ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2a04ab0a75
TenantAtlas/specs/006-sot-foundations-assignments/tasks.md
Ahmed Darrazi 2a04ab0a75 session: foundations mapping + restore UX
2025-12-26 23:28:35 +01:00

5.7 KiB
Raw Blame History

Tasks: SoT Foundations & Assignments (006)

Branch: feat/006-sot-foundations-assignments | Date: 2025-12-25
Input: spec.md, plan.md, data-model.md, research.md, contracts

Task Format

  • Checkbox: - [ ] for incomplete, - [x] for complete
  • Task ID: Sequential T001, T002, T003...
  • [P] marker: Task can run in parallel (different files, no blocking dependencies)
  • [Story] label: User story tag (US1, US2, US3...)
  • File path: Always include exact file path in description

Phase 1: Foundation Registry and Permissions

Purpose: Define foundation object types and ensure Graph contracts and permissions exist.

  • T001 [P] Add foundation type registry in config/tenantpilot.php (assignmentFilter, roleScopeTag, notificationMessageTemplate) with label/category/backup/restore/risk metadata.
  • T002 [P] Extend config/graph_contracts.php with foundation contracts (resource, create/update methods, id_field, allowed_select, type_family).
  • T003 [P] Extend config/intune_permissions.php to include foundation permissions (DeviceManagementRBAC.ReadWrite.All and any missing read/write scopes for filters/templates).
  • T004 Update type metadata helpers to include foundation types in app/Filament/Resources/BackupSetResource.php, app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php, and app/Filament/Resources/RestoreRunResource.php.

Checkpoint: Foundation types and permissions defined and discoverable by UI helpers.

Phase 2: Foundations Backup Capture

Purpose: Capture assignment filters, scope tags, and notification templates into backup sets.

  • T005 Create app/Services/Intune/FoundationSnapshotService.php to list and fetch foundation objects with Graph paging, normalized metadata, and fail-soft behavior.
  • T006 Extend app/Services/Intune/BackupService.php to capture foundation snapshots into backup_items (policy_id null, policy_type set, policy_identifier = source id, metadata includes displayName).
  • T007 Add a UI action/toggle to include foundations when adding to a backup set in app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php.
  • T008 Add foundation display helpers on app/Models/BackupItem.php (e.g., isFoundation, foundationDisplayName) and use them in BackupItemsRelationManager.

Checkpoint: Foundations can be captured and displayed alongside policy backup items.

Phase 3: Foundations Restore and Mapping

Purpose: Restore foundations first and persist deterministic old to new mappings.

  • T009 Create app/Services/Intune/FoundationMappingService.php to match by displayName, handle collisions, and emit report entries matching contracts/restore-mapping-report.schema.json.
  • T010 Extend app/Services/Intune/RestoreService.php to run foundation restore first, build preview mapping (dry-run), and persist mapping results in restore_runs.preview and restore_runs.results.
  • T011 Add audit events for foundation mapping decisions and failures in app/Services/Intune/AuditLogger.php.
  • T012 Render foundation mapping in restore UI views: resources/views/filament/infolists/entries/restore-preview.blade.php and resources/views/filament/infolists/entries/restore-results.blade.php.

Checkpoint: Restore preview and execute include a foundation mapping section with deterministic decisions.

Phase 4: Assignment-Aware Restore

Purpose: Apply assignments only when foundation mappings exist and record clear skip reasons.

  • T013 Extend app/Services/AssignmentRestoreService.php to map assignment filter IDs and scope tag IDs via the foundation mapping; skip and record reasons when mappings are missing.
  • T014 Update app/Services/Intune/RestoreService.php to pass foundation mappings into assignment restore and include decision summaries in results.
  • T015 Add mapping context to assignment audit logs in app/Services/Intune/AuditLogger.php.

Checkpoint: Assignments are applied safely with explicit skip reasons and audit coverage.

Phase 5: Conditional Access Preview-Only Enforcement

Purpose: Keep CA restore preview-only even in execute mode.

  • T016 Update app/Services/Intune/RestoreService.php to prevent CA execution (status skipped, reason preview_only) while keeping preview output.
  • T017 Update restore UI to surface CA preview-only status in resources/views/filament/infolists/entries/restore-preview.blade.php and resources/views/filament/infolists/entries/restore-results.blade.php.

Checkpoint: CA items never execute; preview clearly signals preview-only.

Phase 6: Tests and Verification

Purpose: Ensure all new behavior is covered by Pest tests and formatting is clean.

  • T018 [P] Add unit tests for FoundationMappingService in tests/Unit/FoundationMappingServiceTest.php.
  • T019 [P] Add unit tests for FoundationSnapshotService in tests/Unit/FoundationSnapshotServiceTest.php.
  • T020 Add feature tests for foundations backup/restore preview and execute in tests/Feature/Filament/FoundationRestoreTest.php.
  • T021 Add feature tests for assignment mapping and skip reasons in tests/Feature/Filament/AssignmentRestoreMappingTest.php.
  • T022 Add feature test for CA preview-only execution behavior in tests/Feature/Filament/ConditionalAccessPreviewOnlyTest.php.
  • T023 Run tests: ./vendor/bin/sail artisan test tests/Feature/Filament/FoundationRestoreTest.php tests/Feature/Filament/AssignmentRestoreMappingTest.php tests/Feature/Filament/ConditionalAccessPreviewOnlyTest.php
  • T024 Run Pint: ./vendor/bin/pint --dirty

Checkpoint: Tests pass and formatting is clean.