TenantAtlas

ahmido/TenantAtlas

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ahmed Darrazi	6b381e9517	feat: spec 105 — Entra Admin Roles scan, reports, findings, widget + summary UX improvement - Entra admin roles scan job (ScanEntraAdminRolesJob) - Report service with fingerprint deduplication - Finding generator with high-privilege role catalog - Admin roles summary widget on tenant view page - Alert integration for entra.admin_roles findings - Graph contracts for roleDefinitions + roleAssignments - Entra permissions registry (config/entra_permissions.php) - StoredReport fingerprint migration - OperationCatalog label + duration for entra.admin_roles.scan - SummaryCountsNormalizer: filter zeros, humanize keys globally - 11 new test files (71+ tests, 286+ assertions) - Spec + tasks + checklist updates	2026-02-22 03:35:46 +01:00
ahmido	55166cf9b8	Spec 083: Required permissions hardening (canonical /admin/tenants, DB-only, 404 semantics) (#101 ) Implements Spec 083 (Canonical Required Permissions manage surface hardening + issues-first UX). Highlights: - Enforces canonical route: /admin/tenants/{tenant}/required-permissions - Legacy tenant-plane URL /admin/t/{tenant}/required-permissions stays non-existent (404) - Deny-as-not-found (404) for non-workspace members and non-tenant-entitled users - Strict tenant resolution (no cross-plane fallback) - DB-only render (no external provider calls on page load) - Issues-first layout + canonical next-step links (re-run verification -> /admin/onboarding) - Freshness/stale detection (missing or >30 days -> warning) Tests (Sail): - vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions - vendor/bin/sail artisan test --compact tests/Unit/TenantRequiredPermissionsFreshnessTest.php tests/Unit/TenantRequiredPermissionsOverallStatusTest.php Notes: - Filament v5 / Livewire v4 compliant. - No destructive actions added in this spec; link-only CTAs. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #101	2026-02-08 23:13:25 +00:00

Author

SHA1

Message

Date

Ahmed Darrazi

6b381e9517

feat: spec 105 — Entra Admin Roles scan, reports, findings, widget + summary UX improvement

- Entra admin roles scan job (ScanEntraAdminRolesJob)
- Report service with fingerprint deduplication
- Finding generator with high-privilege role catalog
- Admin roles summary widget on tenant view page
- Alert integration for entra.admin_roles findings
- Graph contracts for roleDefinitions + roleAssignments
- Entra permissions registry (config/entra_permissions.php)
- StoredReport fingerprint migration
- OperationCatalog label + duration for entra.admin_roles.scan
- SummaryCountsNormalizer: filter zeros, humanize keys globally
- 11 new test files (71+ tests, 286+ assertions)
- Spec + tasks + checklist updates

2026-02-22 03:35:46 +01:00

ahmido

55166cf9b8

Spec 083: Required permissions hardening (canonical /admin/tenants, DB-only, 404 semantics) (#101 )

Implements Spec 083 (Canonical Required Permissions manage surface hardening + issues-first UX).

Highlights:
- Enforces canonical route: /admin/tenants/{tenant}/required-permissions
- Legacy tenant-plane URL /admin/t/{tenant}/required-permissions stays non-existent (404)
- Deny-as-not-found (404) for non-workspace members and non-tenant-entitled users
- Strict tenant resolution (no cross-plane fallback)
- DB-only render (no external provider calls on page load)
- Issues-first layout + canonical next-step links (re-run verification -> /admin/onboarding)
- Freshness/stale detection (missing or >30 days -> warning)

Tests (Sail):
- vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions
- vendor/bin/sail artisan test --compact tests/Unit/TenantRequiredPermissionsFreshnessTest.php tests/Unit/TenantRequiredPermissionsOverallStatusTest.php

Notes:
- Filament v5 / Livewire v4 compliant.
- No destructive actions added in this spec; link-only CTAs.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #101

2026-02-08 23:13:25 +00:00

2 Commits