ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a4f2629493
TenantAtlas/tests/Unit/VerificationLinkBehaviorTest.php
ahmido b182f55562 feat: add verify access required permissions assist (#168) 
## Summary
- add an in-place Required Permissions assist to the onboarding Verify Access step via a Filament slideover
- route permission-related verification remediation links into the assist first and keep deep-dive links opening in a new tab
- add view-model and link-behavior helpers plus focused feature, browser, RBAC, and unit coverage for the new assist

## Scope
- onboarding wizard Verify Access UX
- Required Permissions assist rendering and link behavior
- Spec 139 artifacts, contracts, and checklist updates

## Notes
- branch: `139-verify-access-permissions-assist`
- commit: `b4193f1`
- worktree was clean at PR creation time

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #168
2026-03-14 02:00:28 +00:00

104 lines
3.6 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\ProviderConnectionResource;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Support\Links\RequiredPermissionsLinks;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Verification\VerificationLinkBehavior;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('classifies external remediation links as external deep dives', function (): void {
$behavior = app(VerificationLinkBehavior::class)->describe(
label: 'Grant admin consent',
url: 'https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent',
);
expect($behavior)->toMatchArray([
'label' => 'Grant admin consent',
'url' => 'https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent',
'kind' => 'external',
'opens_in_new_tab' => true,
'show_new_tab_hint' => true,
]);
});
it('classifies required permissions links as internal diagnostic deep dives', function (): void {
$tenant = Tenant::factory()->create([
'external_id' => 'tenant-required-permissions-a',
]);
$behavior = app(VerificationLinkBehavior::class)->describe(
label: 'Open required permissions',
url: RequiredPermissionsLinks::requiredPermissions($tenant),
);
expect($behavior)->toMatchArray([
'kind' => 'internal-diagnostic',
'opens_in_new_tab' => true,
'show_new_tab_hint' => true,
]);
});
it('classifies provider connection management routes as internal diagnostic deep dives', function (): void {
$tenant = Tenant::factory()->create([
'external_id' => 'tenant-provider-connections-a',
]);
$connection = ProviderConnection::factory()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'provider' => 'microsoft',
'entra_tenant_id' => (string) $tenant->tenant_id,
]);
$behavior = app(VerificationLinkBehavior::class)->describe(
label: 'Manage Provider Connections',
url: ProviderConnectionResource::getUrl(
'edit',
['tenant' => $tenant->external_id, 'record' => (int) $connection->getKey()],
panel: 'admin',
),
);
expect($behavior)->toMatchArray([
'kind' => 'internal-diagnostic',
'opens_in_new_tab' => true,
'show_new_tab_hint' => true,
]);
});
it('leaves inline-safe onboarding links in the current tab', function (): void {
$behavior = app(VerificationLinkBehavior::class)->describe(
label: 'Return to onboarding',
url: '/admin/onboarding',
);
expect($behavior)->toMatchArray([
'kind' => 'internal-inline-safe',
'opens_in_new_tab' => false,
'show_new_tab_hint' => false,
]);
});
it('routes permission-related verification report checks through the assist when it is available', function (): void {
$behavior = app(VerificationLinkBehavior::class);
expect($behavior->shouldRouteThroughAssist([
'key' => 'provider.connection.preflight',
'reason_code' => ProviderReasonCodes::ProviderConsentMissing,
], true))->toBeTrue()
->and($behavior->shouldRouteThroughAssist([
'key' => 'permissions.admin_consent',
'reason_code' => 'ok',
], true))->toBeTrue()
->and($behavior->shouldRouteThroughAssist([
'key' => 'provider.connection.preflight',
'reason_code' => ProviderReasonCodes::ProviderConsentMissing,
], false))->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink