TenantAtlas

ahmido/TenantAtlas

Fork 0

Commit Graph

Author	SHA1	Message	Date
ahmido	a989ef1a23	feat: workspace context enforcement (specs 070–072) (#85 ) Implements specs 070–072 (workspace foundation, workspace-scoped tenant selection, managed-tenants workspace enforcement). Highlights - Adds Workspace + WorkspaceMembership models/migrations + middleware to persist/enforce current workspace context. - Scopes tenant selection to the current workspace. - Makes legacy `/admin/managed-tenants*` routes redirect into workspace-scoped URLs. - Enforces tenant routes under `/admin/t/{tenant}` to 404 when workspace context is missing or mismatched. - Fixes Filament page Blade wrappers so header actions render on choose-workspace / choose-tenant / no-access pages. Verification - Pint: `vendor/bin/sail bin pint --dirty` - Tests: `vendor/bin/sail artisan test --compact tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php tests/Feature/Workspaces tests/Feature/Filament/ChooseTenantIsWorkspaceScopedTest.php tests/Feature/Filament/ChooseTenantRequiresWorkspaceTest.php tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php tests/Feature/ManagedTenants tests/Feature/AdminNewRedirectTest.php` Notes - Filament v5 / Livewire v4 compatible. - Panel provider registration stays in `bootstrap/providers.php` (Laravel 11+ rule). - No new heavy frontend assets added. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #85	2026-02-02 10:07:41 +00:00
ahmido	210cf5ce8b	feat: implement auth structure system panel (#77 ) Implements 064-auth-structure (Auth Structure v1.0): Adds platform_users + PlatformUser identity (factory + seeder) for platform operators Introduces platform auth guard/provider in auth.php Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard) Enforces strict cross-scope isolation between /admin and system (deny-as-404) Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions Updates tenant membership pivot usage where needed (tenant_memberships) Testing: vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed) vendor/bin/sail bin pint --dirty Notes: Filament v5 / Livewire v4 compatible. Panel providers registered in providers.php. Destructive actions use ->action(...) + ->requiresConfirmation() where applicable. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #77	2026-01-27 21:49:18 +00:00
Ahmed Darrazi	3401823d03	Initial commit from Specify template	2025-12-10 22:27:21 +01:00

Author

SHA1

Message

Date

ahmido

a989ef1a23

feat: workspace context enforcement (specs 070–072) (#85 )

Implements specs 070–072 (workspace foundation, workspace-scoped tenant selection, managed-tenants workspace enforcement).

Highlights
- Adds Workspace + WorkspaceMembership models/migrations + middleware to persist/enforce current workspace context.
- Scopes tenant selection to the current workspace.
- Makes legacy `/admin/managed-tenants*` routes redirect into workspace-scoped URLs.
- Enforces tenant routes under `/admin/t/{tenant}` to 404 when workspace context is missing or mismatched.
- Fixes Filament page Blade wrappers so header actions render on choose-workspace / choose-tenant / no-access pages.

Verification
- Pint: `vendor/bin/sail bin pint --dirty`
- Tests: `vendor/bin/sail artisan test --compact tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php tests/Feature/Workspaces tests/Feature/Filament/ChooseTenantIsWorkspaceScopedTest.php tests/Feature/Filament/ChooseTenantRequiresWorkspaceTest.php tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php tests/Feature/ManagedTenants tests/Feature/AdminNewRedirectTest.php`

Notes
- Filament v5 / Livewire v4 compatible.
- Panel provider registration stays in `bootstrap/providers.php` (Laravel 11+ rule).
- No new heavy frontend assets added.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #85

2026-02-02 10:07:41 +00:00

ahmido

210cf5ce8b

feat: implement auth structure system panel (#77 )

Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77

2026-01-27 21:49:18 +00:00

Ahmed Darrazi

3401823d03

Initial commit from Specify template

2025-12-10 22:27:21 +01:00

3 Commits