feat: RBAC troubleshooting & tenant UI bugfix pack (spec 067) #84

ahmido · 2026-01-31T20:09:16Z

ahmido commented

2026-01-31 20:09:16 +00:00

Summary
Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics:

Non-member tenant scope ⇒ 404 (deny-as-not-found)
Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips
What changed
Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members).
Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown.
Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log).
Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX.
Implementation notes
Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element.
Provider registration: Laravel 11+ providers stay in providers.php (no changes required).
Global search: No global search behavior/resources changed in this PR.
Destructive actions:
Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation().
Server-side authorization is enforced (non-members 404, insufficient capability 403).
Assets: No new assets. No change to php artisan filament:assets expectations.
Tests
Ran:

vendor/bin/sail bin pint --dirty
vendor/bin/sail artisan test --compact (focused files for Spec 067)

Summary Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics: Non-member tenant scope ⇒ 404 (deny-as-not-found) Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips What changed Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members). Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown. Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log). Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX. Implementation notes Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element. Provider registration: Laravel 11+ providers stay in providers.php (no changes required). Global search: No global search behavior/resources changed in this PR. Destructive actions: Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation(). Server-side authorization is enforced (non-members 404, insufficient capability 403). Assets: No new assets. No change to php artisan filament:assets expectations. Tests Ran: vendor/bin/sail bin pint --dirty vendor/bin/sail artisan test --compact (focused files for Spec 067)

ahmido added 1 commit 2026-01-31 20:09:17 +00:00

feat: RBAC troubleshooting & tenant UI bugfix pack (spec 067) 51f0e61be3

ahmido merged commit 3490fb9e2c into dev

2026-01-31 20:09:26 +00:00

ahmido referenced this issue from a commit

2026-01-31 20:09:27 +00:00

feat: RBAC troubleshooting & tenant UI bugfix pack (spec 067) (#84)

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#84