ahmido
4db8030f2a
Implements Spec 081 provider-connection cutover. Highlights: - Adds provider connection resolution + gating for operations/verification. - Adds provider credential observer wiring. - Updates Filament tenant verify flow to block with next-steps when provider connection isn’t ready. - Adds spec docs under specs/081-provider-connection-cutover/ and extensive Spec081 test coverage. Tests: - vendor/bin/sail artisan test --compact tests/Feature/Filament/TenantSetupTest.php - Focused suites for ProviderConnections/Verification ran during implementation (see local logs). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #98
760 lines
37 KiB
PHP
760 lines
37 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources;
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource\Pages;
|
|
use App\Jobs\ProviderComplianceSnapshotJob;
|
|
use App\Jobs\ProviderInventorySyncJob;
|
|
use App\Models\OperationRun;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Services\Intune\AuditLogger;
|
|
use App\Services\Providers\CredentialManager;
|
|
use App\Services\Providers\ProviderOperationStartGate;
|
|
use App\Services\Verification\StartVerification;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Badges\BadgeDomain;
|
|
use App\Support\Badges\BadgeRenderer;
|
|
use App\Support\OperationRunLinks;
|
|
use App\Support\Rbac\UiEnforcement;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use BackedEnum;
|
|
use Filament\Actions;
|
|
use Filament\Forms\Components\TextInput;
|
|
use Filament\Forms\Components\Toggle;
|
|
use Filament\Notifications\Notification;
|
|
use Filament\Resources\Resource;
|
|
use Filament\Schemas\Schema;
|
|
use Filament\Tables;
|
|
use Filament\Tables\Filters\SelectFilter;
|
|
use Filament\Tables\Table;
|
|
use Illuminate\Database\Eloquent\Builder;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use UnitEnum;
|
|
|
|
class ProviderConnectionResource extends Resource
|
|
{
|
|
protected static bool $isDiscovered = false;
|
|
|
|
protected static bool $isScopedToTenant = false;
|
|
|
|
protected static ?string $model = ProviderConnection::class;
|
|
|
|
protected static ?string $slug = 'tenants/{tenant}/provider-connections';
|
|
|
|
protected static bool $isGloballySearchable = false;
|
|
|
|
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-link';
|
|
|
|
protected static string|UnitEnum|null $navigationGroup = 'Providers';
|
|
|
|
protected static ?string $navigationLabel = 'Connections';
|
|
|
|
protected static ?string $recordTitleAttribute = 'display_name';
|
|
|
|
protected static function hasTenantCapability(string $capability): bool
|
|
{
|
|
$tenant = static::resolveScopedTenant();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return false;
|
|
}
|
|
|
|
/** @var CapabilityResolver $resolver */
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
return $resolver->isMember($user, $tenant)
|
|
&& $resolver->can($user, $tenant, $capability);
|
|
}
|
|
|
|
protected static function resolveScopedTenant(): ?Tenant
|
|
{
|
|
$routeTenant = request()->route('tenant');
|
|
|
|
if ($routeTenant instanceof Tenant) {
|
|
return $routeTenant;
|
|
}
|
|
|
|
if (is_string($routeTenant) && $routeTenant !== '') {
|
|
return Tenant::query()
|
|
->where('external_id', $routeTenant)
|
|
->first();
|
|
}
|
|
|
|
return Tenant::current();
|
|
}
|
|
|
|
public static function form(Schema $schema): Schema
|
|
{
|
|
return $schema
|
|
->schema([
|
|
TextInput::make('display_name')
|
|
->label('Display name')
|
|
->required()
|
|
->disabled(fn (): bool => ! static::hasTenantCapability(Capabilities::PROVIDER_MANAGE))
|
|
->maxLength(255),
|
|
TextInput::make('entra_tenant_id')
|
|
->label('Entra tenant ID')
|
|
->required()
|
|
->maxLength(255)
|
|
->disabled(fn (): bool => ! static::hasTenantCapability(Capabilities::PROVIDER_MANAGE))
|
|
->rules(['uuid']),
|
|
Toggle::make('is_default')
|
|
->label('Default connection')
|
|
->disabled(fn (): bool => ! static::hasTenantCapability(Capabilities::PROVIDER_MANAGE))
|
|
->helperText('Exactly one default connection is required per tenant/provider.'),
|
|
TextInput::make('status')
|
|
->label('Status')
|
|
->disabled()
|
|
->dehydrated(false),
|
|
TextInput::make('health_status')
|
|
->label('Health')
|
|
->disabled()
|
|
->dehydrated(false),
|
|
]);
|
|
}
|
|
|
|
public static function table(Table $table): Table
|
|
{
|
|
return $table
|
|
->modifyQueryUsing(function (Builder $query): Builder {
|
|
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
|
|
$tenantId = static::resolveScopedTenant()?->getKey();
|
|
|
|
if ($workspaceId === null) {
|
|
return $query->whereRaw('1 = 0');
|
|
}
|
|
|
|
return $query
|
|
->where('workspace_id', (int) $workspaceId)
|
|
->when($tenantId, fn (Builder $q) => $q->where('tenant_id', $tenantId));
|
|
})
|
|
->defaultSort('display_name')
|
|
->columns([
|
|
Tables\Columns\TextColumn::make('display_name')->label('Name')->searchable(),
|
|
Tables\Columns\TextColumn::make('provider')->label('Provider')->toggleable(),
|
|
Tables\Columns\TextColumn::make('entra_tenant_id')->label('Entra tenant ID')->copyable()->toggleable(),
|
|
Tables\Columns\IconColumn::make('is_default')->label('Default')->boolean(),
|
|
Tables\Columns\TextColumn::make('status')
|
|
->label('Status')
|
|
->badge()
|
|
->formatStateUsing(BadgeRenderer::label(BadgeDomain::ProviderConnectionStatus))
|
|
->color(BadgeRenderer::color(BadgeDomain::ProviderConnectionStatus))
|
|
->icon(BadgeRenderer::icon(BadgeDomain::ProviderConnectionStatus))
|
|
->iconColor(BadgeRenderer::iconColor(BadgeDomain::ProviderConnectionStatus)),
|
|
Tables\Columns\TextColumn::make('health_status')
|
|
->label('Health')
|
|
->badge()
|
|
->formatStateUsing(BadgeRenderer::label(BadgeDomain::ProviderConnectionHealth))
|
|
->color(BadgeRenderer::color(BadgeDomain::ProviderConnectionHealth))
|
|
->icon(BadgeRenderer::icon(BadgeDomain::ProviderConnectionHealth))
|
|
->iconColor(BadgeRenderer::iconColor(BadgeDomain::ProviderConnectionHealth)),
|
|
Tables\Columns\TextColumn::make('last_health_check_at')->label('Last check')->since()->toggleable(),
|
|
])
|
|
->filters([
|
|
SelectFilter::make('status')
|
|
->label('Status')
|
|
->options([
|
|
'connected' => 'Connected',
|
|
'needs_consent' => 'Needs consent',
|
|
'error' => 'Error',
|
|
'disabled' => 'Disabled',
|
|
])
|
|
->query(function (Builder $query, array $data): Builder {
|
|
$value = $data['value'] ?? null;
|
|
|
|
if (! is_string($value) || $value === '') {
|
|
return $query;
|
|
}
|
|
|
|
return $query->where('status', $value);
|
|
}),
|
|
SelectFilter::make('health_status')
|
|
->label('Health')
|
|
->options([
|
|
'ok' => 'OK',
|
|
'degraded' => 'Degraded',
|
|
'down' => 'Down',
|
|
'unknown' => 'Unknown',
|
|
])
|
|
->query(function (Builder $query, array $data): Builder {
|
|
$value = $data['value'] ?? null;
|
|
|
|
if (! is_string($value) || $value === '') {
|
|
return $query;
|
|
}
|
|
|
|
return $query->where('health_status', $value);
|
|
}),
|
|
])
|
|
->actions([
|
|
Actions\ActionGroup::make([
|
|
UiEnforcement::forAction(
|
|
Actions\EditAction::make()
|
|
)
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('check_connection')
|
|
->label('Check connection')
|
|
->icon('heroicon-o-check-badge')
|
|
->color('success')
|
|
->visible(fn (ProviderConnection $record): bool => $record->status !== 'disabled')
|
|
->action(function (ProviderConnection $record, StartVerification $verification): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
abort(404);
|
|
}
|
|
|
|
if (! $user instanceof User) {
|
|
abort(403);
|
|
}
|
|
|
|
$result = $verification->providerConnectionCheck(
|
|
tenant: $tenant,
|
|
connection: $record,
|
|
initiator: $user,
|
|
);
|
|
|
|
if ($result->status === 'scope_busy') {
|
|
Notification::make()
|
|
->title('Scope busy')
|
|
->body('Another provider operation is already running for this connection.')
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
Actions\Action::make('manage_connections')
|
|
->label('Manage Provider Connections')
|
|
->url(static::getUrl('index', tenant: $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($result->status === 'deduped') {
|
|
Notification::make()
|
|
->title('Run already queued')
|
|
->body('A connection check is already queued or running.')
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
Actions\Action::make('manage_connections')
|
|
->label('Manage Provider Connections')
|
|
->url(static::getUrl('index', tenant: $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($result->status === 'blocked') {
|
|
$reasonCode = is_string($result->run->context['reason_code'] ?? null)
|
|
? (string) $result->run->context['reason_code']
|
|
: 'unknown_error';
|
|
|
|
Notification::make()
|
|
->title('Connection check blocked')
|
|
->body("Blocked by provider configuration ({$reasonCode}).")
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
Actions\Action::make('manage_connections')
|
|
->label('Manage Provider Connections')
|
|
->url(static::getUrl('index', tenant: $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Connection check queued')
|
|
->body('Health check was queued and will run in the background.')
|
|
->success()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::PROVIDER_RUN)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('inventory_sync')
|
|
->label('Inventory sync')
|
|
->icon('heroicon-o-arrow-path')
|
|
->color('info')
|
|
->visible(fn (ProviderConnection $record): bool => $record->status !== 'disabled')
|
|
->action(function (ProviderConnection $record, ProviderOperationStartGate $gate): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return;
|
|
}
|
|
|
|
$initiator = $user;
|
|
|
|
$result = $gate->start(
|
|
tenant: $tenant,
|
|
connection: $record,
|
|
operationType: 'inventory.sync',
|
|
dispatcher: function (OperationRun $operationRun) use ($tenant, $initiator, $record): void {
|
|
ProviderInventorySyncJob::dispatch(
|
|
tenantId: (int) $tenant->getKey(),
|
|
userId: (int) $initiator->getKey(),
|
|
providerConnectionId: (int) $record->getKey(),
|
|
operationRun: $operationRun,
|
|
);
|
|
},
|
|
initiator: $initiator,
|
|
);
|
|
|
|
if ($result->status === 'scope_busy') {
|
|
Notification::make()
|
|
->title('Scope is busy')
|
|
->body('Another provider operation is already running for this connection.')
|
|
->danger()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($result->status === 'deduped') {
|
|
Notification::make()
|
|
->title('Run already queued')
|
|
->body('An inventory sync is already queued or running.')
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($result->status === 'blocked') {
|
|
$reasonCode = is_string($result->run->context['reason_code'] ?? null)
|
|
? (string) $result->run->context['reason_code']
|
|
: 'unknown_error';
|
|
|
|
Notification::make()
|
|
->title('Inventory sync blocked')
|
|
->body("Blocked by provider configuration ({$reasonCode}).")
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Inventory sync queued')
|
|
->body('Inventory sync was queued and will run in the background.')
|
|
->success()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::PROVIDER_RUN)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('compliance_snapshot')
|
|
->label('Compliance snapshot')
|
|
->icon('heroicon-o-shield-check')
|
|
->color('info')
|
|
->visible(fn (ProviderConnection $record): bool => $record->status !== 'disabled')
|
|
->action(function (ProviderConnection $record, ProviderOperationStartGate $gate): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return;
|
|
}
|
|
|
|
$initiator = $user;
|
|
|
|
$result = $gate->start(
|
|
tenant: $tenant,
|
|
connection: $record,
|
|
operationType: 'compliance.snapshot',
|
|
dispatcher: function (OperationRun $operationRun) use ($tenant, $initiator, $record): void {
|
|
ProviderComplianceSnapshotJob::dispatch(
|
|
tenantId: (int) $tenant->getKey(),
|
|
userId: (int) $initiator->getKey(),
|
|
providerConnectionId: (int) $record->getKey(),
|
|
operationRun: $operationRun,
|
|
);
|
|
},
|
|
initiator: $initiator,
|
|
);
|
|
|
|
if ($result->status === 'scope_busy') {
|
|
Notification::make()
|
|
->title('Scope is busy')
|
|
->body('Another provider operation is already running for this connection.')
|
|
->danger()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($result->status === 'deduped') {
|
|
Notification::make()
|
|
->title('Run already queued')
|
|
->body('A compliance snapshot is already queued or running.')
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($result->status === 'blocked') {
|
|
$reasonCode = is_string($result->run->context['reason_code'] ?? null)
|
|
? (string) $result->run->context['reason_code']
|
|
: 'unknown_error';
|
|
|
|
Notification::make()
|
|
->title('Compliance snapshot blocked')
|
|
->body("Blocked by provider configuration ({$reasonCode}).")
|
|
->warning()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Compliance snapshot queued')
|
|
->body('Compliance snapshot was queued and will run in the background.')
|
|
->success()
|
|
->actions([
|
|
Actions\Action::make('view_run')
|
|
->label('View run')
|
|
->url(OperationRunLinks::view($result->run, $tenant)),
|
|
])
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::PROVIDER_RUN)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('set_default')
|
|
->label('Set as default')
|
|
->icon('heroicon-o-star')
|
|
->color('primary')
|
|
->visible(fn (ProviderConnection $record): bool => $record->status !== 'disabled' && ! $record->is_default)
|
|
->action(function (ProviderConnection $record, AuditLogger $auditLogger): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return;
|
|
}
|
|
|
|
$record->makeDefault();
|
|
|
|
$user = auth()->user();
|
|
$actorId = $user instanceof User ? (int) $user->getKey() : null;
|
|
$actorEmail = $user instanceof User ? $user->email : null;
|
|
$actorName = $user instanceof User ? $user->name : null;
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'provider_connection.default_set',
|
|
context: [
|
|
'metadata' => [
|
|
'provider' => $record->provider,
|
|
'entra_tenant_id' => $record->entra_tenant_id,
|
|
],
|
|
],
|
|
actorId: $actorId,
|
|
actorEmail: $actorEmail,
|
|
actorName: $actorName,
|
|
resourceType: 'provider_connection',
|
|
resourceId: (string) $record->getKey(),
|
|
status: 'success',
|
|
);
|
|
|
|
Notification::make()
|
|
->title('Default connection updated')
|
|
->success()
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('update_credentials')
|
|
->label('Update credentials')
|
|
->icon('heroicon-o-key')
|
|
->color('primary')
|
|
->requiresConfirmation()
|
|
->modalDescription('Client secret is stored encrypted and will never be shown again.')
|
|
->form([
|
|
TextInput::make('client_id')
|
|
->label('Client ID')
|
|
->required()
|
|
->maxLength(255),
|
|
TextInput::make('client_secret')
|
|
->label('Client secret')
|
|
->password()
|
|
->required()
|
|
->maxLength(255),
|
|
])
|
|
->action(function (array $data, ProviderConnection $record, CredentialManager $credentials): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return;
|
|
}
|
|
|
|
$credentials->upsertClientSecretCredential(
|
|
connection: $record,
|
|
clientId: (string) $data['client_id'],
|
|
clientSecret: (string) $data['client_secret'],
|
|
);
|
|
|
|
Notification::make()
|
|
->title('Credentials updated')
|
|
->success()
|
|
->send();
|
|
})
|
|
)
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('enable_connection')
|
|
->label('Enable connection')
|
|
->icon('heroicon-o-play')
|
|
->color('success')
|
|
->visible(fn (ProviderConnection $record): bool => $record->status === 'disabled')
|
|
->action(function (ProviderConnection $record, AuditLogger $auditLogger): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return;
|
|
}
|
|
|
|
$hadCredentials = $record->credential()->exists();
|
|
$status = $hadCredentials ? 'connected' : 'needs_consent';
|
|
$previousStatus = (string) $record->status;
|
|
|
|
$record->update([
|
|
'status' => $status,
|
|
'health_status' => 'unknown',
|
|
'last_health_check_at' => null,
|
|
'last_error_reason_code' => null,
|
|
'last_error_message' => null,
|
|
]);
|
|
|
|
$user = auth()->user();
|
|
$actorId = $user instanceof User ? (int) $user->getKey() : null;
|
|
$actorEmail = $user instanceof User ? $user->email : null;
|
|
$actorName = $user instanceof User ? $user->name : null;
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'provider_connection.enabled',
|
|
context: [
|
|
'metadata' => [
|
|
'provider' => $record->provider,
|
|
'entra_tenant_id' => $record->entra_tenant_id,
|
|
'from_status' => $previousStatus,
|
|
'to_status' => $status,
|
|
'credentials_present' => $hadCredentials,
|
|
],
|
|
],
|
|
actorId: $actorId,
|
|
actorEmail: $actorEmail,
|
|
actorName: $actorName,
|
|
resourceType: 'provider_connection',
|
|
resourceId: (string) $record->getKey(),
|
|
status: 'success',
|
|
);
|
|
|
|
if (! $hadCredentials) {
|
|
Notification::make()
|
|
->title('Connection enabled (credentials missing)')
|
|
->body('Add credentials before running checks or operations.')
|
|
->warning()
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Provider connection enabled')
|
|
->success()
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE)
|
|
->apply(),
|
|
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('disable_connection')
|
|
->label('Disable connection')
|
|
->icon('heroicon-o-archive-box-x-mark')
|
|
->color('danger')
|
|
->requiresConfirmation()
|
|
->visible(fn (ProviderConnection $record): bool => $record->status !== 'disabled')
|
|
->action(function (ProviderConnection $record, AuditLogger $auditLogger): void {
|
|
$tenant = static::resolveScopedTenant();
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
return;
|
|
}
|
|
|
|
$previousStatus = (string) $record->status;
|
|
|
|
$record->update([
|
|
'status' => 'disabled',
|
|
]);
|
|
|
|
$user = auth()->user();
|
|
$actorId = $user instanceof User ? (int) $user->getKey() : null;
|
|
$actorEmail = $user instanceof User ? $user->email : null;
|
|
$actorName = $user instanceof User ? $user->name : null;
|
|
|
|
$auditLogger->log(
|
|
tenant: $tenant,
|
|
action: 'provider_connection.disabled',
|
|
context: [
|
|
'metadata' => [
|
|
'provider' => $record->provider,
|
|
'entra_tenant_id' => $record->entra_tenant_id,
|
|
'from_status' => $previousStatus,
|
|
],
|
|
],
|
|
actorId: $actorId,
|
|
actorEmail: $actorEmail,
|
|
actorName: $actorName,
|
|
resourceType: 'provider_connection',
|
|
resourceId: (string) $record->getKey(),
|
|
status: 'success',
|
|
);
|
|
|
|
Notification::make()
|
|
->title('Provider connection disabled')
|
|
->warning()
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE)
|
|
->apply(),
|
|
])
|
|
->label('Actions')
|
|
->icon('heroicon-o-ellipsis-vertical')
|
|
->color('gray'),
|
|
])
|
|
->bulkActions([]);
|
|
}
|
|
|
|
public static function getEloquentQuery(): Builder
|
|
{
|
|
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
|
|
$tenantId = static::resolveScopedTenant()?->getKey();
|
|
|
|
$query = parent::getEloquentQuery();
|
|
|
|
if ($workspaceId === null) {
|
|
return $query->whereRaw('1 = 0');
|
|
}
|
|
|
|
return $query
|
|
->where('workspace_id', (int) $workspaceId)
|
|
->when($tenantId, fn (Builder $query) => $query->where('tenant_id', $tenantId))
|
|
->latest('id');
|
|
}
|
|
|
|
public static function getPages(): array
|
|
{
|
|
return [
|
|
'index' => Pages\ListProviderConnections::route('/'),
|
|
'create' => Pages\CreateProviderConnection::route('/create'),
|
|
'edit' => Pages\EditProviderConnection::route('/{record}/edit'),
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @param array<mixed> $parameters
|
|
*/
|
|
public static function getUrl(?string $name = null, array $parameters = [], bool $isAbsolute = true, ?string $panel = null, ?Model $tenant = null, bool $shouldGuessMissingParameters = false): string
|
|
{
|
|
if (! array_key_exists('tenant', $parameters)) {
|
|
if ($tenant instanceof Tenant) {
|
|
$parameters['tenant'] = $tenant->external_id;
|
|
}
|
|
|
|
$resolvedTenant = static::resolveScopedTenant();
|
|
|
|
if (! array_key_exists('tenant', $parameters) && $resolvedTenant instanceof Tenant) {
|
|
$parameters['tenant'] = $resolvedTenant->external_id;
|
|
}
|
|
}
|
|
|
|
$panel ??= 'admin';
|
|
|
|
if (array_key_exists('tenant', $parameters)) {
|
|
$tenant = null;
|
|
}
|
|
|
|
return parent::getUrl($name, $parameters, $isAbsolute, $panel, $tenant, $shouldGuessMissingParameters);
|
|
}
|
|
}
|