ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat: tenant-owned query canon and wrong-tenant guards #180

Merged
ahmido merged 1 commits from 150-tenant-owned-query-canon-and-wrong-tenant-guards into dev 2026-03-18 08:33:14 +00:00
Conversation 0 Commits 1 Files Changed 71 +3264 -196
ahmido commented 2026-03-18 08:30:37 +00:00
Owner
Copy Link

Summary

  • introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources
  • harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access
  • add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics

Included

  • Spec 150 package under specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/
  • shared support classes: TenantOwnedModelFamilies, TenantOwnedQueryScope, TenantOwnedRecordResolver
  • shared Filament concern: InteractsWithTenantOwnedRecords
  • resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups
  • additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails

Validation

  • vendor/bin/sail artisan test --compact passed
  • full suite result: 2733 passed, 8 skipped
  • formatting applied with vendor/bin/sail bin pint --dirty --format agent

Notes

  • Livewire v4.0+ compliant via existing Filament v5 stack
  • provider registration remains in bootstrap/providers.php
  • globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled
  • destructive actions continue to use confirmation and policy authorization
  • no new Filament assets added; existing deployment flow remains unchanged, including php artisan filament:assets when registered assets are used
## Summary - introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources - harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access - add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics ## Included - Spec 150 package under `specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/` - shared support classes: `TenantOwnedModelFamilies`, `TenantOwnedQueryScope`, `TenantOwnedRecordResolver` - shared Filament concern: `InteractsWithTenantOwnedRecords` - resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups - additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails ## Validation - `vendor/bin/sail artisan test --compact` passed - full suite result: `2733 passed, 8 skipped` - formatting applied with `vendor/bin/sail bin pint --dirty --format agent` ## Notes - Livewire v4.0+ compliant via existing Filament v5 stack - provider registration remains in `bootstrap/providers.php` - globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled - destructive actions continue to use confirmation and policy authorization - no new Filament assets added; existing deployment flow remains unchanged, including `php artisan filament:assets` when registered assets are used
ahmido added 1 commit 2026-03-18 08:30:38 +00:00
ahmido merged commit 1f3619bd16 into dev 2026-03-18 08:33:14 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#180
No description provided.
Delete Branch "150-tenant-owned-query-canon-and-wrong-tenant-guards"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?