TenantAtlas/tests/Feature/Filament/TenantRoleDefinitionsSelectorDbOnlyTest.php

<?php

declare(strict_types=1);

use App\Filament\Resources\TenantResource;
use App\Models\EntraRoleDefinition;
use App\Models\Tenant;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('searches cached role definitions without Graph calls', function (): void {
    bindFailHardGraphClient();

    /** @var Tenant $tenant */
    $tenant = Tenant::factory()->create();

    EntraRoleDefinition::factory()
        ->for($tenant)
        ->create([
            'entra_id' => '11111111-1111-1111-1111-111111111111',
            'display_name' => 'Policy and Profile Manager',
        ]);

    $options = assertNoOutboundHttp(fn () => TenantResource::roleSearchOptions($tenant, 'Pol'));

    expect($options)->toMatchArray([
        '11111111-1111-1111-1111-111111111111' => 'Policy and Profile Manager (11111111)',
    ]);
});

it('resolves a role definition label from cached data without Graph calls', function (): void {
    bindFailHardGraphClient();

    /** @var Tenant $tenant */
    $tenant = Tenant::factory()->create();

    EntraRoleDefinition::factory()
        ->for($tenant)
        ->create([
            'entra_id' => '22222222-2222-2222-2222-222222222222',
            'display_name' => 'Read Only Operator',
        ]);

    $label = assertNoOutboundHttp(fn () => TenantResource::roleLabelFromCache($tenant, '22222222-2222-2222-2222-222222222222'));

    expect($label)->toBe('Read Only Operator (22222222)');
});