ahmido
817ad208da
expose enrollment config subtypes as their own policy types (limit/platform restrictions/notifications) with preview-only restore risk and proper Graph contracts classify enrollment configs by their @odata.type + deviceEnrollmentConfigurationType so sync only keeps ESP in windowsEnrollmentStatusPage and the rest stay in their own types, including new restore-normalizer UI blocks + warnings hydrate enrollment notifications: snapshot fetch now downloads each notification template + localized messages, normalized view surfaces template names/subjects/messages, and restore previews keep preview-only behavior tenant UI tweaks: Tenant list and detail actions moved into an action group; “Open in Entra” re-added in index, and detail now has “Deactivate” + tests covering the new menu layout and actions tests added/updated for sync, snapshots, restores, normalized settings, tenant UI, plus Pint/test suite run Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #31
212 lines
6.7 KiB
PHP
212 lines
6.7 KiB
PHP
<?php
|
|
|
|
use App\Models\BackupItem;
|
|
use App\Models\BackupSet;
|
|
use App\Models\Policy;
|
|
use App\Models\Tenant;
|
|
use App\Services\Graph\GraphClientInterface;
|
|
use App\Services\Graph\GraphResponse;
|
|
use App\Services\Intune\RestoreService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
test('enrollment restriction restores are preview-only and skipped on execution', function () {
|
|
$client = new class implements GraphClientInterface
|
|
{
|
|
public int $applyCalls = 0;
|
|
|
|
public function listPolicies(string $policyType, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, ['payload' => []]);
|
|
}
|
|
|
|
public function getOrganization(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
|
|
{
|
|
$this->applyCalls++;
|
|
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getServicePrincipalPermissions(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function request(string $method, string $path, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
};
|
|
|
|
app()->instance(GraphClientInterface::class, $client);
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-enrollment-restriction',
|
|
'name' => 'Tenant Enrollment Restriction',
|
|
'metadata' => [],
|
|
]);
|
|
|
|
$policy = Policy::create([
|
|
'tenant_id' => $tenant->id,
|
|
'external_id' => 'enrollment-restriction-1',
|
|
'policy_type' => 'enrollmentRestriction',
|
|
'display_name' => 'Enrollment Restriction',
|
|
'platform' => 'all',
|
|
]);
|
|
|
|
$backupSet = BackupSet::create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Enrollment Restriction Backup',
|
|
'status' => 'completed',
|
|
'item_count' => 1,
|
|
]);
|
|
|
|
$backupItem = BackupItem::create([
|
|
'tenant_id' => $tenant->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
'policy_id' => $policy->id,
|
|
'policy_identifier' => $policy->external_id,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'payload' => [
|
|
'@odata.type' => '#microsoft.graph.deviceEnrollmentConfiguration',
|
|
'id' => $policy->external_id,
|
|
'displayName' => $policy->display_name,
|
|
],
|
|
]);
|
|
|
|
$service = app(RestoreService::class);
|
|
$preview = $service->preview($tenant, $backupSet, [$backupItem->id]);
|
|
|
|
$previewItem = collect($preview)->first(fn (array $item) => ($item['policy_type'] ?? null) === 'enrollmentRestriction');
|
|
|
|
expect($previewItem)->not->toBeNull()
|
|
->and($previewItem['restore_mode'] ?? null)->toBe('preview-only');
|
|
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: 'tester@example.com',
|
|
actorName: 'Tester',
|
|
);
|
|
|
|
expect($run->results)->toHaveCount(1);
|
|
expect($run->results[0]['status'])->toBe('skipped');
|
|
expect($run->results[0]['reason'])->toBe('preview_only');
|
|
|
|
expect($client->applyCalls)->toBe(0);
|
|
});
|
|
|
|
test('enrollment limit restores are preview-only and skipped on execution', function () {
|
|
$client = new class implements GraphClientInterface
|
|
{
|
|
public int $applyCalls = 0;
|
|
|
|
public function listPolicies(string $policyType, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getPolicy(string $policyType, string $policyId, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, ['payload' => []]);
|
|
}
|
|
|
|
public function getOrganization(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function applyPolicy(string $policyType, string $policyId, array $payload, array $options = []): GraphResponse
|
|
{
|
|
$this->applyCalls++;
|
|
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function getServicePrincipalPermissions(array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
|
|
public function request(string $method, string $path, array $options = []): GraphResponse
|
|
{
|
|
return new GraphResponse(true, []);
|
|
}
|
|
};
|
|
|
|
app()->instance(GraphClientInterface::class, $client);
|
|
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'tenant-enrollment-limit',
|
|
'name' => 'Tenant Enrollment Limit',
|
|
'metadata' => [],
|
|
]);
|
|
|
|
$policy = Policy::create([
|
|
'tenant_id' => $tenant->id,
|
|
'external_id' => 'enrollment-limit-1',
|
|
'policy_type' => 'deviceEnrollmentLimitConfiguration',
|
|
'display_name' => 'Enrollment Limit',
|
|
'platform' => 'all',
|
|
]);
|
|
|
|
$backupSet = BackupSet::create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Enrollment Limit Backup',
|
|
'status' => 'completed',
|
|
'item_count' => 1,
|
|
]);
|
|
|
|
$backupItem = BackupItem::create([
|
|
'tenant_id' => $tenant->id,
|
|
'backup_set_id' => $backupSet->id,
|
|
'policy_id' => $policy->id,
|
|
'policy_identifier' => $policy->external_id,
|
|
'policy_type' => $policy->policy_type,
|
|
'platform' => $policy->platform,
|
|
'payload' => [
|
|
'@odata.type' => '#microsoft.graph.deviceEnrollmentLimitConfiguration',
|
|
'id' => $policy->external_id,
|
|
'displayName' => $policy->display_name,
|
|
'limit' => 5,
|
|
],
|
|
]);
|
|
|
|
$service = app(RestoreService::class);
|
|
$preview = $service->preview($tenant, $backupSet, [$backupItem->id]);
|
|
|
|
$previewItem = collect($preview)->first(fn (array $item) => ($item['policy_type'] ?? null) === 'deviceEnrollmentLimitConfiguration');
|
|
|
|
expect($previewItem)->not->toBeNull()
|
|
->and($previewItem['restore_mode'] ?? null)->toBe('preview-only');
|
|
|
|
$run = $service->execute(
|
|
tenant: $tenant,
|
|
backupSet: $backupSet,
|
|
selectedItemIds: [$backupItem->id],
|
|
dryRun: false,
|
|
actorEmail: 'tester@example.com',
|
|
actorName: 'Tester',
|
|
);
|
|
|
|
expect($run->results)->toHaveCount(1);
|
|
expect($run->results[0]['status'])->toBe('skipped');
|
|
expect($run->results[0]['reason'])->toBe('preview_only');
|
|
|
|
expect($client->applyCalls)->toBe(0);
|
|
});
|