TenantAtlas/app/Filament/Resources/TenantResource/Pages/ViewTenant.php

<?php

namespace App\Filament\Resources\TenantResource\Pages;

use App\Filament\Pages\Onboarding\TenantOnboardingWizard;
use App\Filament\Resources\TenantResource;
use App\Filament\Pages\TenantOnboardingWizard;
use App\Filament\Widgets\Tenant\TenantArchivedBanner;
use App\Models\Tenant;
use App\Services\Intune\AuditLogger;
use App\Services\Intune\RbacHealthService;
use App\Services\Intune\TenantConfigService;
use App\Services\Intune\TenantPermissionService;
use App\Support\Auth\Capabilities;
use App\Support\Rbac\UiEnforcement;
use Filament\Actions;
use Filament\Notifications\Notification;
use Filament\Resources\Pages\ViewRecord;

class ViewTenant extends ViewRecord
{
    protected static string $resource = TenantResource::class;

    protected function getHeaderWidgets(): array
    {
        return [
            TenantArchivedBanner::class,
        ];
    }

    protected function getHeaderActions(): array
    {
        return [
            Actions\ActionGroup::make([
                UiEnforcement::forAction(
                    Actions\Action::make('open_managed_tenant')
                        ->label('Open')
                        ->icon('heroicon-o-arrow-top-right-on-square')
                        ->url(fn (Tenant $record): string => "/admin/managed-tenants/{$record->getKey()}/open")
                )
                    ->requireCapability(Capabilities::TENANT_MANAGED_TENANTS_VIEW)
                    ->apply(),
                UiEnforcement::forAction(
                    Actions\Action::make('resume_onboarding')
                        ->label('Resume onboarding')
                        ->icon('heroicon-o-play')
                        ->color('gray')
                        ->url(fn (Tenant $record): string => TenantOnboardingWizard::getUrl(tenant: $record))
                )
                    ->requireCapability(Capabilities::PROVIDER_VIEW)
                    ->tooltip('You do not have permission to view provider onboarding.')
                    ->preserveVisibility()
                    ->apply(),
                UiEnforcement::forAction(
                    Actions\Action::make('edit')
                        ->label('Edit')
                        ->icon('heroicon-o-pencil-square')
                        ->url(fn (Tenant $record): string => TenantResource::getUrl('edit', ['record' => $record]))
                )
                    ->requireCapability(Capabilities::TENANT_MANAGE)
                    ->apply(),

                UiEnforcement::forAction(
                    Actions\Action::make('resume_onboarding')
                        ->label('Resume onboarding')
                        ->icon('heroicon-o-arrow-path')
                        ->color('warning')
                        ->url(fn (Tenant $record): string => TenantOnboardingWizard::getUrl().'?tenant='.$record->external_id)
                        ->visible(fn (Tenant $record): bool => (string) ($record->onboarding_status ?? 'not_started') !== 'completed')
                )
                    ->requireCapability(Capabilities::TENANT_MANAGE)
                    ->apply(),
                Actions\Action::make('admin_consent')
                    ->label('Admin consent')
                    ->icon('heroicon-o-clipboard-document')
                    ->url(fn (Tenant $record) => TenantResource::adminConsentUrl($record))
                    ->visible(fn (Tenant $record) => TenantResource::adminConsentUrl($record) !== null)
                    ->openUrlInNewTab(),
                Actions\Action::make('open_in_entra')
                    ->label('Open in Entra')
                    ->icon('heroicon-o-arrow-top-right-on-square')
                    ->url(fn (Tenant $record) => TenantResource::entraUrl($record))
                    ->visible(fn (Tenant $record) => TenantResource::entraUrl($record) !== null)
                    ->openUrlInNewTab(),
                Actions\Action::make('verify')
                    ->label('Verify configuration')
                    ->icon('heroicon-o-check-badge')
                    ->color('primary')
                    ->requiresConfirmation()
                    ->action(function (
                        Tenant $record,
                        TenantConfigService $configService,
                        TenantPermissionService $permissionService,
                        RbacHealthService $rbacHealthService,
                        AuditLogger $auditLogger
                    ) {
                        TenantResource::verifyTenant($record, $configService, $permissionService, $rbacHealthService, $auditLogger);
                    }),
                TenantResource::rbacAction(),
                UiEnforcement::forAction(
                    Actions\Action::make('archive')
                        ->label('Deactivate')
                        ->color('danger')
                        ->icon('heroicon-o-archive-box-x-mark')
                        ->visible(fn (Tenant $record): bool => ! $record->trashed())
                        ->action(function (Tenant $record, AuditLogger $auditLogger): void {
                            $record->delete();

                            $auditLogger->log(
                                tenant: $record,
                                action: 'tenant.archived',
                                resourceType: 'tenant',
                                resourceId: (string) $record->getKey(),
                                status: 'success',
                                context: [
                                    'metadata' => [
                                        'internal_tenant_id' => (int) $record->getKey(),
                                        'tenant_guid' => (string) $record->tenant_id,
                                    ],
                                ]
                            );

                            Notification::make()
                                ->title('Tenant deactivated')
                                ->body('The tenant has been archived and hidden from lists.')
                                ->success()
                                ->send();
                        })
                )
                    ->preserveVisibility()
                    ->requireCapability(Capabilities::TENANT_DELETE)
                    ->destructive()
                    ->apply(),
            ])
                ->label('Actions')
                ->icon('heroicon-o-ellipsis-vertical')
                ->color('gray'),
        ];
    }
}