TenantAtlas/apps/platform/tests/Feature/Filament/InventoryPagesTest.php

<?php

declare(strict_types=1);

use App\Filament\Pages\InventoryCoverage;
use App\Filament\Resources\InventoryItemResource;
use App\Models\InventoryItem;
use App\Models\OperationRun;
use App\Models\ManagedEnvironment;
use App\Support\Inventory\InventoryCoverage as InventoryCoveragePayload;
use App\Support\Inventory\InventoryPolicyTypeMeta;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

function seedInventoryCoverageBasis(ManagedEnvironment $tenant): OperationRun
{
    InventoryItem::factory()->create([
        'managed_environment_id' => (int) $tenant->getKey(),
        'display_name' => 'Conditional Access Prod',
        'policy_type' => 'conditionalAccessPolicy',
        'external_id' => 'ca-1',
        'platform' => 'windows',
    ]);

    InventoryItem::factory()->create([
        'managed_environment_id' => (int) $tenant->getKey(),
        'display_name' => 'Device Compliance Legacy',
        'policy_type' => 'deviceCompliancePolicy',
        'external_id' => 'dc-1',
        'platform' => 'windows',
    ]);

    return OperationRun::factory()->create([
        'managed_environment_id' => (int) $tenant->getKey(),
        'workspace_id' => (int) $tenant->workspace_id,
        'type' => 'inventory_sync',
        'status' => 'completed',
        'outcome' => 'partially_succeeded',
        'context' => [
            'inventory' => [
                'coverage' => InventoryCoveragePayload::buildPayload([
                    'conditionalAccessPolicy' => [
                        'status' => InventoryCoveragePayload::StatusSucceeded,
                        'item_count' => 1,
                    ],
                    'deviceConfiguration' => [
                        'status' => InventoryCoveragePayload::StatusFailed,
                        'item_count' => 0,
                        'error_code' => 'graph_forbidden',
                    ],
                    'roleScopeTag' => [
                        'status' => InventoryCoveragePayload::StatusSkipped,
                        'item_count' => 0,
                    ],
                ], ['roleScopeTag']),
            ],
        ],
        'completed_at' => now(),
    ]);
}

test('inventory hub pages render truthful coverage-first summaries and basis continuity', function (): void {
    $tenant = ManagedEnvironment::factory()->create();
    [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');

    $basisRun = seedInventoryCoverageBasis($tenant);

    $itemsUrl = InventoryItemResource::getUrl('index', panel: 'admin', tenant: $tenant);
    $coverageUrl = InventoryCoverage::getUrl(panel: 'admin').'?tenant='.urlencode((string) $tenant->external_id);

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
        ->get($itemsUrl)
        ->assertOk()
        ->assertSee('Run Inventory Sync')
        ->assertSee('Total items')
        ->assertSee('Covered types')
        ->assertSee('Need follow-up')
        ->assertSee('Coverage basis')
        ->assertSee('Active ops')
        ->assertSee('Open basis run')
        ->assertSee(\App\Support\OperationRunLinks::tenantlessView($basisRun), false)
        ->assertSee('Conditional Access Prod');

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
        ->get($coverageUrl)
        ->assertOk()
        ->assertSee('ManagedEnvironment coverage truth')
        ->assertSee('Covered types')
        ->assertSee('Need follow-up')
        ->assertSee('Observed items')
        ->assertSee('Inventory sync history')
        ->assertSee('Open inventory items')
        ->assertSee((string) InventoryPolicyTypeMeta::label('conditionalAccessPolicy'))
        ->assertSee((string) InventoryPolicyTypeMeta::label('deviceConfiguration'))
        ->assertSee((string) InventoryPolicyTypeMeta::label('deviceCompliancePolicy'))
        ->assertSee('Review provider consent or permissions, then rerun inventory sync.');
});

test('inventory coverage page makes the no-basis fallback explicit', function (): void {
    $tenant = ManagedEnvironment::factory()->create();
    [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');

    $this->actingAs($user)
        ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
        ->get(InventoryCoverage::getUrl(panel: 'admin').'?tenant='.urlencode((string) $tenant->external_id))
        ->assertOk()
        ->assertSee('No current coverage basis')
        ->assertSee('Run Inventory Sync from Inventory Items to establish current tenant coverage truth.')
        ->assertSee('Open inventory items');
});