ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ce0615a9c1
TenantAtlas/apps/platform/tests/Unit/TenantPermissionCheckClustersTest.php
ahmido ce0615a9c1 Spec 182: relocate Laravel platform to apps/platform (#213) 
## Summary
- move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling
- update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location
- add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation`
- integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404`

## Remaining Rollout Checks
- validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout
- confirm web, queue, and scheduler processes all start from the expected working directory in staging/production
- verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #213
2026-04-08 08:40:47 +00:00

135 lines
4.9 KiB
PHP
Raw Blame History

<?php
use App\Models\Tenant;
use App\Support\Links\RequiredPermissionsLinks;
use App\Support\Verification\TenantPermissionCheckClusters;
use App\Support\Verification\VerificationCheckStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('marks a cluster as failed and blocking when an application permission is missing', function (): void {
$tenant = Tenant::factory()->create(['external_id' => 'tenant-a']);
$checks = TenantPermissionCheckClusters::buildChecks($tenant, [
[
'key' => 'Directory.Read.All',
'type' => 'application',
'description' => null,
'features' => [],
'status' => 'granted',
'details' => null,
],
[
'key' => 'Group.Read.All',
'type' => 'application',
'description' => null,
'features' => [],
'status' => 'missing',
'details' => null,
],
]);
$directoryCheck = collect($checks)->firstWhere('key', 'permissions.directory_groups');
expect($directoryCheck)->toBeArray();
expect($directoryCheck['status'] ?? null)->toBe(VerificationCheckStatus::Fail->value);
expect($directoryCheck['blocking'] ?? null)->toBeTrue();
expect($directoryCheck['next_steps'][0]['url'] ?? null)
->toBe(RequiredPermissionsLinks::requiredPermissions($tenant));
});
it('marks a cluster as warn and non-blocking when only delegated permissions are missing', function (): void {
$tenant = Tenant::factory()->create(['external_id' => 'tenant-b']);
$checks = TenantPermissionCheckClusters::buildChecks($tenant, [
[
'key' => 'DeviceManagementApps.Read.All',
'type' => 'delegated',
'description' => null,
'features' => [],
'status' => 'missing',
'details' => null,
],
]);
$appsCheck = collect($checks)->firstWhere('key', 'permissions.intune_apps');
expect($appsCheck)->toBeArray();
expect($appsCheck['status'] ?? null)->toBe(VerificationCheckStatus::Warn->value);
expect($appsCheck['blocking'] ?? null)->toBeFalse();
});
it('marks a cluster as skipped when no mapped permissions are present', function (): void {
$tenant = Tenant::factory()->create(['external_id' => 'tenant-c']);
$checks = TenantPermissionCheckClusters::buildChecks($tenant, []);
$rbacCheck = collect($checks)->firstWhere('key', 'permissions.intune_rbac_assignments');
expect($rbacCheck)->toBeArray();
expect($rbacCheck['status'] ?? null)->toBe(VerificationCheckStatus::Skip->value);
});
it('marks a cluster as passed when all mapped permissions are granted', function (): void {
$tenant = Tenant::factory()->create(['external_id' => 'tenant-d']);
$checks = TenantPermissionCheckClusters::buildChecks($tenant, [
[
'key' => 'Directory.Read.All',
'type' => 'application',
'description' => null,
'features' => [],
'status' => 'granted',
'details' => null,
],
[
'key' => 'Group.Read.All',
'type' => 'application',
'description' => null,
'features' => [],
'status' => 'granted',
'details' => null,
],
]);
$directoryCheck = collect($checks)->firstWhere('key', 'permissions.directory_groups');
expect($directoryCheck)->toBeArray();
expect($directoryCheck['status'] ?? null)->toBe(VerificationCheckStatus::Pass->value);
expect($directoryCheck['next_steps'] ?? null)->toBeArray()->toBeEmpty();
});
it('degrades permission clusters to warnings when inventory is not fresh', function (): void {
$tenant = Tenant::factory()->create(['external_id' => 'tenant-e']);
$checks = TenantPermissionCheckClusters::buildChecks(
tenant: $tenant,
permissions: [
[
'key' => 'Directory.Read.All',
'type' => 'application',
'description' => null,
'features' => [],
'status' => 'missing',
'details' => null,
],
],
inventory: [
'fresh' => false,
'reason_code' => 'throttled',
'message' => 'Unable to refresh observed permissions inventory during this run. Retry verification.',
],
);
$adminConsentCheck = collect($checks)->firstWhere('key', 'permissions.admin_consent');
expect($adminConsentCheck)->toBeArray();
expect($adminConsentCheck['status'] ?? null)->toBe(VerificationCheckStatus::Warn->value);
expect($adminConsentCheck['blocking'] ?? null)->toBeFalse();
expect($adminConsentCheck['reason_code'] ?? null)->toBe('rate_limited');
expect($adminConsentCheck['next_steps'] ?? [])->not->toBeEmpty();
expect((string) ($adminConsentCheck['message'] ?? ''))->toContain('Unable to refresh observed permissions inventory');
});
Reference in New Issue View Git Blame Copy Permalink