|
|
1f3619bd16
|
feat: tenant-owned query canon and wrong-tenant guards (#180)
## Summary
- introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources
- harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access
- add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics
## Included
- Spec 150 package under `specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/`
- shared support classes: `TenantOwnedModelFamilies`, `TenantOwnedQueryScope`, `TenantOwnedRecordResolver`
- shared Filament concern: `InteractsWithTenantOwnedRecords`
- resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups
- additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails
## Validation
- `vendor/bin/sail artisan test --compact` passed
- full suite result: `2733 passed, 8 skipped`
- formatting applied with `vendor/bin/sail bin pint --dirty --format agent`
## Notes
- Livewire v4.0+ compliant via existing Filament v5 stack
- provider registration remains in `bootstrap/providers.php`
- globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled
- destructive actions continue to use confirmation and policy authorization
- no new Filament assets added; existing deployment flow remains unchanged, including `php artisan filament:assets` when registered assets are used
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #180
|
2026-03-18 08:33:13 +00:00 |
|
|
|
1340c47f54
|
feat/041-inventory-ui (#44)
Summary
Implements Spec 041 – Inventory UI (Filament v4): adds Inventory navigation, landing page, and resources for Inventory Items and Inventory Sync Runs, plus a Coverage page that reflects supported policy types and capabilities from config.
This PR is UI-focused and builds on Inventory Core (040).
What’s included
• Navigation / IA
• New Inventory section with: Landing, Coverage, Inventory Items, Inventory Sync Runs
• Landing page with quick links to the three Inventory views
• Coverage page
• Table view generated from config-derived capabilities (Type, Label, Category, Restore, Risk)
• Resources
• InventoryItemResource list + view (tenant-scoped)
• InventorySyncRunResource list + view (tenant-scoped)
• Filament v4 fixes
• Updated page signatures ($navigationGroup, $navigationIcon, $view)
• Updated table actions to use Filament\Actions\ViewAction
Tests
Inventory UI tests added/updated and passing:
• InventoryItemResourceTest.php
• InventorySyncRunResourceTest.php
• InventoryPagesTest.php
Non-goals
• No dependency graph UI (Spec 042)
• No cross-tenant portfolio/compare/promotion (Spec 043)
• No drift dashboards (Spec 044)
• No changes to restore/backup behavior
Review focus
• Navigation structure and naming (Inventory Landing vs direct resources)
• Tenant isolation in resources/pages (no cross-tenant leakage)
• Coverage page accuracy vs config/tenantpilot.php capabilities
• Filament v4 action usage (ViewAction)
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #44
|
2026-01-07 17:10:57 +00:00 |
|
