TenantAtlas/tests/Unit/TenantPermissionServiceTest.php

<?php

use App\Models\Tenant;
use App\Models\TenantPermission;
use App\Services\Intune\TenantPermissionService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

uses(TestCase::class, RefreshDatabase::class);

function requiredPermissions(): array
{
    $service = app(TenantPermissionService::class);
    $required = $service->getRequiredPermissions();

    if (empty($required)) {
        test()->markTestSkipped('No required permissions configured.');
    }

    return $required;
}

it('returns ok when all permissions exist', function () {
    $tenant = Tenant::create([
        'tenant_id' => 'tenant-ok',
        'name' => 'Tenant OK',
    ]);

    foreach (requiredPermissions() as $permission) {
        TenantPermission::create([
            'tenant_id' => $tenant->id,
            'permission_key' => $permission['key'],
            'status' => 'ok',
        ]);
    }

    $result = app(TenantPermissionService::class)->compare($tenant);

    expect($result['overall_status'])->toBe('ok');
    expect(TenantPermission::where('tenant_id', $tenant->id)->where('status', 'ok')->count())
        ->toBe(count(requiredPermissions()));
});

it('marks missing permissions when not granted', function () {
    $tenant = Tenant::create([
        'tenant_id' => 'tenant-missing',
        'name' => 'Tenant Missing',
    ]);

    $permissions = requiredPermissions();
    $first = $permissions[0]['key'];
    TenantPermission::create([
        'tenant_id' => $tenant->id,
        'permission_key' => $first,
        'status' => 'ok',
    ]);

    $result = app(TenantPermissionService::class)->compare($tenant);

    expect($result['overall_status'])->toBe('missing');
    $missingKey = $permissions[1]['key'] ?? null;

    if ($missingKey) {
        $this->assertDatabaseHas('tenant_permissions', [
            'tenant_id' => $tenant->id,
            'permission_key' => $missingKey,
            'status' => 'missing',
        ]);
    }
});

it('reports error statuses from graph comparison', function () {
    $tenant = Tenant::create([
        'tenant_id' => 'tenant-error',
        'name' => 'Tenant Error',
    ]);

    $permissions = requiredPermissions();
    $first = $permissions[0]['key'];

    $result = app(TenantPermissionService::class)->compare($tenant, [
        $first => [
            'status' => 'error',
            'details' => ['message' => 'forbidden'],
        ],
    ]);

    expect($result['overall_status'])->toBe('error');

    $this->assertDatabaseHas('tenant_permissions', [
        'tenant_id' => $tenant->id,
        'permission_key' => $first,
        'status' => 'error',
    ]);
});