TenantAtlas

ahmido/TenantAtlas

Fork 0

Commit Graph

Author	SHA1	Message	Date
ahmido	d1a9989037	feat/066-rbac-ui-enforcement-helper-v2 (#83 ) Implementiert Feature 066: “RBAC UI Enforcement Helper v2” inkl. Migration der betroffenen Filament-Surfaces + Regression-Tests. Was ist drin Neuer Helper: UiEnforcement.php: mixed visibility (preserveVisibility, andVisibleWhen, andHiddenWhen), tenant resolver (tenantFromFilament, tenantFromRecord, tenantFrom(callable)), bulk preflight (preflightByCapability, preflightByTenantMembership, preflightSelection) + server-side authorizeOrAbort() / authorizeBulkSelectionOrAbort(). UiTooltips.php: standard Tooltip “Insufficient permission — ask a tenant Owner.” Filament migrations (weg von Gate::… / abort_* hin zu UiEnforcement): Backup/Restore (mixed visibility) TenantResource (record-scoped tenant actions + bulk preflight) Inventory/Entra/ProviderConnections (Tier-2 surfaces) Guardrails: NoAdHocFilamentAuthPatternsTest.php als CI-failing allowlist guard für app/Filament/**. Verhalten / Contract Non-member: deny-as-not-found (404) auf tenant routes; Actions hidden. Member ohne Capability: Action visible but disabled + standard tooltip; keine Ausführung. Member mit Capability: Action enabled; destructive/high-impact Actions bleiben confirmation-gated (->requiresConfirmation()). Server-side Enforcement bleibt vorhanden: Mutations/Operations rufen authorizeOrAbort() / authorizeBulkSelectionOrAbort(). Tests Neue/erweiterte Feature-Tests für RBAC UX inkl. Http::preventStrayRequests() (DB-only render): BackupSetUiEnforcementTest.php RestoreRunUiEnforcementTest.php ProviderConnectionsUiEnforcementTest.php diverse bestehende Filament Tests erweitert (Inventory/Entra/Tenant actions/bulk) Unit-Tests: UiEnforcementTest.php UiEnforcementBulkPreflightQueryCountTest.php Verification vendor/bin/sail bin pint --dirty ✅ vendor/bin/sail artisan test --compact tests/Unit/Auth tests/Feature/Filament tests/Feature/Guards tests/Feature/Rbac ✅ (185 passed, 5 skipped) Notes für Reviewer Filament v5 / Livewire v4 compliant. Destructive actions: weiterhin ->requiresConfirmation() + server-side auth. Bulk: authorization preflight ist set-based (Query-count test vorhanden). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #83	2026-01-30 17:28:47 +00:00
ahmido	1340c47f54	feat/041-inventory-ui (#44 ) Summary Implements Spec 041 – Inventory UI (Filament v4): adds Inventory navigation, landing page, and resources for Inventory Items and Inventory Sync Runs, plus a Coverage page that reflects supported policy types and capabilities from config. This PR is UI-focused and builds on Inventory Core (040). What’s included • Navigation / IA • New Inventory section with: Landing, Coverage, Inventory Items, Inventory Sync Runs • Landing page with quick links to the three Inventory views • Coverage page • Table view generated from config-derived capabilities (Type, Label, Category, Restore, Risk) • Resources • InventoryItemResource list + view (tenant-scoped) • InventorySyncRunResource list + view (tenant-scoped) • Filament v4 fixes • Updated page signatures ($navigationGroup, $navigationIcon, $view) • Updated table actions to use Filament\Actions\ViewAction Tests Inventory UI tests added/updated and passing: • InventoryItemResourceTest.php • InventorySyncRunResourceTest.php • InventoryPagesTest.php Non-goals • No dependency graph UI (Spec 042) • No cross-tenant portfolio/compare/promotion (Spec 043) • No drift dashboards (Spec 044) • No changes to restore/backup behavior Review focus • Navigation structure and naming (Inventory Landing vs direct resources) • Tenant isolation in resources/pages (no cross-tenant leakage) • Coverage page accuracy vs config/tenantpilot.php capabilities • Filament v4 action usage (ViewAction) Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #44	2026-01-07 17:10:57 +00:00

Author

SHA1

Message

Date

ahmido

d1a9989037

feat/066-rbac-ui-enforcement-helper-v2 (#83 )

Implementiert Feature 066: “RBAC UI Enforcement Helper v2” inkl. Migration der betroffenen Filament-Surfaces + Regression-Tests.

Was ist drin

Neuer Helper:
UiEnforcement.php: mixed visibility (preserveVisibility, andVisibleWhen, andHiddenWhen), tenant resolver (tenantFromFilament, tenantFromRecord, tenantFrom(callable)), bulk preflight (preflightByCapability, preflightByTenantMembership, preflightSelection) + server-side authorizeOrAbort() / authorizeBulkSelectionOrAbort().
UiTooltips.php: standard Tooltip “Insufficient permission — ask a tenant Owner.”
Filament migrations (weg von Gate::… / abort_* hin zu UiEnforcement):
Backup/Restore (mixed visibility)
TenantResource (record-scoped tenant actions + bulk preflight)
Inventory/Entra/ProviderConnections (Tier-2 surfaces)
Guardrails:
NoAdHocFilamentAuthPatternsTest.php als CI-failing allowlist guard für app/Filament/**.
Verhalten / Contract

Non-member: deny-as-not-found (404) auf tenant routes; Actions hidden.
Member ohne Capability: Action visible but disabled + standard tooltip; keine Ausführung.
Member mit Capability: Action enabled; destructive/high-impact Actions bleiben confirmation-gated (->requiresConfirmation()).
Server-side Enforcement bleibt vorhanden: Mutations/Operations rufen authorizeOrAbort() / authorizeBulkSelectionOrAbort().
Tests

Neue/erweiterte Feature-Tests für RBAC UX inkl. Http::preventStrayRequests() (DB-only render):
BackupSetUiEnforcementTest.php
RestoreRunUiEnforcementTest.php
ProviderConnectionsUiEnforcementTest.php
diverse bestehende Filament Tests erweitert (Inventory/Entra/Tenant actions/bulk)
Unit-Tests:
UiEnforcementTest.php
UiEnforcementBulkPreflightQueryCountTest.php
Verification

vendor/bin/sail bin pint --dirty ✅
vendor/bin/sail artisan test --compact tests/Unit/Auth tests/Feature/Filament tests/Feature/Guards tests/Feature/Rbac ✅ (185 passed, 5 skipped)
Notes für Reviewer

Filament v5 / Livewire v4 compliant.
Destructive actions: weiterhin ->requiresConfirmation() + server-side auth.
Bulk: authorization preflight ist set-based (Query-count test vorhanden).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #83

2026-01-30 17:28:47 +00:00

ahmido

1340c47f54

feat/041-inventory-ui (#44 )

Summary

Implements Spec 041 – Inventory UI (Filament v4): adds Inventory navigation, landing page, and resources for Inventory Items and Inventory Sync Runs, plus a Coverage page that reflects supported policy types and capabilities from config.

This PR is UI-focused and builds on Inventory Core (040).

What’s included
	•	Navigation / IA
	•	New Inventory section with: Landing, Coverage, Inventory Items, Inventory Sync Runs
	•	Landing page with quick links to the three Inventory views
	•	Coverage page
	•	Table view generated from config-derived capabilities (Type, Label, Category, Restore, Risk)
	•	Resources
	•	InventoryItemResource list + view (tenant-scoped)
	•	InventorySyncRunResource list + view (tenant-scoped)
	•	Filament v4 fixes
	•	Updated page signatures ($navigationGroup, $navigationIcon, $view)
	•	Updated table actions to use Filament\Actions\ViewAction

Tests

Inventory UI tests added/updated and passing:
	•	InventoryItemResourceTest.php
	•	InventorySyncRunResourceTest.php
	•	InventoryPagesTest.php

Non-goals
	•	No dependency graph UI (Spec 042)
	•	No cross-tenant portfolio/compare/promotion (Spec 043)
	•	No drift dashboards (Spec 044)
	•	No changes to restore/backup behavior

Review focus
	•	Navigation structure and naming (Inventory Landing vs direct resources)
	•	Tenant isolation in resources/pages (no cross-tenant leakage)
	•	Coverage page accuracy vs config/tenantpilot.php capabilities
	•	Filament v4 action usage (ViewAction)

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #44

2026-01-07 17:10:57 +00:00

2 Commits