38 lines
1.6 KiB
PHP
38 lines
1.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\Tenant;
|
|
use App\Support\Links\RequiredPermissionsLinks;
|
|
use App\Support\Providers\ProviderReasonCodes;
|
|
use App\Support\Verification\TenantPermissionCheckClusters;
|
|
use App\Support\Verification\VerificationCheckStatus;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('surfaces a dedicated RBAC permission reason when DeviceManagementRBAC.Read.All is missing', function (): void {
|
|
$tenant = Tenant::factory()->create(['external_id' => 'tenant-rbac-check']);
|
|
|
|
$checks = TenantPermissionCheckClusters::buildChecks($tenant, [
|
|
[
|
|
'key' => 'DeviceManagementRBAC.Read.All',
|
|
'type' => 'application',
|
|
'description' => 'Read Intune RBAC roles and assignments',
|
|
'features' => ['rbac_inventory', 'rbac_backup_history'],
|
|
'status' => 'missing',
|
|
'details' => null,
|
|
],
|
|
]);
|
|
|
|
$rbacCheck = collect($checks)->firstWhere('key', 'permissions.intune_rbac_assignments');
|
|
|
|
expect($rbacCheck)->toBeArray();
|
|
expect($rbacCheck['status'] ?? null)->toBe(VerificationCheckStatus::Fail->value);
|
|
expect($rbacCheck['blocking'] ?? null)->toBeTrue();
|
|
expect($rbacCheck['reason_code'] ?? null)->toBe(ProviderReasonCodes::IntuneRbacPermissionMissing);
|
|
expect((string) ($rbacCheck['message'] ?? ''))->toContain('DeviceManagementRBAC.Read.All');
|
|
expect((string) ($rbacCheck['message'] ?? ''))->toContain('RBAC inventory and backup history');
|
|
expect($rbacCheck['next_steps'][0]['url'] ?? null)->toBe(RequiredPermissionsLinks::requiredPermissions($tenant));
|
|
});
|