ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ad16eee591
TenantAtlas/apps/platform/tests/Unit/Support/ReasonTranslation/RbacReasonTranslationTest.php
ahmido ad16eee591 Spec 204: harden platform core vocabulary (#234) 
## Summary
- add the Spec 204 platform vocabulary foundation, including canonical glossary terms, registry ownership descriptors, canonical operation type and alias resolution, and explicit reason ownership and platform reason-family metadata
- harden platform-facing compare, snapshot, evidence, monitoring, review, and reporting surfaces so they prefer governed-subject and canonical operation semantics while preserving intentional Intune-owned terminology
- extend Spec 204 unit, feature, Filament, and architecture coverage and add the full spec artifacts, checklist, and completed task ledger

## Verification
- ran the focused recent-change Sail verification pack for the new glossary and reason-semantics work
- ran the full Spec 204 quickstart verification pack under Sail
- ran `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- ran an integrated-browser smoke pass covering tenant dashboard, operations, operation detail, baseline compare, evidence, reviews, review packs, provider connections, inventory items, backup schedules, onboarding, and the system dashboard/operations/failures/run-detail surfaces

## Notes
- provider registration is unchanged and remains in `bootstrap/providers.php`
- no new destructive actions or asset-registration changes are introduced by this branch

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #234
2026-04-14 06:09:42 +00:00

29 lines
1.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Support\Governance\PlatformVocabularyGlossary;
use App\Support\RbacReason;
it('translates manual RBAC assignment reasons into operator guidance', function (): void {
$envelope = RbacReason::ManualAssignmentRequired->toReasonResolutionEnvelope();
expect($envelope->operatorLabel)->toBe('Manual role assignment required')
->and($envelope->actionability)->toBe('prerequisite_missing')
->and($envelope->shortExplanation)->toContain('manual Intune RBAC role assignment')
->and($envelope->ownerLayer())->toBe('domain_owned')
->and($envelope->ownerNamespace())->toBe('rbac.intune')
->and($envelope->platformReasonFamily())->toBe('authorization')
->and(RbacReason::ManualAssignmentRequired->boundaryClassification())->toBe(PlatformVocabularyGlossary::BOUNDARY_INTUNE_SPECIFIC)
->and($envelope->guidanceText())->toBe('Next step: Complete the Intune role assignment manually, then refresh RBAC status.');
});
it('marks unsupported RBAC API cases as diagnostic-only operator states', function (): void {
$envelope = RbacReason::UnsupportedApi->toReasonResolutionEnvelope();
expect($envelope->actionability)->toBe('non_actionable')
->and($envelope->operatorLabel)->toBe('RBAC API unsupported')
->and($envelope->ownerNamespace())->toBe('rbac.intune')
->and($envelope->guidanceText())->toBe('No action needed.');
});
Reference in New Issue View Git Blame Copy Permalink