TenantAtlas

ahmido/TenantAtlas

Fork 0

Commit Graph

Author	SHA1	Message	Date
ahmido	fb1046c97a	Spec 077: Workspace Global Mode + context bar redundancy cleanup (#94 ) Implements Spec 077 refinements: workspace Global Mode and navigation/context-bar redundancy cleanup. Summary - Global Mode: `/admin/workspaces` is workspace-optional (lists only member workspaces); explicit allowlist in `EnsureWorkspaceSelected`. - Navigation cleanup: workspace switching is topbar-only; no sidebar “Switch workspace”; removes redundant “Manage workspaces” entry from context-bar. - Context bar: when no workspace selected, tenant picker is disabled with guidance; on tenant-scoped routes `/admin/t/{tenant}/…` the tenant indicator is read-only (Filament tenant menu remains primary). - Authorization: workspace creation is policy-driven (`WorkspacePolicy::create()`), enforced in `ChooseWorkspace` via Gate. Safety / Compliance - Livewire v4.0+ compliant (Filament v5). - Panel provider registration remains in `bootstrap/providers.php` (no changes required). - Global search: no new globally searchable resources added; no behavior changes introduced. - Destructive actions: none added/changed. - Assets: no new assets registered; deploy process unchanged (if assets are registered elsewhere, ensure `php artisan filament:assets` runs in deploy as usual). Tests - `vendor/bin/sail bin pint --dirty` - `vendor/bin/sail artisan test --compact tests/Feature/Workspaces tests/Feature/Monitoring tests/Feature/OpsUx tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php` Spec artifacts - `specs/077-workspace-nav-monitoring-hub/{spec,plan,tasks}.md` - `specs/077-workspace-nav-monitoring-hub/contracts/routes.md` Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #94	2026-02-06 22:14:53 +00:00
ahmido	3490fb9e2c	feat: RBAC troubleshooting & tenant UI bugfix pack (spec 067) (#84 ) Summary Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics: Non-member tenant scope ⇒ 404 (deny-as-not-found) Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips What changed Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members). Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown. Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log). Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX. Implementation notes Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element. Provider registration: Laravel 11+ providers stay in providers.php (no changes required). Global search: No global search behavior/resources changed in this PR. Destructive actions: Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation(). Server-side authorization is enforced (non-members 404, insufficient capability 403). Assets: No new assets. No change to php artisan filament:assets expectations. Tests Ran: vendor/bin/sail bin pint --dirty vendor/bin/sail artisan test --compact (focused files for Spec 067) Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #84	2026-01-31 20:09:25 +00:00

Author

SHA1

Message

Date

ahmido

fb1046c97a

Spec 077: Workspace Global Mode + context bar redundancy cleanup (#94 )

Implements Spec 077 refinements: workspace Global Mode and navigation/context-bar redundancy cleanup.

Summary
- Global Mode: `/admin/workspaces` is workspace-optional (lists only member workspaces); explicit allowlist in `EnsureWorkspaceSelected`.
- Navigation cleanup: workspace switching is topbar-only; no sidebar “Switch workspace”; removes redundant “Manage workspaces” entry from context-bar.
- Context bar: when no workspace selected, tenant picker is disabled with guidance; on tenant-scoped routes `/admin/t/{tenant}/…` the tenant indicator is read-only (Filament tenant menu remains primary).
- Authorization: workspace creation is policy-driven (`WorkspacePolicy::create()`), enforced in `ChooseWorkspace` via Gate.

Safety / Compliance
- Livewire v4.0+ compliant (Filament v5).
- Panel provider registration remains in `bootstrap/providers.php` (no changes required).
- Global search: no new globally searchable resources added; no behavior changes introduced.
- Destructive actions: none added/changed.
- Assets: no new assets registered; deploy process unchanged (if assets are registered elsewhere, ensure `php artisan filament:assets` runs in deploy as usual).

Tests
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Workspaces tests/Feature/Monitoring tests/Feature/OpsUx tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php`

Spec artifacts
- `specs/077-workspace-nav-monitoring-hub/{spec,plan,tasks}.md`
- `specs/077-workspace-nav-monitoring-hub/contracts/routes.md`

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #94

2026-02-06 22:14:53 +00:00

ahmido

3490fb9e2c

feat: RBAC troubleshooting & tenant UI bugfix pack (spec 067) (#84 )

Summary
Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics:

Non-member tenant scope ⇒ 404 (deny-as-not-found)
Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips
What changed
Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members).
Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown.
Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log).
Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX.
Implementation notes
Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element.
Provider registration: Laravel 11+ providers stay in providers.php (no changes required).
Global search: No global search behavior/resources changed in this PR.
Destructive actions:
Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation().
Server-side authorization is enforced (non-members 404, insufficient capability 403).
Assets: No new assets. No change to php artisan filament:assets expectations.
Tests
Ran:

vendor/bin/sail bin pint --dirty
vendor/bin/sail artisan test --compact (focused files for Spec 067)

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #84

2026-01-31 20:09:25 +00:00

2 Commits