ahmido
321312d446
## Summary <!-- Kurz: Was ändert sich und warum? --> ## Spec-Driven Development (SDD) - [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/` - [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md` - [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation) - [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert ## Implementation - [ ] Implementierung entspricht der Spec - [ ] Edge cases / Fehlerfälle berücksichtigt - [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes ## Tests - [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit) - [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`) ## Migration / Config / Ops (falls relevant) - [ ] Migration(en) enthalten und getestet - [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration) - [ ] Neue Env Vars dokumentiert (`.env.example` / Doku) - [ ] Queue/cron/storage Auswirkungen geprüft ## UI (Filament/Livewire) (falls relevant) - [ ] UI-Flows geprüft - [ ] Screenshots/Notizen hinzugefügt ## Notes <!-- Links, Screenshots, Follow-ups, offene Punkte --> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #3
124 lines
3.8 KiB
PHP
124 lines
3.8 KiB
PHP
<?php
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\TenantPermission;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Intune\TenantPermissionService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Tests\TestCase;
|
|
|
|
uses(TestCase::class, RefreshDatabase::class);
|
|
|
|
function requiredPermissions(): array
|
|
{
|
|
$service = app(TenantPermissionService::class);
|
|
$required = $service->getRequiredPermissions();
|
|
|
|
if (empty($required)) {
|
|
test()->markTestSkipped('No required permissions configured.');
|
|
}
|
|
|
|
return $required;
|
|
}
|
|
|
|
it('returns ok when all permissions exist', function () {
|
|
// Mock GraphClient to return all permissions as granted
|
|
$this->mock(GraphClientInterface::class, function ($mock) {
|
|
$mock->shouldReceive('getServicePrincipalPermissions')
|
|
->andReturn(new GraphResponse(true, [
|
|
'value' => collect(config('intune_permissions.permissions', []))
|
|
->map(fn ($p) => ['value' => $p['key']])
|
|
->toArray(),
|
|
]));
|
|
});
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-ok',
|
|
'name' => 'Tenant OK',
|
|
]);
|
|
|
|
foreach (requiredPermissions() as $permission) {
|
|
TenantPermission::create([
|
|
'tenant_id' => $tenant->id,
|
|
'permission_key' => $permission['key'],
|
|
'status' => 'ok',
|
|
]);
|
|
}
|
|
|
|
$result = app(TenantPermissionService::class)->compare($tenant);
|
|
|
|
expect($result['overall_status'])->toBe('ok');
|
|
expect(TenantPermission::where('tenant_id', $tenant->id)->where('status', 'ok')->count())
|
|
->toBe(count(requiredPermissions()));
|
|
});
|
|
|
|
it('marks missing permissions when not granted', function () {
|
|
$permissions = requiredPermissions();
|
|
|
|
// Mock GraphClient to return only first permission as granted
|
|
$this->mock(GraphClientInterface::class, function ($mock) use ($permissions) {
|
|
$mock->shouldReceive('getServicePrincipalPermissions')
|
|
->andReturn(new GraphResponse(true, [
|
|
'permissions' => [$permissions[0]['key']],
|
|
]));
|
|
});
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-missing',
|
|
'name' => 'Tenant Missing',
|
|
]);
|
|
|
|
$first = $permissions[0]['key'];
|
|
TenantPermission::create([
|
|
'tenant_id' => $tenant->id,
|
|
'permission_key' => $first,
|
|
'status' => 'ok',
|
|
]);
|
|
|
|
// Use liveCheck=true to trigger Graph API call
|
|
$result = app(TenantPermissionService::class)->compare($tenant, null, true, true);
|
|
|
|
expect($result['overall_status'])->toBe('missing');
|
|
$missingKey = $permissions[1]['key'] ?? null;
|
|
|
|
if ($missingKey) {
|
|
$this->assertDatabaseHas('tenant_permissions', [
|
|
'tenant_id' => $tenant->id,
|
|
'permission_key' => $missingKey,
|
|
'status' => 'missing',
|
|
]);
|
|
}
|
|
});
|
|
|
|
it('reports error statuses from graph comparison', function () {
|
|
// Mock GraphClient to return an error
|
|
$this->mock(GraphClientInterface::class, function ($mock) {
|
|
$mock->shouldReceive('getServicePrincipalPermissions')
|
|
->andReturn(new GraphResponse(false, [], 500, ['Graph API error']));
|
|
});
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-error',
|
|
'name' => 'Tenant Error',
|
|
]);
|
|
|
|
$permissions = requiredPermissions();
|
|
$first = $permissions[0]['key'];
|
|
|
|
$result = app(TenantPermissionService::class)->compare($tenant, [
|
|
$first => [
|
|
'status' => 'error',
|
|
'details' => ['message' => 'forbidden'],
|
|
],
|
|
]);
|
|
|
|
expect($result['overall_status'])->toBe('error');
|
|
|
|
$this->assertDatabaseHas('tenant_permissions', [
|
|
'tenant_id' => $tenant->id,
|
|
'permission_key' => $first,
|
|
'status' => 'error',
|
|
]);
|
|
});
|