ahmido
55166cf9b8
Implements Spec 083 (Canonical Required Permissions manage surface hardening + issues-first UX).
Highlights:
- Enforces canonical route: /admin/tenants/{tenant}/required-permissions
- Legacy tenant-plane URL /admin/t/{tenant}/required-permissions stays non-existent (404)
- Deny-as-not-found (404) for non-workspace members and non-tenant-entitled users
- Strict tenant resolution (no cross-plane fallback)
- DB-only render (no external provider calls on page load)
- Issues-first layout + canonical next-step links (re-run verification -> /admin/onboarding)
- Freshness/stale detection (missing or >30 days -> warning)
Tests (Sail):
- vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions
- vendor/bin/sail artisan test --compact tests/Unit/TenantRequiredPermissionsFreshnessTest.php tests/Unit/TenantRequiredPermissionsOverallStatusTest.php
Notes:
- Filament v5 / Livewire v4 compliant.
- No destructive actions added in this spec; link-only CTAs.
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #101
125 lines
3.6 KiB
PHP
125 lines
3.6 KiB
PHP
<?php
|
|
|
|
use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
|
|
use App\Support\Verification\VerificationReportOverall;
|
|
|
|
it('maps overall to blocked when any application permission is missing', function (): void {
|
|
$rows = [
|
|
[
|
|
'key' => 'A',
|
|
'type' => 'application',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'missing',
|
|
'details' => null,
|
|
],
|
|
[
|
|
'key' => 'B',
|
|
'type' => 'delegated',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'missing',
|
|
'details' => null,
|
|
],
|
|
];
|
|
|
|
expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
|
|
->toBe(VerificationReportOverall::Blocked->value);
|
|
});
|
|
|
|
it('maps overall to needs_attention when only delegated permissions are missing', function (): void {
|
|
$rows = [
|
|
[
|
|
'key' => 'A',
|
|
'type' => 'application',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'granted',
|
|
'details' => null,
|
|
],
|
|
[
|
|
'key' => 'B',
|
|
'type' => 'delegated',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'missing',
|
|
'details' => null,
|
|
],
|
|
];
|
|
|
|
expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
|
|
->toBe(VerificationReportOverall::NeedsAttention->value);
|
|
});
|
|
|
|
it('maps overall to needs_attention when any permission is in error', function (): void {
|
|
$rows = [
|
|
[
|
|
'key' => 'A',
|
|
'type' => 'application',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'granted',
|
|
'details' => null,
|
|
],
|
|
[
|
|
'key' => 'B',
|
|
'type' => 'application',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'error',
|
|
'details' => ['source' => 'graph_api'],
|
|
],
|
|
];
|
|
|
|
expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
|
|
->toBe(VerificationReportOverall::NeedsAttention->value);
|
|
});
|
|
|
|
it('maps overall to ready when nothing is missing', function (): void {
|
|
$rows = [
|
|
[
|
|
'key' => 'A',
|
|
'type' => 'application',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'granted',
|
|
'details' => null,
|
|
],
|
|
[
|
|
'key' => 'B',
|
|
'type' => 'delegated',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'granted',
|
|
'details' => null,
|
|
],
|
|
];
|
|
|
|
expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
|
|
->toBe(VerificationReportOverall::Ready->value);
|
|
});
|
|
|
|
it('maps overall to needs_attention when freshness is stale without explicit permission gaps', function (): void {
|
|
$rows = [
|
|
[
|
|
'key' => 'A',
|
|
'type' => 'application',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'granted',
|
|
'details' => null,
|
|
],
|
|
[
|
|
'key' => 'B',
|
|
'type' => 'delegated',
|
|
'description' => null,
|
|
'features' => ['backup'],
|
|
'status' => 'granted',
|
|
'details' => null,
|
|
],
|
|
];
|
|
|
|
expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows, true))
|
|
->toBe(VerificationReportOverall::NeedsAttention->value);
|
|
});
|