TenantAtlas/apps/platform/tests/Unit/Support/TenantConfiguration/Spec427SourceContractPermissionMetadataTest.php
ahmido bfb52b84d6 feat: implement spec 427 source contract enablement (#494)
Automated PR for spec 427 Exchange Teams verified source contract enablement.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #494
2026-07-03 23:12:45 +00:00

51 lines
2.2 KiB
PHP

<?php
declare(strict_types=1);
use App\Models\TenantConfigurationResourceType;
use App\Services\Graph\GraphContractRegistry;
use App\Services\TenantConfiguration\CoverageSourceContractDecision;
use App\Services\TenantConfiguration\CoverageSourceContractResolver;
use App\Services\TenantConfiguration\ResourceTypeRegistry;
it('Spec427 blocks unclear or unproductized permissions without widening provider scopes', function (string $canonicalType): void {
$decision = (new CoverageSourceContractResolver(new GraphContractRegistry))
->resolve(spec427PermissionResourceType($canonicalType));
$permissions = $decision->sourceMetadata['permission_model'];
expect($decision->sourceContractState)->toBe(CoverageSourceContractDecision::CONTRACT_BLOCKED_REPO_ADAPTER_MISSING)
->and($permissions['status'])->toBe('not_productized')
->and($permissions['required_application_permissions'])->toBe([])
->and($permissions['delegated_permissions'])->toBe([])
->and($permissions['admin_consent_required'])->toBeTrue()
->and($permissions['permission_failure_mode'])->toBe('block_without_provider_call')
->and($permissions['redacted_permission_context'])->toBeTrue()
->and(config("graph_contracts.types.{$canonicalType}", []))->toBe([]);
})->with([
'transportRule',
'acceptedDomain',
'appPermissionPolicy',
'meetingPolicy',
]);
it('Spec427 does not add target-specific Graph contract permissions for the Exchange and Teams blocker slice', function (): void {
$registered = array_keys((array) config('graph_contracts.types', []));
expect($registered)
->not->toContain('transportRule')
->not->toContain('acceptedDomain')
->not->toContain('appPermissionPolicy')
->not->toContain('meetingPolicy');
});
function spec427PermissionResourceType(string $canonicalType): TenantConfigurationResourceType
{
$definition = collect(ResourceTypeRegistry::defaultDefinitions())
->firstWhere('canonical_type', $canonicalType);
expect($definition)->not->toBeNull("Missing default resource type definition for {$canonicalType}.");
return new TenantConfigurationResourceType($definition);
}