ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
189-portfolio-triage-review-state
TenantAtlas/apps/platform/app/Services/Providers/ProviderConnectionResolver.php
ahmido 1655cc481e Spec 188: canonical provider connection state cleanup (#219) 
## Summary
- migrate provider connections to the canonical three-dimension state model: lifecycle via `is_enabled`, consent via `consent_status`, and verification via `verification_status`
- remove legacy provider status and health badge paths, update admin and system directory surfaces, and align onboarding, consent callback, verification, resolver, and mutation flows with the new model
- add the Spec 188 artifact set, schema migrations, guard coverage, and expanded provider-state tests across admin, system, onboarding, verification, and rendering paths

## Verification
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/SystemPanelAuthTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php tests/Feature/ProviderConnections/ProviderConnectionTruthCleanupSpec179Test.php`
- integrated browser smoke: validated admin provider list/detail/edit, tenant provider summary, system directory tenant detail, provider-connection search exclusion, and cleaned up the temporary smoke record afterward

## Filament / implementation notes
- Livewire v4.0+ compliance: preserved; this change targets Filament v5 on Livewire v4 and does not introduce older APIs
- Provider registration location: unchanged; Laravel 11+ panel providers remain registered in `bootstrap/providers.php`
- Globally searchable resources: `ProviderConnectionResource` remains intentionally excluded from global search; tenant global search remains enabled and continues to resolve to view pages
- Destructive actions: no new destructive action surface was introduced without confirmation or authorization; existing capability checks continue to gate provider mutations
- Asset strategy: unchanged; no new Filament assets were added, so deploy behavior for `php artisan filament:assets` remains unchanged
- Testing plan covered: system auth, tenant global search, provider lifecycle enable/disable behavior, and provider truth cleanup cutover behavior

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #219
2026-04-10 11:22:56 +00:00

125 lines
4.6 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Services\Providers;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderReasonCodes;
final class ProviderConnectionResolver
{
public function __construct(
private readonly ProviderIdentityResolver $identityResolver,
) {}
public function resolveDefault(Tenant $tenant, string $provider): ProviderConnectionResolution
{
$defaults = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', $provider)
->where('is_default', true)
->orderBy('id')
->get();
if ($defaults->count() === 0) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionMissing,
'No default provider connection is configured for this tenant/provider.',
);
}
if ($defaults->count() > 1) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Multiple default provider connections were detected.',
'ext.multiple_defaults_detected',
);
}
/** @var ProviderConnection $connection */
$connection = $defaults->first();
return $this->validateConnection($tenant, $provider, $connection);
}
public function validateConnection(Tenant $tenant, string $provider, ProviderConnection $connection): ProviderConnectionResolution
{
if ((int) $connection->tenant_id !== (int) $tenant->getKey() || (string) $connection->provider !== $provider) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Provider connection does not match tenant/provider scope.',
'ext.connection_scope_mismatch',
$connection,
);
}
if (! (bool) $connection->is_enabled) {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Provider connection is disabled.',
'ext.connection_disabled',
$connection,
);
}
if ($connection->entra_tenant_id === null || trim((string) $connection->entra_tenant_id) === '') {
return ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConnectionInvalid,
'Provider connection is missing target tenant scope.',
'ext.connection_tenant_missing',
$connection,
);
}
$consentBlocker = $this->consentBlocker($connection);
if ($consentBlocker instanceof ProviderConnectionResolution) {
return $consentBlocker;
}
$identity = $this->identityResolver->resolve($connection);
if (! $identity->resolved) {
return ProviderConnectionResolution::blocked(
$identity->effectiveReasonCode(),
$identity->message,
connection: $connection,
);
}
return ProviderConnectionResolution::resolved($connection);
}
private function consentBlocker(ProviderConnection $connection): ?ProviderConnectionResolution
{
$consentStatus = $connection->consent_status;
if (! $consentStatus instanceof ProviderConsentStatus && is_string($consentStatus)) {
$consentStatus = ProviderConsentStatus::tryFrom(trim($consentStatus));
}
return match ($consentStatus) {
ProviderConsentStatus::Required => ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConsentMissing,
'Provider connection requires admin consent before use.',
'ext.connection_needs_consent',
$connection,
),
ProviderConsentStatus::Failed => ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConsentFailed,
'Provider connection consent failed. Retry admin consent before use.',
'ext.connection_consent_failed',
$connection,
),
ProviderConsentStatus::Revoked => ProviderConnectionResolution::blocked(
ProviderReasonCodes::ProviderConsentRevoked,
'Provider connection consent was revoked. Grant admin consent again before use.',
'ext.connection_consent_revoked',
$connection,
),
default => null,
};
}
}
Reference in New Issue View Git Blame Copy Permalink