Automated PR for spec 427 Exchange Teams verified source contract enablement. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #494
51 lines
2.2 KiB
PHP
51 lines
2.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\TenantConfigurationResourceType;
|
|
use App\Services\Graph\GraphContractRegistry;
|
|
use App\Services\TenantConfiguration\CoverageSourceContractDecision;
|
|
use App\Services\TenantConfiguration\CoverageSourceContractResolver;
|
|
use App\Services\TenantConfiguration\ResourceTypeRegistry;
|
|
|
|
it('Spec427 blocks unclear or unproductized permissions without widening provider scopes', function (string $canonicalType): void {
|
|
$decision = (new CoverageSourceContractResolver(new GraphContractRegistry))
|
|
->resolve(spec427PermissionResourceType($canonicalType));
|
|
|
|
$permissions = $decision->sourceMetadata['permission_model'];
|
|
|
|
expect($decision->sourceContractState)->toBe(CoverageSourceContractDecision::CONTRACT_BLOCKED_REPO_ADAPTER_MISSING)
|
|
->and($permissions['status'])->toBe('not_productized')
|
|
->and($permissions['required_application_permissions'])->toBe([])
|
|
->and($permissions['delegated_permissions'])->toBe([])
|
|
->and($permissions['admin_consent_required'])->toBeTrue()
|
|
->and($permissions['permission_failure_mode'])->toBe('block_without_provider_call')
|
|
->and($permissions['redacted_permission_context'])->toBeTrue()
|
|
->and(config("graph_contracts.types.{$canonicalType}", []))->toBe([]);
|
|
})->with([
|
|
'transportRule',
|
|
'acceptedDomain',
|
|
'appPermissionPolicy',
|
|
'meetingPolicy',
|
|
]);
|
|
|
|
it('Spec427 does not add target-specific Graph contract permissions for the Exchange and Teams blocker slice', function (): void {
|
|
$registered = array_keys((array) config('graph_contracts.types', []));
|
|
|
|
expect($registered)
|
|
->not->toContain('transportRule')
|
|
->not->toContain('acceptedDomain')
|
|
->not->toContain('appPermissionPolicy')
|
|
->not->toContain('meetingPolicy');
|
|
});
|
|
|
|
function spec427PermissionResourceType(string $canonicalType): TenantConfigurationResourceType
|
|
{
|
|
$definition = collect(ResourceTypeRegistry::defaultDefinitions())
|
|
->firstWhere('canonical_type', $canonicalType);
|
|
|
|
expect($definition)->not->toBeNull("Missing default resource type definition for {$canonicalType}.");
|
|
|
|
return new TenantConfigurationResourceType($definition);
|
|
}
|