ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
174 Commits 118 Branches 0 Tags 8 MiB
add45df609
Commit Graph

4 Commits

Author SHA1 Message Date
Ahmed Darrazi
add45df609 feat(113): UX polish — Filament-native section components, system panel theme, live scope selector 
- Rewrote runbooks.blade.php and view-run.blade.php using <x-filament::section>
  instead of raw Tailwind div cards (cards now render correctly)
- Created resources/css/filament/system/theme.css and registered viteTheme()
  on SystemPanelProvider — fixes missing Tailwind utilities in system panel
- Added ->live() to scope Radio field so Single tenant selector appears immediately
- Extended spec.md with US4 (UX Polish), FR-010–FR-014
- Extended tasks.md with Phase 7 (T050–T057)
 2026-02-27 02:10:03 +01:00
Ahmed Darrazi
b776623300 feat(spec113): ops runbooks US1–US3 + hide admin maintenance 2026-02-26 03:42:34 +01:00
ahmido
38d9826f5e feat: workspace context enforcement + ownership safeguards (#86) 
Implements workspace-first enforcement and UX:
- Workspace selected before tenant flows; /admin routes into choose-workspace/choose-tenant
- Tenant lists and default tenant selection are scoped to current workspace
- Workspaces UI is tenantless at /admin/workspaces

Security hardening:
- Workspaces can never have 0 owners (blocks last-owner removal/demotion)
- Blocked attempts are audited with action_id=workspace_membership.last_owner_blocked + required metadata
- Optional break-glass recovery page to re-assign workspace owner (audited)

Tests:
- Added/updated Pest feature tests covering redirects, scoping, tenantless workspaces, last-owner guards, and break-glass recovery.

Notes:
- Filament v5 strict Page property signatures respected in RepairWorkspaceOwners.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #86
 2026-02-02 23:00:56 +00:00
ahmido
210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
 2026-01-27 21:49:18 +00:00