TenantAtlas

ahmido/TenantAtlas

Fork 0

Commit Graph

Author	SHA1	Message	Date
ahmido	55166cf9b8	Spec 083: Required permissions hardening (canonical /admin/tenants, DB-only, 404 semantics) (#101 ) Implements Spec 083 (Canonical Required Permissions manage surface hardening + issues-first UX). Highlights: - Enforces canonical route: /admin/tenants/{tenant}/required-permissions - Legacy tenant-plane URL /admin/t/{tenant}/required-permissions stays non-existent (404) - Deny-as-not-found (404) for non-workspace members and non-tenant-entitled users - Strict tenant resolution (no cross-plane fallback) - DB-only render (no external provider calls on page load) - Issues-first layout + canonical next-step links (re-run verification -> /admin/onboarding) - Freshness/stale detection (missing or >30 days -> warning) Tests (Sail): - vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions - vendor/bin/sail artisan test --compact tests/Unit/TenantRequiredPermissionsFreshnessTest.php tests/Unit/TenantRequiredPermissionsOverallStatusTest.php Notes: - Filament v5 / Livewire v4 compliant. - No destructive actions added in this spec; link-only CTAs. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #101	2026-02-08 23:13:25 +00:00
ahmido	3f09fd50f6	feat(spec-080): workspace-managed tenant administration migration (#97 ) Implements Spec 080: split Filament into workspace-managed `/admin/` (manage) vs tenant operations `/admin/t/{tenant}/` (operate). Highlights: - Adds tenant operations panel (`tenant`) at `/admin/t` with tenancy by `Tenant.external_id` - Keeps management resources in workspace panel (`admin`) under `/admin/tenants/*` - Moves Provider Connections to workspace-managed routes: `/admin/tenants/{tenant}/provider-connections` - Adds discoverability CTA on tenant view (Actions → Provider connections) - Adds/updates Pest regression tests for routing boundaries, 404/403 RBAC-UX semantics, and global search isolation - Includes full Spec Kit artifacts under `specs/080-workspace-managed-tenant-admin/` Validation: - `vendor/bin/sail bin pint --dirty` - `vendor/bin/sail artisan test --compact tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php` Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #97	2026-02-07 19:45:13 +00:00
ahmido	05a604cfb6	Spec 076: Tenant Required Permissions (enterprise remediation UX) (#92 ) Implements Spec 076 enterprise remediation UX for tenant required permissions. Highlights - Above-the-fold overview (impact + counts) with missing-first experience - Feature-based grouping, filters/search, copy-to-clipboard for missing app/delegated permissions - Tenant-scoped deny-as-not-found semantics; DB-only viewing - Centralized badge semantics (no ad-hoc status mapping) Testing - Feature tests for default filters, grouping, copy output, and non-member 404 behavior. Integration - Adds deep links from verification checks to the Required permissions page. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #92	2026-02-05 22:08:51 +00:00

Author

SHA1

Message

Date

ahmido

55166cf9b8

Spec 083: Required permissions hardening (canonical /admin/tenants, DB-only, 404 semantics) (#101 )

Implements Spec 083 (Canonical Required Permissions manage surface hardening + issues-first UX).

Highlights:
- Enforces canonical route: /admin/tenants/{tenant}/required-permissions
- Legacy tenant-plane URL /admin/t/{tenant}/required-permissions stays non-existent (404)
- Deny-as-not-found (404) for non-workspace members and non-tenant-entitled users
- Strict tenant resolution (no cross-plane fallback)
- DB-only render (no external provider calls on page load)
- Issues-first layout + canonical next-step links (re-run verification -> /admin/onboarding)
- Freshness/stale detection (missing or >30 days -> warning)

Tests (Sail):
- vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions
- vendor/bin/sail artisan test --compact tests/Unit/TenantRequiredPermissionsFreshnessTest.php tests/Unit/TenantRequiredPermissionsOverallStatusTest.php

Notes:
- Filament v5 / Livewire v4 compliant.
- No destructive actions added in this spec; link-only CTAs.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #101

2026-02-08 23:13:25 +00:00

ahmido

3f09fd50f6

feat(spec-080): workspace-managed tenant administration migration (#97 )

Implements Spec 080: split Filament into workspace-managed `/admin/*` (manage) vs tenant operations `/admin/t/{tenant}/*` (operate).

Highlights:
- Adds tenant operations panel (`tenant`) at `/admin/t` with tenancy by `Tenant.external_id`
- Keeps management resources in workspace panel (`admin`) under `/admin/tenants/*`
- Moves Provider Connections to workspace-managed routes: `/admin/tenants/{tenant}/provider-connections`
- Adds discoverability CTA on tenant view (Actions → Provider connections)
- Adds/updates Pest regression tests for routing boundaries, 404/403 RBAC-UX semantics, and global search isolation
- Includes full Spec Kit artifacts under `specs/080-workspace-managed-tenant-admin/`

Validation:
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php`

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #97

2026-02-07 19:45:13 +00:00

ahmido

05a604cfb6

Spec 076: Tenant Required Permissions (enterprise remediation UX) (#92 )

Implements Spec 076 enterprise remediation UX for tenant required permissions.

Highlights
- Above-the-fold overview (impact + counts) with missing-first experience
- Feature-based grouping, filters/search, copy-to-clipboard for missing app/delegated permissions
- Tenant-scoped deny-as-not-found semantics; DB-only viewing
- Centralized badge semantics (no ad-hoc status mapping)

Testing
- Feature tests for default filters, grouping, copy output, and non-member 404 behavior.

Integration
- Adds deep links from verification checks to the Required permissions page.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #92

2026-02-05 22:08:51 +00:00

3 Commits