ahmido
110245a9ec
Some checks are pending
Main Confidence / confidence (push) Waiting to run
## Summary - add a shared provider target-scope descriptor, normalizer, identity-context metadata, and surface-summary layer - update provider connection list, detail, create, edit, and onboarding surfaces to use neutral target-scope vocabulary while keeping Microsoft identity contextual - align provider connection audit and resolver output with the neutral target-scope contract and add focused guard/unit/feature coverage for regressions ## Validation - browser smoke: opened the tenant-scoped provider connection list, drilled into detail, and verified the edit/create surfaces in local admin context ## Notes - this PR comes from the session branch created for the active feature work - no additional runtime or persistence layer was introduced in this slice Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #274
129 lines
4.5 KiB
PHP
129 lines
4.5 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources\ProviderConnectionResource\Pages;
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Intune\AuditLogger;
|
|
use App\Support\Providers\ProviderConnectionType;
|
|
use App\Support\Providers\ProviderConsentStatus;
|
|
use App\Support\Providers\ProviderReasonCodes;
|
|
use App\Support\Providers\TargetScope\ProviderConnectionTargetScopeDescriptor;
|
|
use App\Support\Providers\TargetScope\ProviderConnectionTargetScopeNormalizer;
|
|
use App\Support\Providers\ProviderVerificationStatus;
|
|
use Filament\Notifications\Notification;
|
|
use Filament\Resources\Pages\CreateRecord;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class CreateProviderConnection extends CreateRecord
|
|
{
|
|
protected static string $resource = ProviderConnectionResource::class;
|
|
|
|
protected bool $shouldMakeDefault = false;
|
|
|
|
protected function mutateFormDataBeforeCreate(array $data): array
|
|
{
|
|
$tenant = $this->currentTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
abort(404);
|
|
}
|
|
|
|
$this->shouldMakeDefault = (bool) ($data['is_default'] ?? false);
|
|
$targetScope = app(ProviderConnectionTargetScopeNormalizer::class)->normalizeInput(
|
|
provider: 'microsoft',
|
|
scopeKind: ProviderConnectionTargetScopeDescriptor::SCOPE_KIND_TENANT,
|
|
scopeIdentifier: (string) ($data['entra_tenant_id'] ?? ''),
|
|
scopeDisplayName: (string) ($data['display_name'] ?? ''),
|
|
providerSpecificIdentity: [
|
|
'microsoft_tenant_id' => (string) ($data['entra_tenant_id'] ?? ''),
|
|
],
|
|
);
|
|
|
|
if ($targetScope['status'] !== ProviderConnectionTargetScopeNormalizer::STATUS_NORMALIZED) {
|
|
throw ValidationException::withMessages([
|
|
'entra_tenant_id' => $targetScope['message'],
|
|
]);
|
|
}
|
|
|
|
return [
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'tenant_id' => $tenant->getKey(),
|
|
'provider' => 'microsoft',
|
|
'entra_tenant_id' => $data['entra_tenant_id'],
|
|
'display_name' => $data['display_name'],
|
|
'is_enabled' => true,
|
|
'connection_type' => ProviderConnectionType::Platform->value,
|
|
'consent_status' => ProviderConsentStatus::Required->value,
|
|
'consent_granted_at' => null,
|
|
'consent_last_checked_at' => null,
|
|
'consent_error_code' => null,
|
|
'consent_error_message' => null,
|
|
'verification_status' => ProviderVerificationStatus::Unknown->value,
|
|
'migration_review_required' => false,
|
|
'migration_reviewed_at' => null,
|
|
'last_error_reason_code' => ProviderReasonCodes::ProviderConsentMissing,
|
|
'last_error_message' => null,
|
|
'is_default' => false,
|
|
];
|
|
}
|
|
|
|
protected function afterCreate(): void
|
|
{
|
|
$tenant = $this->currentTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
abort(404);
|
|
}
|
|
|
|
$record = $this->getRecord();
|
|
|
|
$user = auth()->user();
|
|
$actorId = $user instanceof User ? (int) $user->getKey() : null;
|
|
$actorEmail = $user instanceof User ? $user->email : null;
|
|
$actorName = $user instanceof User ? $user->name : null;
|
|
|
|
app(AuditLogger::class)->log(
|
|
tenant: $tenant,
|
|
action: 'provider_connection.created',
|
|
context: [
|
|
'metadata' => ProviderConnectionResource::targetScopeAuditMetadata($record, [
|
|
'connection_type' => $record->connection_type->value,
|
|
]),
|
|
],
|
|
actorId: $actorId,
|
|
actorEmail: $actorEmail,
|
|
actorName: $actorName,
|
|
resourceType: 'provider_connection',
|
|
resourceId: (string) $record->getKey(),
|
|
status: 'success',
|
|
);
|
|
|
|
$hasDefault = $tenant->providerConnections()
|
|
->where('provider', $record->provider)
|
|
->where('is_default', true)
|
|
->exists();
|
|
|
|
if ($this->shouldMakeDefault || ! $hasDefault) {
|
|
$record->makeDefault();
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Provider connection created')
|
|
->success()
|
|
->send();
|
|
}
|
|
|
|
private function currentTenant(): ?Tenant
|
|
{
|
|
$tenant = ProviderConnectionResource::resolveTenantForCreate();
|
|
|
|
if ($tenant instanceof Tenant) {
|
|
return $tenant;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|