ahmido
38d9826f5e
Implements workspace-first enforcement and UX: - Workspace selected before tenant flows; /admin routes into choose-workspace/choose-tenant - Tenant lists and default tenant selection are scoped to current workspace - Workspaces UI is tenantless at /admin/workspaces Security hardening: - Workspaces can never have 0 owners (blocks last-owner removal/demotion) - Blocked attempts are audited with action_id=workspace_membership.last_owner_blocked + required metadata - Optional break-glass recovery page to re-assign workspace owner (audited) Tests: - Added/updated Pest feature tests covering redirects, scoping, tenantless workspaces, last-owner guards, and break-glass recovery. Notes: - Filament v5 strict Page property signatures respected in RepairWorkspaceOwners. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #86
40 lines
960 B
PHP
40 lines
960 B
PHP
<?php
|
|
|
|
namespace App\Console\Commands;
|
|
|
|
use App\Jobs\SyncPoliciesJob;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Console\Command;
|
|
|
|
class SyncPolicies extends Command
|
|
{
|
|
protected $signature = 'intune:sync-policies {--tenant=} {--types=* : Limit to specific policy types}';
|
|
|
|
protected $description = 'Sync supported Intune policies from Microsoft Graph';
|
|
|
|
public function handle(): int
|
|
{
|
|
$tenant = $this->resolveTenant();
|
|
$types = $this->option('types') ?: null;
|
|
|
|
SyncPoliciesJob::dispatch($tenant->id, $types);
|
|
|
|
$this->info("Policy sync dispatched for tenant {$tenant->graphTenantId()}");
|
|
|
|
return Command::SUCCESS;
|
|
}
|
|
|
|
private function resolveTenant(): Tenant
|
|
{
|
|
$tenantId = $this->option('tenant');
|
|
|
|
if ($tenantId) {
|
|
return Tenant::query()
|
|
->forTenant($tenantId)
|
|
->firstOrFail();
|
|
}
|
|
|
|
return Tenant::currentOrFail();
|
|
}
|
|
}
|