TenantAtlas/app/Support/References/Resolvers/EntraRoleDefinitionReferenceResolver.php

<?php

declare(strict_types=1);

namespace App\Support\References\Resolvers;

use App\Models\EntraRoleDefinition;
use App\Support\References\ReferenceClass;
use App\Support\References\ReferenceDescriptor;
use App\Support\References\ResolvedReference;

final class EntraRoleDefinitionReferenceResolver extends BaseReferenceResolver
{
    public function __construct(
        \App\Support\References\ReferenceTypeLabelCatalog $typeLabels,
    ) {
        parent::__construct($typeLabels);
    }

    public function referenceClass(): ReferenceClass
    {
        return ReferenceClass::RoleDefinition;
    }

    public function resolve(ReferenceDescriptor $descriptor): ResolvedReference
    {
        $tenantId = $descriptor->tenantId;

        if ($tenantId === null || $tenantId <= 0) {
            return $this->unresolved($descriptor, primaryLabel: 'Role definition');
        }

        $roleDefinition = EntraRoleDefinition::query()
            ->where('tenant_id', $tenantId)
            ->where('entra_id', $descriptor->rawIdentifier)
            ->first();

        if ($roleDefinition instanceof EntraRoleDefinition) {
            return $this->resolved(
                descriptor: $descriptor,
                primaryLabel: (string) $roleDefinition->display_name,
                secondaryLabel: $roleDefinition->is_built_in ? 'Built-in role definition' : 'Custom role definition',
            );
        }

        $fallback = $descriptor->fallbackLabel;

        if (is_string($fallback) && trim($fallback) !== '') {
            return $this->externalLimited($descriptor, primaryLabel: $fallback, secondaryLabel: 'Captured role definition');
        }

        return $this->unresolved($descriptor, primaryLabel: 'Role definition');
    }
}