ahmido
845d21db6d
## Summary - harden operation-run lifecycle handling with explicit reconciliation policy, stale-run healing, failed-job bridging, and monitoring visibility - refactor audit log event inspection into a Filament slide-over and remove the stale inline detail/header-action coupling - align panel theme asset resolution and supporting Filament UI updates, including the rounded 2xl theme token regression fix ## Testing - ran focused Pest coverage for the affected audit-log inspection flow and related visibility tests - ran formatting with `vendor/bin/sail bin pint --dirty --format agent` - manually verified the updated audit-log slide-over flow in the integrated browser ## Notes - branch includes the Spec 160 artifacts under `specs/160-operation-lifecycle-guarantees/` - the full test suite was not rerun as part of this final commit/PR step Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #190
59 lines
2.2 KiB
PHP
59 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace App\Support\Operations;
|
|
|
|
use App\Models\OperationRun;
|
|
use App\Support\Auth\Capabilities;
|
|
|
|
final class OperationRunCapabilityResolver
|
|
{
|
|
public function requiredCapabilityForRun(OperationRun $run): ?string
|
|
{
|
|
return $this->requiredCapabilityForType((string) $run->type);
|
|
}
|
|
|
|
public function requiredCapabilityForType(string $operationType): ?string
|
|
{
|
|
$operationType = trim($operationType);
|
|
|
|
if ($operationType === '') {
|
|
return null;
|
|
}
|
|
|
|
return match ($operationType) {
|
|
'inventory_sync' => Capabilities::TENANT_INVENTORY_SYNC_RUN,
|
|
'entra_group_sync' => Capabilities::TENANT_SYNC,
|
|
'backup_schedule_run', 'backup_schedule_retention', 'backup_schedule_purge' => Capabilities::TENANT_BACKUP_SCHEDULES_RUN,
|
|
'restore.execute' => Capabilities::TENANT_MANAGE,
|
|
'directory_role_definitions.sync' => Capabilities::TENANT_MANAGE,
|
|
'alerts.evaluate', 'alerts.deliver' => Capabilities::ALERTS_VIEW,
|
|
'tenant.review.compose' => Capabilities::TENANT_REVIEW_VIEW,
|
|
|
|
// Viewing verification reports should be possible for readonly members.
|
|
// Starting verification is separately guarded by the verification service.
|
|
'provider.connection.check' => Capabilities::PROVIDER_VIEW,
|
|
|
|
// Keep legacy / unknown types viewable by membership+entitlement only.
|
|
default => null,
|
|
};
|
|
}
|
|
|
|
public function requiredExecutionCapabilityForType(string $operationType): ?string
|
|
{
|
|
$operationType = trim($operationType);
|
|
|
|
if ($operationType === '') {
|
|
return null;
|
|
}
|
|
|
|
return match ($operationType) {
|
|
'provider.connection.check', 'provider.inventory.sync', 'provider.compliance.snapshot' => Capabilities::PROVIDER_RUN,
|
|
'policy.sync', 'policy.sync_one', 'tenant.sync' => Capabilities::TENANT_SYNC,
|
|
'policy.delete' => Capabilities::TENANT_MANAGE,
|
|
'assignments.restore', 'restore.execute' => Capabilities::TENANT_MANAGE,
|
|
'tenant.review.compose' => Capabilities::TENANT_REVIEW_MANAGE,
|
|
default => $this->requiredCapabilityForType($operationType),
|
|
};
|
|
}
|
|
}
|