TenantAtlas/apps/platform/tests/Feature/SupportDiagnostics/ProviderCapabilityReasonTranslationTest.php

<?php

declare(strict_types=1);

use App\Models\ProviderConnection;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Providers\ProviderReasonTranslator;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('translates provider permission blockers with capability-first operator copy', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);

    $connection = ProviderConnection::factory()->consentGranted()->create([
        'workspace_id' => (int) $tenant->workspace_id,
        'managed_environment_id' => (int) $tenant->getKey(),
        'entra_tenant_id' => (string) $tenant->managed_environment_id,
        'provider' => 'microsoft',
    ]);

    $envelope = app(ProviderReasonTranslator::class)->translate(
        ProviderReasonCodes::ProviderPermissionMissing,
        context: [
            'tenant' => $tenant,
            'connection' => $connection,
            'provider_capability' => [
                'provider_capability_key' => 'directory_groups_read',
                'label' => 'Directory groups read',
                'status' => 'missing',
            ],
        ],
    );

    expect($envelope?->operatorLabel)->toBe('Directory groups read capability missing')
        ->and($envelope?->shortExplanation)->toContain('Directory groups read capability')
        ->and($envelope?->firstNextStep()?->label)->toBe('Open Required Permissions');
});