75 lines
2.8 KiB
Markdown
75 lines
2.8 KiB
Markdown
# Quickstart — Intune RBAC Inventory & Backup v1 (127)
|
|
|
|
## Prerequisites
|
|
|
|
- Docker running
|
|
- Laravel Sail available at `vendor/bin/sail`
|
|
- Existing test database available through Sail
|
|
|
|
## Local setup
|
|
|
|
- Start containers:
|
|
- `vendor/bin/sail up -d`
|
|
|
|
- Install dependencies if needed:
|
|
- `vendor/bin/sail composer install`
|
|
- `vendor/bin/sail npm install`
|
|
|
|
## Implementation checkpoints
|
|
|
|
1. Extend foundation metadata and Graph contracts for:
|
|
- `intuneRoleDefinition`
|
|
- `intuneRoleAssignment`
|
|
2. Add RBAC normalizers and register them in `AppServiceProvider`.
|
|
3. Wire permission-warning handling for missing `DeviceManagementRBAC.Read.All`.
|
|
4. Verify inventory, backup, and restore preview surfaces treat both types as foundations and `preview-only`.
|
|
|
|
## Format
|
|
|
|
- Run formatting before final review:
|
|
- `vendor/bin/sail bin pint --dirty --format agent`
|
|
|
|
## Focused tests
|
|
|
|
Run the smallest relevant sets first:
|
|
|
|
- Inventory sync and coverage:
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/Inventory/InventorySyncServiceTest.php`
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/InventoryCoverageTableTest.php`
|
|
|
|
- Foundation backup capture and preview-only behavior:
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/FoundationBackupTest.php`
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreExecutionTest.php`
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/RestoreUnknownPolicyTypeSafetyTest.php`
|
|
|
|
- Graph contract and snapshot helpers:
|
|
- `vendor/bin/sail artisan test --compact tests/Unit/GraphContractRegistryTest.php`
|
|
- `vendor/bin/sail artisan test --compact tests/Unit/FoundationSnapshotServiceTest.php`
|
|
|
|
- RBAC permission and verification surfaces:
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/Verification`
|
|
- `vendor/bin/sail artisan test --compact tests/Unit/RbacOnboardingServiceTest.php`
|
|
|
|
If dedicated spec-127 tests are added, run those file paths directly.
|
|
|
|
## Manual verification checklist
|
|
|
|
- As a tenant member with inventory capability:
|
|
- run inventory sync with foundations enabled
|
|
- confirm `intuneRoleDefinition` and `intuneRoleAssignment` appear in coverage under RBAC
|
|
|
|
- As a tenant member with backup visibility:
|
|
- create a backup set with foundations enabled
|
|
- confirm RBAC foundation items appear as backup items with readable display names
|
|
|
|
- In backup or restore preview detail:
|
|
- confirm both RBAC foundation types show `preview-only`
|
|
- confirm no execute-restore action is available for them
|
|
|
|
- With missing `DeviceManagementRBAC.Read.All`:
|
|
- run verification or inventory sync
|
|
- confirm the result surfaces a clear RBAC permission warning or reason instead of an opaque failure
|
|
|
|
- As a non-member:
|
|
- attempt direct access to tenant-scoped RBAC coverage or backup/version views
|
|
- confirm the response is 404 |