ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8ee1174c8d
TenantAtlas/app/Support/References/Resolvers/EntraGroupReferenceResolver.php
ahmido 8ee1174c8d feat: add resolved reference presentation layer (#161) 
## Summary
- add the shared resolved-reference foundation with registry, resolvers, presenters, and badge semantics
- refactor related context, assignment evidence, and policy-version assignment rendering toward label-first reference presentation
- add Spec 132 artifacts and focused Pest coverage for reference resolution, degraded states, canonical linking, and tenant-context carryover

## Verification
- `vendor/bin/sail bin pint --dirty --format agent`
- focused Pest verification was marked complete in the task artifact

## Notes
- this PR is opened from the current session branch
- `specs/132-guid-context-resolver/tasks.md` reflects in-progress completion state for the implemented tasks

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #161
2026-03-10 18:52:52 +00:00

117 lines
4.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Support\References\Resolvers;
use App\Filament\Resources\EntraGroupResource;
use App\Models\EntraGroup;
use App\Models\Tenant;
use App\Models\User;
use App\Services\Auth\CapabilityResolver;
use App\Services\Directory\EntraGroupLabelResolver;
use App\Support\Auth\Capabilities;
use App\Support\References\ReferenceClass;
use App\Support\References\ReferenceDescriptor;
use App\Support\References\ReferenceLinkTarget;
use App\Support\References\ResolvedReference;
final class EntraGroupReferenceResolver extends BaseReferenceResolver
{
public function __construct(
\App\Support\References\ReferenceTypeLabelCatalog $typeLabels,
private readonly CapabilityResolver $capabilityResolver,
private readonly EntraGroupLabelResolver $groupLabelResolver,
) {
parent::__construct($typeLabels);
}
public function referenceClass(): ReferenceClass
{
return ReferenceClass::Group;
}
public function resolve(ReferenceDescriptor $descriptor): ResolvedReference
{
$tenantId = $descriptor->tenantId;
if ($tenantId === null || $tenantId <= 0) {
return $this->unresolved($descriptor, primaryLabel: 'Group');
}
$tenant = Tenant::query()->whereKey($tenantId)->first();
if (! $tenant instanceof Tenant) {
return $this->unresolved($descriptor, primaryLabel: 'Group');
}
$cachedDisplayName = $this->contextString($descriptor, 'cached_display_name');
$resolvedFromCache = $descriptor->contextValue('resolved_from_cache');
$group = EntraGroup::query()
->where('tenant_id', $tenantId)
->where('entra_id', strtolower($descriptor->rawIdentifier))
->first();
if (! $group instanceof EntraGroup && $cachedDisplayName === null) {
$cachedDisplayName = $this->groupLabelResolver->lookupOne($tenant, $descriptor->rawIdentifier);
$resolvedFromCache = $cachedDisplayName !== null;
}
if ($group instanceof EntraGroup) {
if (! $this->canOpenTenantRecord($group->tenant, Capabilities::TENANT_VIEW)) {
return $this->inaccessible($descriptor, primaryLabel: 'Group');
}
return $this->resolved(
descriptor: $descriptor,
primaryLabel: (string) $group->display_name,
secondaryLabel: $this->groupTypeLabel($group),
linkTarget: new ReferenceLinkTarget(
targetKind: ReferenceClass::Group->value,
url: EntraGroupResource::getUrl('view', ['record' => $group], tenant: $group->tenant),
actionLabel: 'View group',
contextBadge: 'Tenant',
),
);
}
if ($cachedDisplayName !== null) {
return ($resolvedFromCache === true)
? $this->partiallyResolved($descriptor, primaryLabel: $cachedDisplayName, secondaryLabel: 'Cached group')
: $this->externalLimited($descriptor, primaryLabel: $cachedDisplayName, secondaryLabel: 'Captured group');
}
return $this->unresolved($descriptor, primaryLabel: 'Group');
}
private function canOpenTenantRecord(?Tenant $tenant, string $capability): bool
{
$user = auth()->user();
return $tenant instanceof Tenant
&& $user instanceof User
&& $this->capabilityResolver->isMember($user, $tenant)
&& $this->capabilityResolver->can($user, $tenant, $capability);
}
private function groupTypeLabel(EntraGroup $group): string
{
$groupTypes = $group->group_types;
if (is_array($groupTypes) && in_array('Unified', $groupTypes, true)) {
return 'Microsoft 365 group';
}
if ($group->security_enabled) {
return 'Security group';
}
if ($group->mail_enabled) {
return 'Mail-enabled group';
}
return 'Directory group';
}
}
Reference in New Issue View Git Blame Copy Permalink