TenantAtlas/apps/platform/tests/Feature/Filament/GroupPolicyConfigurationNormalizedDiffTest.php

<?php

use App\Filament\Resources\PolicyVersionResource;
use App\Models\Policy;
use App\Models\PolicyVersion;
use App\Models\Tenant;
use App\Services\Intune\PolicyNormalizer;
use Carbon\CarbonImmutable;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

test('group policy configuration normalized diff keys use definition display names', function () {
    $flat = app(PolicyNormalizer::class)->flattenForDiff(
        snapshot: [
            'id' => 'gpo-1',
            'displayName' => 'Admin Templates Alpha',
            '@odata.type' => '#microsoft.graph.groupPolicyConfiguration',
            'definitionValues' => [
                [
                    'enabled' => true,
                    'definition@odata.bind' => 'https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions(\'def-1\')',
                    '#Definition_Id' => 'def-1',
                    '#Definition_displayName' => 'Block legacy auth',
                    '#Definition_categoryPath' => 'Windows Components\\Security Options',
                ],
            ],
        ],
        policyType: 'groupPolicyConfiguration',
        platform: 'windows',
    );

    $keys = array_keys($flat);

    expect($keys)->toContain('Administrative Template settings > Windows Components\\Security Options > Block legacy auth (def-1)');
    expect(implode("\n", $keys))->not->toContain('graph.microsoft.com');
});

test('group policy configuration policy-version detail renders the shared normalized diff family', function () {
    $tenant = Tenant::factory()->create([
        'status' => 'active',
    ]);

    [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');

    $policy = Policy::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'external_id' => 'gpo-policy-1',
        'policy_type' => 'groupPolicyConfiguration',
        'display_name' => 'Admin Templates Alpha',
        'platform' => 'windows',
    ]);

    PolicyVersion::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'policy_id' => (int) $policy->getKey(),
        'version_number' => 1,
        'policy_type' => $policy->policy_type,
        'platform' => $policy->platform,
        'created_by' => 'tester@example.com',
        'captured_at' => CarbonImmutable::now()->subMinute(),
        'snapshot' => [
            'id' => 'gpo-1',
            'displayName' => 'Admin Templates Alpha',
            '@odata.type' => '#microsoft.graph.groupPolicyConfiguration',
            'definitionValues' => [
                [
                    'enabled' => false,
                    'definition@odata.bind' => 'https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions(\'def-1\')',
                    '#Definition_Id' => 'def-1',
                    '#Definition_displayName' => 'Block legacy auth',
                    '#Definition_categoryPath' => 'Windows Components\\Security Options',
                ],
            ],
        ],
    ]);

    $version = PolicyVersion::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'policy_id' => (int) $policy->getKey(),
        'version_number' => 2,
        'policy_type' => $policy->policy_type,
        'platform' => $policy->platform,
        'created_by' => 'tester@example.com',
        'captured_at' => CarbonImmutable::now(),
        'snapshot' => [
            'id' => 'gpo-1',
            'displayName' => 'Admin Templates Alpha',
            '@odata.type' => '#microsoft.graph.groupPolicyConfiguration',
            'definitionValues' => [
                [
                    'enabled' => true,
                    'definition@odata.bind' => 'https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions(\'def-1\')',
                    '#Definition_Id' => 'def-1',
                    '#Definition_displayName' => 'Block legacy auth',
                    '#Definition_categoryPath' => 'Windows Components\\Security Options',
                ],
            ],
        ],
    ]);

    $response = $this->actingAs($user)
        ->get(PolicyVersionResource::getUrl('view', ['record' => $version], tenant: $tenant));

    $response->assertSuccessful()->assertSee('Block legacy auth');

    expect($response->getContent())
        ->toContain('data-shared-detail-family="normalized-diff"')
        ->toContain('data-shared-normalized-diff-host="policy_version"')
        ->toContain('data-shared-zone="groups"');
});