ahmido
fb32e9bfa5
Some checks failed
Main Confidence / confidence (push) Failing after 49s
## Summary - implement the canonical operation type source-of-truth slice across operation writers, monitoring surfaces, onboarding flows, and supporting services - add focused contract and regression coverage for canonical operation type handling - include the generated spec 239 artifacts for the feature slice ## Validation - browser smoke PASS for `/admin` -> workspace overview -> operations -> operation detail -> tenant-scoped operations drilldown - spec/plan/tasks/quickstart artifact analysis cleaned up to a no-findings state - automated test suite not run in this session Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #276
60 lines
2.3 KiB
PHP
60 lines
2.3 KiB
PHP
<?php
|
|
|
|
namespace App\Support\Operations;
|
|
|
|
use App\Models\OperationRun;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\OperationCatalog;
|
|
|
|
final class OperationRunCapabilityResolver
|
|
{
|
|
public function requiredCapabilityForRun(OperationRun $run): ?string
|
|
{
|
|
return $this->requiredCapabilityForType((string) $run->type);
|
|
}
|
|
|
|
public function requiredCapabilityForType(string $operationType): ?string
|
|
{
|
|
$operationType = OperationCatalog::canonicalCode($operationType);
|
|
|
|
if ($operationType === '') {
|
|
return null;
|
|
}
|
|
|
|
return match ($operationType) {
|
|
'inventory.sync' => Capabilities::TENANT_INVENTORY_SYNC_RUN,
|
|
'directory.groups.sync' => Capabilities::TENANT_SYNC,
|
|
'backup.schedule.execute', 'backup.schedule.retention', 'backup.schedule.purge' => Capabilities::TENANT_BACKUP_SCHEDULES_RUN,
|
|
'restore.execute' => Capabilities::TENANT_MANAGE,
|
|
'directory.role_definitions.sync' => Capabilities::TENANT_MANAGE,
|
|
'alerts.evaluate', 'alerts.deliver' => Capabilities::ALERTS_VIEW,
|
|
'tenant.review.compose' => Capabilities::TENANT_REVIEW_VIEW,
|
|
|
|
// Viewing verification reports should be possible for readonly members.
|
|
// Starting verification is separately guarded by the verification service.
|
|
'provider.connection.check' => Capabilities::PROVIDER_VIEW,
|
|
|
|
// Keep legacy / unknown types viewable by membership+entitlement only.
|
|
default => null,
|
|
};
|
|
}
|
|
|
|
public function requiredExecutionCapabilityForType(string $operationType): ?string
|
|
{
|
|
$operationType = OperationCatalog::canonicalCode($operationType);
|
|
|
|
if ($operationType === '') {
|
|
return null;
|
|
}
|
|
|
|
return match ($operationType) {
|
|
'provider.connection.check', 'inventory.sync', 'compliance.snapshot' => Capabilities::PROVIDER_RUN,
|
|
'policy.sync', 'tenant.sync' => Capabilities::TENANT_SYNC,
|
|
'policy.delete' => Capabilities::TENANT_MANAGE,
|
|
'assignments.restore', 'restore.execute' => Capabilities::TENANT_MANAGE,
|
|
'tenant.review.compose' => Capabilities::TENANT_REVIEW_MANAGE,
|
|
default => $this->requiredCapabilityForType($operationType),
|
|
};
|
|
}
|
|
}
|