ahmido
bab01f07a9
## Summary - standardize Microsoft provider connections around explicit platform vs dedicated identity modes - centralize admin-consent URL and runtime identity resolution so platform flows no longer fall back to tenant-local credentials - add migration classification, richer consent and verification state handling, dedicated override management, and focused regression coverage ## Validation - focused repo test coverage was added across provider identity, onboarding, audit, policy, guard, and migration flows - latest explicit passing run in the workspace: `vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Audit/ProviderConnectionConsentAuditTest.php` ## Notes - branch includes the full Spec 137 artifact set under `specs/137-platform-provider-identity/` - target base branch: `dev` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #166
93 lines
5.0 KiB
PHP
93 lines
5.0 KiB
PHP
<?php
|
|
|
|
namespace App\Support\Providers;
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Support\Links\RequiredPermissionsLinks;
|
|
|
|
final class ProviderNextStepsRegistry
|
|
{
|
|
/**
|
|
* @return array<int, array{label: string, url: string}>
|
|
*/
|
|
public function forReason(Tenant $tenant, string $reasonCode, ?ProviderConnection $connection = null): array
|
|
{
|
|
return match ($reasonCode) {
|
|
ProviderReasonCodes::ProviderConnectionMissing,
|
|
ProviderReasonCodes::ProviderConnectionInvalid,
|
|
ProviderReasonCodes::TenantTargetMismatch,
|
|
ProviderReasonCodes::PlatformIdentityMissing,
|
|
ProviderReasonCodes::PlatformIdentityIncomplete,
|
|
ProviderReasonCodes::ProviderConnectionReviewRequired => [
|
|
[
|
|
'label' => $connection instanceof ProviderConnection ? 'Review migration classification' : 'Manage Provider Connections',
|
|
'url' => $connection instanceof ProviderConnection
|
|
? ProviderConnectionResource::getUrl('view', ['tenant' => $tenant->external_id, 'record' => (int) $connection->getKey()], panel: 'admin')
|
|
: ProviderConnectionResource::getUrl('index', ['tenant' => $tenant->external_id], panel: 'admin'),
|
|
],
|
|
[
|
|
'label' => 'Review effective app details',
|
|
'url' => $connection instanceof ProviderConnection
|
|
? ProviderConnectionResource::getUrl('edit', ['tenant' => $tenant->external_id, 'record' => (int) $connection->getKey()], panel: 'admin')
|
|
: ProviderConnectionResource::getUrl('index', ['tenant' => $tenant->external_id], panel: 'admin'),
|
|
],
|
|
],
|
|
ProviderReasonCodes::DedicatedCredentialMissing,
|
|
ProviderReasonCodes::DedicatedCredentialInvalid => [
|
|
[
|
|
'label' => $connection instanceof ProviderConnection ? 'Manage dedicated connection' : 'Manage Provider Connections',
|
|
'url' => $connection instanceof ProviderConnection
|
|
? ProviderConnectionResource::getUrl('edit', ['tenant' => $tenant->external_id, 'record' => (int) $connection->getKey()], panel: 'admin')
|
|
: ProviderConnectionResource::getUrl('index', ['tenant' => $tenant->external_id], panel: 'admin'),
|
|
],
|
|
],
|
|
ProviderReasonCodes::ProviderCredentialMissing,
|
|
ProviderReasonCodes::ProviderCredentialInvalid,
|
|
ProviderReasonCodes::ProviderConsentFailed,
|
|
ProviderReasonCodes::ProviderConsentRevoked,
|
|
ProviderReasonCodes::ProviderAuthFailed,
|
|
ProviderReasonCodes::ProviderConsentMissing => [
|
|
[
|
|
'label' => 'Grant admin consent',
|
|
'url' => RequiredPermissionsLinks::adminConsentPrimaryUrl($tenant),
|
|
],
|
|
[
|
|
'label' => $connection instanceof ProviderConnection
|
|
? ($connection->connection_type === ProviderConnectionType::Dedicated ? 'Manage dedicated connection' : 'Review platform connection')
|
|
: 'Manage Provider Connections',
|
|
'url' => $connection instanceof ProviderConnection
|
|
? ProviderConnectionResource::getUrl('edit', ['tenant' => $tenant->external_id, 'record' => (int) $connection->getKey()], panel: 'admin')
|
|
: ProviderConnectionResource::getUrl('index', ['tenant' => $tenant->external_id], panel: 'admin'),
|
|
],
|
|
],
|
|
ProviderReasonCodes::ProviderPermissionMissing,
|
|
ProviderReasonCodes::ProviderPermissionDenied,
|
|
ProviderReasonCodes::ProviderPermissionRefreshFailed,
|
|
ProviderReasonCodes::IntuneRbacPermissionMissing => [
|
|
[
|
|
'label' => 'Open Required Permissions',
|
|
'url' => RequiredPermissionsLinks::requiredPermissions($tenant),
|
|
],
|
|
],
|
|
ProviderReasonCodes::NetworkUnreachable,
|
|
ProviderReasonCodes::RateLimited,
|
|
ProviderReasonCodes::UnknownError => [
|
|
[
|
|
'label' => 'Review Provider Connection',
|
|
'url' => $connection instanceof ProviderConnection
|
|
? ProviderConnectionResource::getUrl('edit', ['tenant' => $tenant->external_id, 'record' => (int) $connection->getKey()], panel: 'admin')
|
|
: ProviderConnectionResource::getUrl('index', ['tenant' => $tenant->external_id], panel: 'admin'),
|
|
],
|
|
],
|
|
default => [
|
|
[
|
|
'label' => 'Manage Provider Connections',
|
|
'url' => ProviderConnectionResource::getUrl('index', ['tenant' => $tenant->external_id], panel: 'admin'),
|
|
],
|
|
],
|
|
};
|
|
}
|
|
}
|