TenantAtlas

ahmido/TenantAtlas

Fork 0

Commit Graph

Author	SHA1	Message	Date
ahmido	b6343d5c3a	feat: unified managed tenant onboarding wizard (#88 ) Implements workspace-scoped managed tenant onboarding wizard (Filament v5 / Livewire v4) with strict RBAC (404/403 semantics), resumable sessions, provider connection selection/creation, verification OperationRun, and optional bootstrap. Removes legacy onboarding entrypoints and adds Pest coverage + spec artifacts (073). ## Summary <!-- Kurz: Was ändert sich und warum? --> ## Spec-Driven Development (SDD) - [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/` - [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md` - [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation) - [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert ## Implementation - [ ] Implementierung entspricht der Spec - [ ] Edge cases / Fehlerfälle berücksichtigt - [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes ## Tests - [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit) - [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`) ## Migration / Config / Ops (falls relevant) - [ ] Migration(en) enthalten und getestet - [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration) - [ ] Neue Env Vars dokumentiert (`.env.example` / Doku) - [ ] Queue/cron/storage Auswirkungen geprüft ## UI (Filament/Livewire) (falls relevant) - [ ] UI-Flows geprüft - [ ] Screenshots/Notizen hinzugefügt ## Notes <!-- Links, Screenshots, Follow-ups, offene Punkte --> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box> Reviewed-on: #88	2026-02-03 17:30:15 +00:00
ahmido	d1a9989037	feat/066-rbac-ui-enforcement-helper-v2 (#83 ) Implementiert Feature 066: “RBAC UI Enforcement Helper v2” inkl. Migration der betroffenen Filament-Surfaces + Regression-Tests. Was ist drin Neuer Helper: UiEnforcement.php: mixed visibility (preserveVisibility, andVisibleWhen, andHiddenWhen), tenant resolver (tenantFromFilament, tenantFromRecord, tenantFrom(callable)), bulk preflight (preflightByCapability, preflightByTenantMembership, preflightSelection) + server-side authorizeOrAbort() / authorizeBulkSelectionOrAbort(). UiTooltips.php: standard Tooltip “Insufficient permission — ask a tenant Owner.” Filament migrations (weg von Gate::… / abort_* hin zu UiEnforcement): Backup/Restore (mixed visibility) TenantResource (record-scoped tenant actions + bulk preflight) Inventory/Entra/ProviderConnections (Tier-2 surfaces) Guardrails: NoAdHocFilamentAuthPatternsTest.php als CI-failing allowlist guard für app/Filament/**. Verhalten / Contract Non-member: deny-as-not-found (404) auf tenant routes; Actions hidden. Member ohne Capability: Action visible but disabled + standard tooltip; keine Ausführung. Member mit Capability: Action enabled; destructive/high-impact Actions bleiben confirmation-gated (->requiresConfirmation()). Server-side Enforcement bleibt vorhanden: Mutations/Operations rufen authorizeOrAbort() / authorizeBulkSelectionOrAbort(). Tests Neue/erweiterte Feature-Tests für RBAC UX inkl. Http::preventStrayRequests() (DB-only render): BackupSetUiEnforcementTest.php RestoreRunUiEnforcementTest.php ProviderConnectionsUiEnforcementTest.php diverse bestehende Filament Tests erweitert (Inventory/Entra/Tenant actions/bulk) Unit-Tests: UiEnforcementTest.php UiEnforcementBulkPreflightQueryCountTest.php Verification vendor/bin/sail bin pint --dirty ✅ vendor/bin/sail artisan test --compact tests/Unit/Auth tests/Feature/Filament tests/Feature/Guards tests/Feature/Rbac ✅ (185 passed, 5 skipped) Notes für Reviewer Filament v5 / Livewire v4 compliant. Destructive actions: weiterhin ->requiresConfirmation() + server-side auth. Bulk: authorization preflight ist set-based (Query-count test vorhanden). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #83	2026-01-30 17:28:47 +00:00
ahmido	1340c47f54	feat/041-inventory-ui (#44 ) Summary Implements Spec 041 – Inventory UI (Filament v4): adds Inventory navigation, landing page, and resources for Inventory Items and Inventory Sync Runs, plus a Coverage page that reflects supported policy types and capabilities from config. This PR is UI-focused and builds on Inventory Core (040). What’s included • Navigation / IA • New Inventory section with: Landing, Coverage, Inventory Items, Inventory Sync Runs • Landing page with quick links to the three Inventory views • Coverage page • Table view generated from config-derived capabilities (Type, Label, Category, Restore, Risk) • Resources • InventoryItemResource list + view (tenant-scoped) • InventorySyncRunResource list + view (tenant-scoped) • Filament v4 fixes • Updated page signatures ($navigationGroup, $navigationIcon, $view) • Updated table actions to use Filament\Actions\ViewAction Tests Inventory UI tests added/updated and passing: • InventoryItemResourceTest.php • InventorySyncRunResourceTest.php • InventoryPagesTest.php Non-goals • No dependency graph UI (Spec 042) • No cross-tenant portfolio/compare/promotion (Spec 043) • No drift dashboards (Spec 044) • No changes to restore/backup behavior Review focus • Navigation structure and naming (Inventory Landing vs direct resources) • Tenant isolation in resources/pages (no cross-tenant leakage) • Coverage page accuracy vs config/tenantpilot.php capabilities • Filament v4 action usage (ViewAction) Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #44	2026-01-07 17:10:57 +00:00

Author

SHA1

Message

Date

ahmido

b6343d5c3a

feat: unified managed tenant onboarding wizard (#88 )

Implements workspace-scoped managed tenant onboarding wizard (Filament v5 / Livewire v4) with strict RBAC (404/403 semantics), resumable sessions, provider connection selection/creation, verification OperationRun, and optional bootstrap. Removes legacy onboarding entrypoints and adds Pest coverage + spec artifacts (073).

## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box>
Reviewed-on: #88

2026-02-03 17:30:15 +00:00

ahmido

d1a9989037

feat/066-rbac-ui-enforcement-helper-v2 (#83 )

Implementiert Feature 066: “RBAC UI Enforcement Helper v2” inkl. Migration der betroffenen Filament-Surfaces + Regression-Tests.

Was ist drin

Neuer Helper:
UiEnforcement.php: mixed visibility (preserveVisibility, andVisibleWhen, andHiddenWhen), tenant resolver (tenantFromFilament, tenantFromRecord, tenantFrom(callable)), bulk preflight (preflightByCapability, preflightByTenantMembership, preflightSelection) + server-side authorizeOrAbort() / authorizeBulkSelectionOrAbort().
UiTooltips.php: standard Tooltip “Insufficient permission — ask a tenant Owner.”
Filament migrations (weg von Gate::… / abort_* hin zu UiEnforcement):
Backup/Restore (mixed visibility)
TenantResource (record-scoped tenant actions + bulk preflight)
Inventory/Entra/ProviderConnections (Tier-2 surfaces)
Guardrails:
NoAdHocFilamentAuthPatternsTest.php als CI-failing allowlist guard für app/Filament/**.
Verhalten / Contract

Non-member: deny-as-not-found (404) auf tenant routes; Actions hidden.
Member ohne Capability: Action visible but disabled + standard tooltip; keine Ausführung.
Member mit Capability: Action enabled; destructive/high-impact Actions bleiben confirmation-gated (->requiresConfirmation()).
Server-side Enforcement bleibt vorhanden: Mutations/Operations rufen authorizeOrAbort() / authorizeBulkSelectionOrAbort().
Tests

Neue/erweiterte Feature-Tests für RBAC UX inkl. Http::preventStrayRequests() (DB-only render):
BackupSetUiEnforcementTest.php
RestoreRunUiEnforcementTest.php
ProviderConnectionsUiEnforcementTest.php
diverse bestehende Filament Tests erweitert (Inventory/Entra/Tenant actions/bulk)
Unit-Tests:
UiEnforcementTest.php
UiEnforcementBulkPreflightQueryCountTest.php
Verification

vendor/bin/sail bin pint --dirty ✅
vendor/bin/sail artisan test --compact tests/Unit/Auth tests/Feature/Filament tests/Feature/Guards tests/Feature/Rbac ✅ (185 passed, 5 skipped)
Notes für Reviewer

Filament v5 / Livewire v4 compliant.
Destructive actions: weiterhin ->requiresConfirmation() + server-side auth.
Bulk: authorization preflight ist set-based (Query-count test vorhanden).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #83

2026-01-30 17:28:47 +00:00

ahmido

1340c47f54

feat/041-inventory-ui (#44 )

Summary

Implements Spec 041 – Inventory UI (Filament v4): adds Inventory navigation, landing page, and resources for Inventory Items and Inventory Sync Runs, plus a Coverage page that reflects supported policy types and capabilities from config.

This PR is UI-focused and builds on Inventory Core (040).

What’s included
	•	Navigation / IA
	•	New Inventory section with: Landing, Coverage, Inventory Items, Inventory Sync Runs
	•	Landing page with quick links to the three Inventory views
	•	Coverage page
	•	Table view generated from config-derived capabilities (Type, Label, Category, Restore, Risk)
	•	Resources
	•	InventoryItemResource list + view (tenant-scoped)
	•	InventorySyncRunResource list + view (tenant-scoped)
	•	Filament v4 fixes
	•	Updated page signatures ($navigationGroup, $navigationIcon, $view)
	•	Updated table actions to use Filament\Actions\ViewAction

Tests

Inventory UI tests added/updated and passing:
	•	InventoryItemResourceTest.php
	•	InventorySyncRunResourceTest.php
	•	InventoryPagesTest.php

Non-goals
	•	No dependency graph UI (Spec 042)
	•	No cross-tenant portfolio/compare/promotion (Spec 043)
	•	No drift dashboards (Spec 044)
	•	No changes to restore/backup behavior

Review focus
	•	Navigation structure and naming (Inventory Landing vs direct resources)
	•	Tenant isolation in resources/pages (no cross-tenant leakage)
	•	Coverage page accuracy vs config/tenantpilot.php capabilities
	•	Filament v4 action usage (ViewAction)

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #44

2026-01-07 17:10:57 +00:00

3 Commits