ahmido
bda1d90fc4
Implements spec 094 (assignment fetch/restore observability hardening): - Adds OperationRun tracking for assignment fetch (during backup) and assignment restore (during restore execution) - Normalizes failure codes/reason_code and sanitizes failure messages - Ensures exactly one audit log entry per assignment restore execution - Enforces correct guard/membership vs capability semantics on affected admin surfaces - Switches assignment Graph services to depend on GraphClientInterface Also includes Postgres-only FK defense-in-depth check and a discoverable `composer test:pgsql` runner (scoped to the FK constraint test). Tests: - `vendor/bin/sail artisan test --compact` (passed) - `vendor/bin/sail composer test:pgsql` (passed) Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #113
243 lines
7.9 KiB
PHP
243 lines
7.9 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources\ProviderConnectionResource\Pages;
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Support\Auth\Capabilities;
|
|
use Filament\Actions;
|
|
use Filament\Facades\Filament;
|
|
use Filament\Resources\Pages\ListRecords;
|
|
|
|
class ListProviderConnections extends ListRecords
|
|
{
|
|
protected static string $resource = ProviderConnectionResource::class;
|
|
|
|
private function tableHasRecords(): bool
|
|
{
|
|
return $this->getTableRecords()->count() > 0;
|
|
}
|
|
|
|
protected function getHeaderActions(): array
|
|
{
|
|
/** @var CapabilityResolver $resolver */
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
return [
|
|
Actions\CreateAction::make()
|
|
->label('New connection')
|
|
->url(function (): string {
|
|
$tenantExternalId = $this->resolveTenantExternalIdForCreateAction();
|
|
|
|
if (! is_string($tenantExternalId) || $tenantExternalId === '') {
|
|
return ProviderConnectionResource::getUrl('create');
|
|
}
|
|
|
|
return ProviderConnectionResource::getUrl('create', [
|
|
'tenant_id' => $tenantExternalId,
|
|
]);
|
|
})
|
|
->visible(function () use ($resolver): bool {
|
|
if (! $this->tableHasRecords()) {
|
|
return false;
|
|
}
|
|
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return true;
|
|
}
|
|
|
|
if (! $user instanceof User) {
|
|
return false;
|
|
}
|
|
|
|
return $resolver->isMember($user, $tenant);
|
|
})
|
|
->disabled(function () use ($resolver): bool {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return true;
|
|
}
|
|
|
|
if (! $user instanceof User) {
|
|
return true;
|
|
}
|
|
|
|
if (! $resolver->isMember($user, $tenant)) {
|
|
return true;
|
|
}
|
|
|
|
return ! $resolver->can($user, $tenant, Capabilities::PROVIDER_MANAGE);
|
|
})
|
|
->tooltip(function () use ($resolver): ?string {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return 'Select a tenant to create provider connections.';
|
|
}
|
|
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
return null;
|
|
}
|
|
|
|
if (! $resolver->isMember($user, $tenant)) {
|
|
return null;
|
|
}
|
|
|
|
if (! $resolver->can($user, $tenant, Capabilities::PROVIDER_MANAGE)) {
|
|
return 'You do not have permission to create provider connections.';
|
|
}
|
|
|
|
return null;
|
|
})
|
|
->authorize(function () use ($resolver): bool {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
$user = auth()->user();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& $user instanceof User
|
|
&& $resolver->isMember($user, $tenant);
|
|
}),
|
|
];
|
|
}
|
|
|
|
private function makeEmptyStateCreateAction(): Actions\CreateAction
|
|
{
|
|
/** @var CapabilityResolver $resolver */
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
return Actions\CreateAction::make()
|
|
->label('New connection')
|
|
->url(function (): string {
|
|
$tenantExternalId = $this->resolveTenantExternalIdForCreateAction();
|
|
|
|
if (! is_string($tenantExternalId) || $tenantExternalId === '') {
|
|
return ProviderConnectionResource::getUrl('create');
|
|
}
|
|
|
|
return ProviderConnectionResource::getUrl('create', [
|
|
'tenant_id' => $tenantExternalId,
|
|
]);
|
|
})
|
|
->visible(function () use ($resolver): bool {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return true;
|
|
}
|
|
|
|
if (! $user instanceof User) {
|
|
return false;
|
|
}
|
|
|
|
return $resolver->isMember($user, $tenant);
|
|
})
|
|
->disabled(function () use ($resolver): bool {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return true;
|
|
}
|
|
|
|
if (! $user instanceof User) {
|
|
return true;
|
|
}
|
|
|
|
if (! $resolver->isMember($user, $tenant)) {
|
|
return true;
|
|
}
|
|
|
|
return ! $resolver->can($user, $tenant, Capabilities::PROVIDER_MANAGE);
|
|
})
|
|
->tooltip(function () use ($resolver): ?string {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return 'Select a tenant to create provider connections.';
|
|
}
|
|
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
return null;
|
|
}
|
|
|
|
if (! $resolver->isMember($user, $tenant)) {
|
|
return null;
|
|
}
|
|
|
|
if (! $resolver->can($user, $tenant, Capabilities::PROVIDER_MANAGE)) {
|
|
return 'You do not have permission to create provider connections.';
|
|
}
|
|
|
|
return null;
|
|
})
|
|
->authorize(function () use ($resolver): bool {
|
|
$tenant = $this->resolveTenantForCreateAction();
|
|
$user = auth()->user();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& $user instanceof User
|
|
&& $resolver->isMember($user, $tenant);
|
|
});
|
|
}
|
|
|
|
private function resolveTenantExternalIdForCreateAction(): ?string
|
|
{
|
|
$filterValue = data_get($this->getTableFilterState('tenant'), 'value');
|
|
|
|
if (is_string($filterValue) && $filterValue !== '') {
|
|
return $filterValue;
|
|
}
|
|
|
|
$requested = ProviderConnectionResource::resolveRequestedTenantExternalId()
|
|
?? ProviderConnectionResource::resolveContextTenantExternalId();
|
|
|
|
if (is_string($requested) && $requested !== '') {
|
|
return $requested;
|
|
}
|
|
|
|
$filamentTenant = Filament::getTenant();
|
|
|
|
return $filamentTenant instanceof Tenant ? (string) $filamentTenant->external_id : null;
|
|
}
|
|
|
|
private function resolveTenantForCreateAction(): ?Tenant
|
|
{
|
|
$tenantExternalId = $this->resolveTenantExternalIdForCreateAction();
|
|
|
|
if (! is_string($tenantExternalId) || $tenantExternalId === '') {
|
|
return null;
|
|
}
|
|
|
|
return Tenant::query()
|
|
->where('external_id', $tenantExternalId)
|
|
->first();
|
|
}
|
|
|
|
public function getTableEmptyStateHeading(): ?string
|
|
{
|
|
return 'No provider connections found';
|
|
}
|
|
|
|
public function getTableEmptyStateDescription(): ?string
|
|
{
|
|
return 'Create a Microsoft provider connection or adjust the tenant filter to inspect another managed tenant.';
|
|
}
|
|
|
|
public function getTableEmptyStateActions(): array
|
|
{
|
|
return [$this->makeEmptyStateCreateAction()];
|
|
}
|
|
}
|