TenantAtlas/app/Services/Intune/TenantPermissionService.php

<?php

namespace App\Services\Intune;

use App\Models\Tenant;
use App\Models\TenantPermission;

class TenantPermissionService
{
    /**
     * @return array<int, array{key:string,type:string,description:?string,features:array<int,string>}>
     */
    public function getRequiredPermissions(): array
    {
        return config('intune_permissions.permissions', []);
    }

    /**
     * @return array<string, array{status:string,details:array<string,mixed>|null,last_checked_at:?\Illuminate\Support\Carbon}>
     */
    public function getGrantedPermissions(Tenant $tenant): array
    {
        return TenantPermission::query()
            ->where('tenant_id', $tenant->id)
            ->get()
            ->keyBy('permission_key')
            ->map(fn (TenantPermission $permission) => [
                'status' => $permission->status,
                'details' => $permission->details,
                'last_checked_at' => $permission->last_checked_at,
            ])
            ->all();
    }

    /**
     * @param  array<string, array{status:string,details?:array<string,mixed>|null}|string>|null  $grantedStatuses
     * @param  bool  $persist  Persist comparison results to tenant_permissions
     * @return array{overall_status:string,permissions:array<int,array{key:string,type:string,description:?string,features:array<int,string>,status:string,details:array<string,mixed>|null}>}
     */
    public function compare(Tenant $tenant, ?array $grantedStatuses = null, bool $persist = true): array
    {
        $required = $this->getRequiredPermissions();
        $granted = $this->normalizeGrantedStatuses($grantedStatuses ?? $this->getGrantedPermissions($tenant));
        $results = [];
        $hasMissing = false;
        $hasErrors = false;
        $checkedAt = now();

        foreach ($required as $permission) {
            $key = $permission['key'];
            $status = $granted[$key]['status'] ?? 'missing';
            $details = $granted[$key]['details'] ?? null;

            if ($persist) {
                TenantPermission::updateOrCreate(
                    [
                        'tenant_id' => $tenant->id,
                        'permission_key' => $key,
                    ],
                    [
                        'status' => $status,
                        'details' => $details,
                        'last_checked_at' => $checkedAt,
                    ]
                );
            }

            $results[] = [
                'key' => $key,
                'type' => $permission['type'] ?? 'application',
                'description' => $permission['description'] ?? null,
                'features' => $permission['features'] ?? [],
                'status' => $status,
                'details' => $details,
            ];

            $hasMissing = $hasMissing || $status === 'missing';
            $hasErrors = $hasErrors || $status === 'error';
        }

        $overall = match (true) {
            $hasErrors => 'error',
            $hasMissing => 'missing',
            default => 'ok',
        };

        return [
            'overall_status' => $overall,
            'permissions' => $results,
        ];
    }

    /**
     * @param  array<string, array{status:string,details?:array<string,mixed>|null}|string>  $granted
     * @return array<string, array{status:string,details:array<string,mixed>|null}>
     */
    private function normalizeGrantedStatuses(array $granted): array
    {
        $normalized = [];

        foreach ($granted as $key => $value) {
            if (is_string($value)) {
                $normalized[$key] = ['status' => $value, 'details' => null];

                continue;
            }

            $normalized[$key] = [
                'status' => $value['status'] ?? 'missing',
                'details' => $value['details'] ?? null,
            ];
        }

        return $normalized;
    }
}