TenantAtlas/tests/Feature/DirectoryGroups/StartSyncFromGroupsPageTest.php

<?php

use App\Filament\Resources\EntraGroupResource\Pages\ListEntraGroups;
use App\Jobs\EntraGroupSyncJob;
use App\Models\EntraGroupSyncRun;
use App\Models\OperationRun;
use App\Services\Graph\GraphClientInterface;
use Filament\Facades\Filament;
use Illuminate\Support\Facades\Queue;
use Livewire\Livewire;

it('enqueues group sync and creates a canonical operation run', function () {
    Queue::fake();

    $this->mock(GraphClientInterface::class, function ($mock): void {
        $mock->shouldReceive('listPolicies')->never();
        $mock->shouldReceive('getPolicy')->never();
        $mock->shouldReceive('getOrganization')->never();
        $mock->shouldReceive('applyPolicy')->never();
        $mock->shouldReceive('getServicePrincipalPermissions')->never();
        $mock->shouldReceive('request')->never();
    });

    [$user, $tenant] = createUserWithTenant(role: 'owner');
    $this->actingAs($user);

    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    Livewire::test(ListEntraGroups::class)
        ->callAction('sync_groups');

    $run = EntraGroupSyncRun::query()
        ->where('tenant_id', $tenant->getKey())
        ->latest('id')
        ->first();

    expect($run)->not->toBeNull();
    expect($run?->status)->toBe(EntraGroupSyncRun::STATUS_PENDING);
    expect($run?->selection_key)->toBe('groups-v1:all');

    $opRun = OperationRun::query()
        ->where('tenant_id', $tenant->getKey())
        ->where('type', 'directory_groups.sync')
        ->latest('id')
        ->first();

    expect($opRun)->not->toBeNull();
    expect($opRun?->status)->toBe('queued');

    Queue::assertPushed(EntraGroupSyncJob::class, function (EntraGroupSyncJob $job) use ($tenant, $run, $opRun): bool {
        return $job->tenantId === (int) $tenant->getKey()
            && $job->runId === (int) $run?->getKey()
            && $job->operationRun instanceof OperationRun
            && (int) $job->operationRun->getKey() === (int) $opRun?->getKey();
    });
});

it('disables group sync start action for readonly users', function () {
    Queue::fake();

    [$user, $tenant] = createUserWithTenant(role: 'readonly');
    $this->actingAs($user);

    $tenant->makeCurrent();
    Filament::setTenant($tenant, true);

    Livewire::test(ListEntraGroups::class)
        ->assertActionVisible('sync_groups')
        ->assertActionDisabled('sync_groups');

    Queue::assertNothingPushed();
});