TenantAtlas/tests/Feature/Filament/GroupPolicyConfigurationHydrationTest.php

<?php

use App\Models\Policy;
use App\Models\Tenant;
use App\Models\User;
use App\Services\Graph\GraphClientInterface;
use App\Services\Graph\GraphResponse;
use App\Services\Intune\BackupService;
use App\Services\Intune\VersionService;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

class GroupPolicyHydrationGraphClient implements GraphClientInterface
{
    public array $requests = [];

    public function listPolicies(string $policyType, array $options = []): GraphResponse
    {
        return new GraphResponse(true, []);
    }

    public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
    {
        $this->requests[] = ['getPolicy', $policyType, $policyId];

        return new GraphResponse(true, ['payload' => [
            'id' => $policyId,
            'displayName' => 'Admin Templates Alpha',
            '@odata.type' => '#microsoft.graph.groupPolicyConfiguration',
        ]]);
    }

    public function getOrganization(array $options = []): GraphResponse
    {
        return new GraphResponse(true, []);
    }

    public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
    {
        return new GraphResponse(true, []);
    }

    public function getServicePrincipalPermissions(array $options = []): GraphResponse
    {
        return new GraphResponse(true, []);
    }

    public function request(string $method, string $path, array $options = []): GraphResponse
    {
        $this->requests[] = [strtoupper($method), $path];

        if (str_contains($path, '/definitionValues') && str_contains($path, '$expand=definition')) {
            return new GraphResponse(true, [
                'value' => [
                    [
                        'id' => 'dv-1',
                        'enabled' => true,
                        'definition' => [
                            'id' => 'def-1',
                            'displayName' => 'Block legacy auth',
                            'classType' => 'user',
                            'categoryPath' => 'Windows Components\\Security Options',
                        ],
                    ],
                ],
            ]);
        }

        if (str_contains($path, '/presentationValues') && str_contains($path, '$expand=presentation')) {
            return new GraphResponse(true, [
                'value' => [
                    [
                        'id' => 'pv-1',
                        'value' => 'enabled',
                        'presentation' => [
                            'id' => 'pres-1',
                            'label' => 'State',
                        ],
                    ],
                ],
            ]);
        }

        return new GraphResponse(true, []);
    }
}

test('group policy configuration snapshot hydrates definition values and renders in policy detail', function () {
    $client = new GroupPolicyHydrationGraphClient;
    app()->instance(GraphClientInterface::class, $client);

    $tenant = Tenant::create([
        'tenant_id' => 'tenant-gpo-hydration',
        'name' => 'Tenant One',
        'metadata' => [],
        'is_current' => true,
    ]);

    putenv('INTUNE_TENANT_ID='.$tenant->tenant_id);
    $_ENV['INTUNE_TENANT_ID'] = $tenant->tenant_id;
    $_SERVER['INTUNE_TENANT_ID'] = $tenant->tenant_id;
    $tenant->makeCurrent();

    $policy = Policy::create([
        'tenant_id' => $tenant->id,
        'external_id' => 'gpo-hydrate',
        'policy_type' => 'groupPolicyConfiguration',
        'display_name' => 'Admin Templates Alpha',
        'platform' => 'windows',
    ]);

    /** @var BackupService $backupService */
    $backupService = app(BackupService::class);
    $backupSet = $backupService->createBackupSet($tenant, [$policy->id], actorEmail: 'tester@example.com');

    $item = $backupSet->items()->first();
    expect($item->payload)->toHaveKey('definitionValues');
    expect($item->payload['definitionValues'])->toBeArray();
    expect($item->payload['definitionValues'][0])->toHaveKey('definition@odata.bind');
    expect($item->payload['definitionValues'][0])->toHaveKey('presentationValues');
    expect($item->payload['definitionValues'][0]['presentationValues'][0])->toHaveKey('presentation@odata.bind');
    expect($item->payload['definitionValues'][0]['#Definition_displayName'])->toBe('Block legacy auth');
    expect($item->payload['definitionValues'][0]['presentationValues'][0]['#Presentation_Label'])->toBe('State');

    /** @var VersionService $versions */
    $versions = app(VersionService::class);
    $versions->captureVersion(
        policy: $policy,
        payload: $item->payload,
        createdBy: 'tester@example.com',
        metadata: ['source' => 'test', 'backup_set_id' => $backupSet->id],
    );

    $user = User::factory()->create();
    $user->tenants()->syncWithoutDetaching([
        $tenant->getKey() => ['role' => 'owner'],
    ]);

    $response = $this
        ->actingAs($user)
        ->get(route('filament.admin.resources.policies.view', array_merge(filamentTenantRouteParams($tenant), ['record' => $policy])));

    $response->assertOk();
    $response->assertSee('Block legacy auth');
    $response->assertSee('State');
});