKey() && $job->runId === (int) $run?->getKey() && $job->operationRun instanceof OperationRun && (int) $job->operationRun->getKey() === (int) $opRun?->getKey(); }); }); it('disables group sync start action for readonly users', function () { Queue::fake(); [$user, $tenant] = createUserWithTenant(role: 'readonly'); $this->actingAs($user); $tenant->makeCurrent(); Filament::setTenant($tenant, true); Livewire::test(ListEntraGroups::class) ->assertActionVisible('sync_groups') ->assertActionDisabled('sync_groups'); Queue::assertNothingPushed(); });